SharePoint is on fire across the country and across the globe. More and more organizations, especially in the Federal government and defense sector, are adopting or digging deeper into SharePoint implementations.

SharePoint has now made the vital jump to Microsoft Office interoperability and has been doing it for enough versions to have survived the "will it continue to be supported?" waiting period that many companies use as a measure of whether something is safe to adopt.

If you are not well versed in what SharePoint offers, it is worth your time to pay some attention, as it might well be in your future. The big draw is that SharePoint takes a big chunk of unstructured data off the file servers and puts it into structured SQL Server storage. A lot of really useful extra functionality comes with it, such as content-based search, user maintainable metadata, versioning and powerful collaboration functionality for things like creating project Web sites.

SharePoint is a glue technology that holds together database storage in SQL Server, Web provisioning for easy manipulation, and, as I mentioned before, easy integration with Microsoft Office. Support for lists and document versioning make it very easy to justify in project-based environments, where a portal for team coordination and document libraries for data consolidation make sense.

WSS supports blogs, which help subject matter experts share their insights without clogging inboxes, calendaring for coordinating events and milestones, wikis that help form the basis for documentation once a project is completed, surveys to gain consensus from the team without a time-wasting meeting, presence to facilitate ad hoc meetings, and issue tracking to keep the problems with any project in sight. This is the Swiss Army knife of collaboration solutions and provides some major building blocks for customization.

In recent years Microsoft has been pitching out a lot against the technology wall and watching to see if it sticks. Even small success has carved out quite a few spaces and competitive scenarios, but SharePoint has hit a sweet spot, it seems. There are competitors, but most of them are only point solutions that address a small part of what SharePoint provides.

The biggest threat to SharePoint expansion would be DotNetNuke, an open-source implementation of a significant fraction of SharePoint's Web deployment attributes. It really isn't much of a threat in the enterprise, though, precisely because it is open source and not supported by any major entity.

SharePoint is on its way to becoming the next killer application. It is all about collaboration and acceleration of information sharing.

Much of the above has been excerpted from an article by Patrick Hynds originally published on Systems Management News, July 15, 2008. 

Know your BITS and BYTES!

The amount of data being stored electronically has been growing exponentially. I had never heard of some of the new terms for the larger amounts over Gigabyte such as PB, EB, ZB or YB until recently. How many will you recognize?

Searching the Internet returns a long list of cheap budget host providers, all offering hosting plans with prices ranging from free to under ten dollars a month.

The two most noticeable features of these plans are the large amounts of storage space and data transfer included in each plan. Consequently, these three items, price, storage and data transfer, then become the criteria the novice buyer uses to evaluate the various hosting plans; and they usually select the plan that provides the most storage and data transfer for the least amount of money.

What the novice buyer fails to realize is that there is another list of criteria that have far more impact on the true value of these hosting plans. These criteria are kept hidden deep inside these companies "Terms of Service (TOS)" and/or "Abuse of Service (AOS)" policies that greatly restrict how the storage and data transfer may be used, and greatly diminishing the value of the services offered at the budget price.

So what might the first-time buyer find if they were to search for and read the TOS or AOS? The two biggest restrictions usually imposed on these budget plans are the amount of computer processor time your site can use and the number of connections that can be made to your web site at the same time.

The processor or CPU time is basically the amount of time applications running on your site use on the server. Most people have observed on their own personal computers that the more programs opened cause the computer to run more slowly with each open program. Each program is calling on a portion of the CPU's processing power, which is a finite resource. Consequently, too many programs running at the same time can slow down performance and even bring the computer (server) to a total halt.

The number of simultaneous connections (or the number of people viewing your web site at the same time) goes hand in hand with CPU usage. Each page viewed by a single user causes a number of connections to occur--each image viewed is a separate connection, if the page is linked to a database, then each piece of data or information pulled from the database and displayed on the page creates a new connection. Consequently, it does not take a site very long to exceed the connection limits imposed by budget hosting companies with only a few people viewing the site at the same time.

Let's think of the hosting server as a pie with the main ingredients being the CPU processing time, the amount of connections, the space for files on the server, and the bandwidth to view the pages on the Internet. Each web site that is hosted on the server is like a piece of the pie. So, say the pie is cut into 10 pieces, each piece would represent 10% of the server's resources (Hard Drive Storage, Memory, Bandwidth, etc.). With today's technology the pie can be divided into even smaller pieces and not have the performance noticeably effected even if all of the sites are being accessed at the same time. But budget hosting companies divide the pie into over 5,000 pieces. Consequently, if even 10% of the sites are accessed at the same time, service is degraded. And using the pie analogy, it is easy to see that no pie can be cut into 5,000 pieces and have any one piece be big enough for anyone--so what they are really doing is selling the same 8 or 10 pieces of the pie they have to 5,000 people over and over again, hoping that not more than 8 or 10 people will want a piece of the available pie at the same time. This practice is referred to as "overselling".

