stuart test blog

Microsoft have just announced that Windows Server 2008 has been released to manufacturing. I’m really looking forward to this product becoming publicly available and my own testing has been very positive so far.

I have to correct one point made in Microsoft’s blog announcement, it was stated that Server Core doesn’t install a GUI which is incorrect:

With server core, you can even install a GUI-free server.

When you set up a Server Core box, you still get a GUI, but you don’t have a shell. This isn’t just semantics, it’s a fundamental difference. A Linux or Unix server can be installed without a GUI – all you get is a terminal screen. However the Server Core still presents a graphical interface, you get windowed command prompts and can run several graphical tools and utilities, but you don’t get the Explorer shell or associated components.

I subscribe to lots of blogs written by Microsoft bloggers, and my favourites are from those who aren’t afraid to poke a little fun at themselves and their employer. Here’s a post from The Sean Blog making fun of the fact that when you right click a removable drive in Windows Vista, the kind “Safely remove” and the destructive “Format” commands are 1/8 inch apart. (image leeched below)

These are the bloggers that are helping Microsoft to gain more of a people-friendly reputation, rather than the monopolistic, evil empire that we all love to hate. If you’re a Microsoft blogger, please don’t just regurgitate press-releases and sales pitches – have the guts and sense of humour to poke a bit of fun at yourself sometimes. We’ll like you more for it.

On the TV1 Breakfast show this morning, Paul Henry was interviewing Peter Griffin about security software for home computers. In my previous field engineer roles, and my current role as "IT guy" for my extended family, I’ve got a lot of experience setting up and securing home computers as well as small business computers (ones that are not managed by a central server.) I’ve also had a lot of experience fixing computers that have been infected with viruses, trojans and other nasties.

So naturally I have strong opinions on the topic and I tend to disagree on some of the points that Peter was recommending. So here is my advice on securing a home computer running Windows. (See note at the end if you’re running a Mac or Linux.)

Note: This turned into a rather long article – I encourage you to read the whole post, but if you’re in a rush, at least read the summary at the bottom.

Operating System

Starting at the bottom of the stack, if you’re buying a new computer get Windows Vista. I have lots of gripes about Vista, but it is far more secure than Windows XP, and will be supported for the next 5 years. If you’ve already got a computer you should be running Windows XP with service pack 2. If you’re not running service pack 2 on Windows XP, your computer is vulnerable to attacks. If you’re running any operating system prior to Windows XP, such as Windows 2000, Windows ME, Windows 98, etc, your computer is extremely vulnerable and you should probably just upgrade to a new computer running Vista. (Again, see note at the end if you’re running a Mac or Linux.)

You can check your operating system and service pack version by clicking on Start, then Run, and typing: "winver" (without quotes) and pressing enter.

Automatic Updates

Now that we’ve decided on the operating system, you need to make sure that it is kept up to date. This is one of the most important parts of maintaining your computer. As soon as Microsoft release updates to the operating system, hackers start creating malware that targets the vulnerabilities. It’s effectively a race between you and the hackers, which is why I recommend always installing updates as soon as they are released – and rebooting once they are installed.

There is a fear that updates can break your computer if you install them straight away, and there have been some cases in the past where this has been true, but you are far more likely to be infected by a virus by not updating, than you are of having a new update break your computer.

Windows makes it very easy to keep your computer up to date – just go to the Control Panel through the Start Menu, then find the Automatic Updates icon (or Windows Updates icon in Vista) and select "Automatic" which is labelled as the recommended option.

Most other software you install on your computer will also have some mechanism for keeping it up to date. Adobe (Acrobat Reader), Apple (Quicktime, iTunes), Sun (Java) all provide update mechanisms that usually use a scheduled task to check for updates. All of this software is also vulnerable to bugs and attacks so it’s important to let the software notify you when there is an update to install.

This is especially true of your Internet browser of choice. Whether you use Internet Explorer, Firefox, Safari, Opera, etc, it’s important to keep it up date as this is the software that you use the most to interact with the Internet. My personal favourite is Firefox and this is the most secure browser to use in my opinion. Running Internet Explorer on Vista with User Account Control (UAC) enabled has the added benefit of running as a limited user so is also less vulnerable to attack.

Firewall

The single most important security software on a computer is the firewall – in fact, I can’t imagine ever running a home computer without a firewall. If you’re only going to take one piece of advice from this post, then make it the firewall.

If you have Windows XP or Windows Vista then you have a firewall built in, and you need to check that it’s turned on. Head back into the Control Panel, open the Windows Firewall icon, and turn it on. It’s that simple.

More advanced users running Windows XP, should use a third party firewall such as Zone Alarm, as you have more granular control about what comes in and goes out. But for home users not needing to allow any inbound traffic, then the Windows XP firewall is fine.