In short, cheap hosting companies over-sell their services expecting you to use very little of what they offer and suspend your account when you do.

The same hidden restrictions hold true for email accounts, but in a slightly different way. Many of these plans offer 100 or more (some unlimited) email accounts. Sounds like more than any small business would ever need. Let's consider what the average person expects from their email account: The first and most important expectation is that they can send email to whoever they want. Most all providers will meet this criteria. The second is that they want to send copies of an email to a group of people, whether it be family members, a company mailing list, etc. The third expectation is to be able to send attachments with their email, whether it be family pictures, documents zip files, etc.

Budget hosting accounts almost always fall short on the second and third expectation. Most budget hosting companies limit the number of people a single email can be sent to, usually under 20 people per email. Not good if you have to send an email announcement to a large client list or you have more than 20 family members or friends on your contact list.

Should you have several pictures you want to send in your email, or any other large file, in most cases you will find your emails blocked because the attachment size has exceeded the limits of the service they provide.

Additionally, email is the most frequently used portion of a hosting plan; and it also tends to be the most support intensive. The budget for support for these companies is so limited that they barely give acceptable support to web related questions. Consequently there is a growing trend to encourage their clients to use a free email service rather than use the email service provided in their budget plan.

One of the worst effects stemming from these ultra-cheap hosting packages is that they influence non-technically educated customers general perception about hosting and make them believe, erroneously, that the cost of hosting a web site should be cheap, very cheap and very-very cheap.

This skewed perception of what the real costs are in the hosting industry serves to make dedicated and semi-dedicated servers seem very expensive when that is not the case at all. The fact is that most sites using hundreds of Gigabytes of monthly data transfer belong on a dedicated server. However, it has come to the point where a $10 shared hosting package can come with say 10GB of disk space and 1TB of data transfer and this can easily make even a cheap $100/month dedicated server with an ~80GB disk and ~1TB data transfer allowance, look like a rip off; when in fact, it is closer to the actual cost of providing professional hosting services to business clients. 

Finally, once you discover the level of service with whatever company you might have selected, the process of moving away from such a host will be a manual and tedious endeavor. This will probably make you think twice when it comes to moving out of such a host which might make you stick with them (at least for a while) despite being less than satisfied with the service.

Here is an alternative to disabling UAC - an option some call "Quiet Mode" - and essentially leave UAC enabled but elevates the all administrator accounts to assume it is okay to run the item in question. Note, this will effectively disable the protection that UAC provides, but will not disable IE's Protected Mode.

UAC (User Account Control) is the 'feature' that causes those annoying Windows Vista pop-up warnings that present when you try to perform certain functions or start certain programs that tell you permission is required to perform the function or open the program. These pop-ups only happen when you have UAC  turned ON, which is the recommended setting to 'protect' your computer--or more precisely to stop you from installing anything onto your computer that has the potential to cause harm.

Advanced users can safely turn this feature OFF, as it is assumed that advanced users will know what should and should not be installed on their machines, and they know not to click on links in email from senders that they do not know, etc. So, it would seem simple enough for advanced users to just turn UAC off and not be annoyed by these warning pop-ups--but here comes the catch: There are some third party products that will not work properly with UAC turned off. One of these popular products is Intuit's QuickBooks. (I've written about this here.)

So my original 'solution' was to turn UAC off for most of the time and then turn it on when I needed to use the functions within QB that required it. This seemed to work just fine until I started noticing some strange behavior on my computer--new programs wouldn't install properly, some programs started to act up, etc. Long story short--turning UAC on and off more than once corrupts the system registry by stripping all of the user permissions off of all of the keys. This is now a known issue and I have been in contact with Microsoft about whether this issue was addressed in SP1 or any other hot fix since encountering the problem and writing about it in the article linked above.

To date, everyone I have communicated with at MS has acknowledged the problem, but no one has been able to say whether it has been addressed or not. However, I was presented with a way to get around the annoyance of the warning pop-ups with UAC turned on! This was exciting news to me, as I really don't care if UAC is on or off as long as the pop-up warnings go away. More...

For those of you with kids that surf the Internet, here are a 10 suggestions you can share with them to help them surf safely.

1. If you are surfing the net and you enter a web site that makes you feel uncomfortable or scared tell someone RIGHT AWAY.

2. Protect yourself. NEVER send personal information about yourself into cyberspace unless you talk to your parents FIRST.

3. Keep your private information private--your telephone number and address should NOT be sent out into cyberspace.

4. Before sending ANYONE your picture or ANY information about yourself, make sure to check with your parents FIRST!

5. Never agree to meet up with someone that you meet while chatting online UNLESS you check with your parents FIRST. IF you do meet up with someone, NEVER GO ALONE. A parent or caregiver should ALWAYS go with you. Make sure meeting places are in a public place and NEVER someone's house. More...