If you’re running Windows Vista, there’s no need to run any other firewall as the one provided by Vista is superb and has been greatly improved upon since Windows XP. Advanced users on Vista can tweak the firewall to their heart’s content by using the Windows Firewall MMC snap-in which you can get to through the Administrative Tools.

The benefit to using the Windows firewall instead of a third party firewall, is that Microsoft have designed it to hook in to the networking aspects of your computer. So if you enable file and print sharing, then Windows will open the necessary firewall ports.

Antivirus Software

If you’ve followed the previous three steps, then you’re in pretty good shape already. You’re running a supported operating system, your computer software is patched and up to date, and you have a firewall protecting you from network attacks. However, this does not prevent you from downloading a virus from the Internet, or opening a virus-infected attachment from your emails.

This is where antivirus software comes in – it runs in the background on your computer, monitoring all of the activity going on, looking for viruses that it knows about and also looking out any other suspicious behaviour.

There are lots of different antivirus products available today, some free, most of them not. I don’t recommend using the free software to home users, as you have no guarantees that the software will be kept up to date. I also don’t recommend buying ‘suites’ of software – such as the ones from Symantec/Norton, or McAfee. These suites try to take over whole your computer with their own recommended settings, and you get showered with cryptic alerts, slow performance, and unreliable behaviour from your computer.

My current recommendation is to install Trend Micro Internet Security 2008. This is by far the best antivirus software I have used to date, for the following reasons:

• It’s lightweight and won’t slow down your computer
• It’s easy to use
• It’s easy to configure
• And you aren’t forced into using all of their settings

During installation of the software, you are asked if you want to install the firewall – I always say no, as I’m quite happy with either the Windows XP or Vista firewall. And once the software is installed, step through each section and turn it off – apart from real-time virus monitoring. All you want antivirus software to do, is to protect you against viruses – anything else will just get in your way and annoy you. If you’re using a desktop email client like Outlook, Outlook Express, Windows Mail, Thunderbird, etc, then you also need to select the antivirus option to scan your emails.

Antispyware Software

Antispyware software generally comes in two types – the basic editions require you to run a scan over your computer so that it can find all the nasties, and the more advanced editions run as a service on your computer like the anti-virus software and constantly monitors your system. Most antivirus software products today have at least some basic antispyware functions that can be enabled.

If you’re running Windows Vista, then you already have Windows Defender installed and running and you need to do nothing else. Defender runs in the background monitoring your computer and updates to the software are delivered through Windows Updates.

If you’re running Windows XP, then you can download and install Windows Defender for free, which you can’t go wrong with. More advanced users may want to use several different versions of antispyware software at the same time, tweaking each one to suite their needs, but an average home user will be well protected with Windows Defender.

Phishing Filter

A phishing filter monitors the web sites you visit and looks out for sites that attempt to deceive you into thinking that you are visiting another site. A common example is a site that looks just like your Internet banking site but is actually a site created by hackers to encourage you to give up important financial information like your account names, passwords, pin numbers, etc.

Hackers use clever techniques by crafting web addresses that are long and confusing to tell whether it is a valid address or not. Phishing filters attempt to identify these dodgy addresses and warn you that the site is not legitimate.

Unfortunately, phishing filters are not yet as advanced as antivirus scanners and lots of dodgy sites don’t get picked up. This means you can’t rely solely on the phishing filter as a means of defence. But Internet Explorer 7 and Firefox 2 both have phishing filters built-in and should be enabled for an added layer of defence.

Common Sense and Dancing Pigs

The last layer of defence should be your common sense. Don’t rely purely on the security software on your computer from protecting you. Don’t trust any attachment that is sent to you – even if it comes from someone you don’t know such as friends or family. Don’t forget that if a friend’s computer gets infected with a virus, there is a chance that the virus may email itself to that friend’s entire address book, making it look as if your friend sent you a joke email.

This is where the Dancing Pigs comes in. In computer security circles, dancing pigs refers to how users will always choose dancing pigs over computer security. Bruce Schneier explains the phenomenon as follows:

If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet — he’s going to choose dancing pigs over computer security any day. If the computer prompts him with a warning screen like: "The applet DANCING PIGS could contain malicious code that might do permanent damage to your computer, steal your life’s savings, and impair your ability to have children," he’ll click OK without even reading it. Thirty seconds later he won’t even remember that the warning screen even existed.

If this sounds like something that you do on a daily basis – beware. But take heart in the fact that it’s not your own fault – software developers have made us ambivalent towards security messages over the years, as we get so damn many of them – most of which are safe to ignore, most of the time…

A classic example of this is Windows Vista’s new User Account Control (UAC) feature which is enabled by default on Microsoft’s new operating system. The theory behind this is that you are forced to run as a limited-rights user so that you aren’t able to do any accidental damage to your computer (like running dancing pigs applets.) This is a great idea, and is already implemented on both Macs and Linux, but the implementation of UAC was so poor, that from the first time you turn on your computer, you are bombarded with warning messages for even performing the most trivial of tasks. This forces you to become numb to the messages, and you just get into a routine of clicking "yes" for everything that pops up.