Can't remember hearing about MAC needing "security updates", but it appears as they are becoming more popular they are starting to enjoy some of the attention of hackers previously reserved for Microsoft Operating Systems.

Original release date: May 29, 2008

Source: US-CERT

Systems Affected

* Mac OS X prior to v10.5.3

* Mac OS X Server prior to v10.4.11

Overview

Apple has released Security Update 2008-003 and OS X version 10.5.3 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.

I. Description

Apple Security Update 2008-003 and Apple Mac OS X version 10.5.3 address a number of vulnerabilities affecting Apple Mac OS X and OS X Server versions prior to and including 10.4.11 and 10.5.2. Further details are available in the US-CERT Vulnerability Notes Database. The update also addresses vulnerabilities in other vendors' products that ship with Apple OS X or OS X Server.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

III. Solution

Upgrade

Install Apple Security Update 2008-003 or Apple Mac OS X version 10.5.3. These and other updates are available via Software Update or via Apple Downloads.

Well not really, but I did have an interesting experience at Ralph's the other day. With the cost of gas raising almost daily, and me anticipating my new car, we decided to logon to Ralph's web site to check out their 'specials'. I never was one to clip coupons or look through the papers, but somehow finding that Ralph's post this on-line with an easy interface to click to add the sale items to a printable shopping list, it was now not only convenient, but a time saver. Menus could then be easily planned around the sale items--another time saver.

So off to the store we went, list in-hand. We loaded an entire cart with all of the items we needed--everything from apples to steaks and everything in between. When we got to the check-out counter I watch the total climb as the clerk passed each item through the scanner--$100--$200--$230--the total finally topping out at $247.92. Then I handed the clerk my Ralph's Club Card (senior edition). She scanned the card and I gleefully watched the total on the register start rolling backwards--dollar by dollar--until the final total was $147.62! To quote from the bottom of my register receipt a "verified total savings of $100.30". I've used the card for years, and it has always saved $10.00 here $30.00 there and one time I think I saved about $40.00, but never a savings that really seemed to matter. But saving over $100.00 was an eye-opener.

I found a method of checking the sale items that was both convenient and time-saving and could save us over $100.00 per week at the supermarket!

Check it out, I think you'll like it: http://www.ralphs.com

(I'm sure that other markets have the same features on their web sites, Ralph's has just been convenient to my location and I've gotten into the habit of using them out of convenience.)

WHO IS IMPACTED AND WHY?

For customers who host their sites on a Debian OS (or its derivatives) to generate a key pair used to request a certificate, that key pair (and the corresponding certificate) is vulnerable.

This is due to a flaw in the Debian-specific random number generation that results in relatively predictable key pair values, making them highly exploitable.

WHAT CAN YOU DO?

If you or your customers are running Debian operating systems and derivatives (such as Ubuntu) released between September 17, 2006 and May 12, 2008 you should deploy a recently released Debian patch and revoke and replace all SSL and Code Signing certificates for which keys were created on these operating systems. Debian has released a testing tool to confirm whether your certificates are affected. This tool and other useful information can be found here:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

NOTE: Inland Pacific Consulting does not host any accounts on Debian Operating Systems. We host strictly on the new Microsoft Windows 2008 64 bit operating system. Consequently none of our clients are effected by the above security flaw.

I stumbled on this article "30 Free Ways to Market Your Site" by Carrie Hill from her column "Little Biz" on Search Engine Watch that had some excellent ideas for marketing a small business web-site that I thought were especially relevant with the economy slowing and budgets tightening and wanted to share some of them with you.

Not only are her suggestions relevant to building the link popularity of your site, but they help in getting you familiar with, and involved in, the on-line community. Most small businesses are members of their local Chamber of Commerce or other networking groups, but many small business owners are not familiar with the same networking communities and opportunities that exist on-line. Following these tips is a perfect introduction to the on-line community and a good guide to how to become involved.

You will find that the knowledge gained while investigating and following many of these steps will be as big an asset to your company growth as the potential business you may generate.

Here are some of my favorites (some new, others nice reminders of things forgotten):

1. Write a press release on a new product or offering and send it to some free press release distribution sites. [ed. on-line]

2. Send the press release to your local media outlets, or any niche media outlets that may be interested in what you do. [ed. print]

13. Start a blog.

17. Submit a product (or 20) to GoogleBase. [ed. This is a new beta service of Google http://base.google.com/support/bin/answer.py?hl=en&answer=59260]

22. Install Web analytics on your site, if you don't already have them. [ed. If you don't use these on a site we host--ask us to install them for you.]

You can view her entire article here (http://searchenginewatch.com/showPage.html?page=3628785)