Microsoft won’t admit to UAC being a poor implementation, but they are changing the amount of alerts you receive in service pack 1, which is going through testing at the moment. So they must be aware of the problem.

Backups

Although backups aren’t strictly related to computer security, ensuring that have a good backup system could be priceless should your machine get so terribly broken from a virus that it can’t even boot up and needs to be reinstalled.

How many of you have your only copy of your digital photos sitting on the hard drive of your computers? Imagine how you would feel if that hard drive broke, or the contents got erased, or your computer got stolen.

I recommend a three-pronged approach to backing up your important data:

• Keep your important data cleanly organised  on your computer and set up a backup routine either manually or using software such as the built-in backup software in Windows.
• Backup all your important files to a separate, external hard drive, or DVDs/CDs, or to another computer or server in your house.
• Then create another backup of your important files offsite – i.e. not in your house or possibly even your neighbourhood.

The third step seems a bit over the top at first, but keeping a backup of your photos on DVDs is no good if your house burns down or gets flooded. The best way to backup your photos to just upload them to a photo sharing site like Flickr – you get the added bonus of being able to show off your photos to friends and families. And if disaster ever strikes, your photos are preserved online and can be downloaded again in the future. For other important files, there are various online backup companies starting up but prices do vary so it’s worth shopping around.

In Summary

To summarise, here’s a check-list for safe computing:

• Make sure you’re running a supported operating system. Windows Vista or Windows XP with service pack 2. Nothing earlier.
• Make sure that your operating system is up to date with Windows Updates, and make sure that all other software is kept up to date too.
• Use a firewall! The Windows built-in firewall is fine, only use a third party one if you know what you’re doing.
• Use antivirus software – but don’t let it take over your whole system, this just causes more problems. Disable the bits you don’t want to run.
• Use antispyware software – Windows Defender is good.
• Use the phishing filter built into your browser, but don’t depend on it to be 100% accurate.
• Use your common sense – treat all email attachments with caution.

Apart from purchasing antivirus software (Trend Micro Internet Security 2008 costs about $100), everything mentioned above is already built into your operating system or web browser and costs nothing extra to use.

Using a Mac or Linux

This post has focused on Windows only, but most of the same principals can be applied to either Macs or Linux computers. Historically there have been very few viruses found in the wild for either operating system, but as both Linux and Macs gain in popularity (as they are now) there will no doubt be more hackers targeting them. Don’t sit back and think that you’re secure just because you’re not running Windows.

I’ve only just started blogging about Agile methodologies and the very next day, I see the following cartoon published on the Dilbert site:

(published here with permission.)

I’m attending the Agile BarCamp in Wellington to learn more about Agile and how the Agile methodologies could be applied to projects that don’t necessarily relate to software development.

My (very simplified) understanding of Agile so far is that it is a framework around software development that focuses on delivering lots of smaller releases instead of focusing on the end goal of releasing the final product. It’s a very flat-management style of framework, in that the project team should be self-organising and everyone in the team accepts responsibilities for the project.

I find all this very interesting in the way it could relate to infrastructure projects. The structure of most infrastructure projects that I’ve worked on all seem very "old school" compared to Agile methods…

Typical infrastructure project:

• There are usually two or more project managers that take responsibility for the project.
• They are managed by one or more program managers, plus there are business owners responsible for making sure that their own areas are covered, and other senior management also want to give input.
• The entire project is analysed and finalised before starting, through a lengthy process of tenders, proposals, statements of work, high-level architectures, detailed design plans, project plans, and gantt charts.
• It’s difficult to incorporate changes as the project progresses, and project managers are usually reluctant to do so anyway, as it pushes the project timelines over schedule.
• The project deadlines are always too optimistic, and run over regardless.
• Daily/weekly project update meetings take too long and don’t have any benefit to the progress of the project.

Compare this to how I envision an Agile approach to the same project would look like:

• Each member of the team responsible for the success of the project, with probably just a single project leader to shield the team from the politics and red tape that seems to be unescapable in bigger companies.
• The project is analysed and designed at a high level, and then broken down into smaller, manageable milestones that provide the customer with quick-wins and shows progress from early on.
• At the end of each milestone, you analyse what you’ve just done, learn from it and move on – implementing any changes that have come up along the way.
• Brief, daily meetings (stand-up meetings) to provide status updates to the other members of the team so that everyone always knows what’s going on.

The benefits of this approach seem immense, but there must be some downsides to it and my initial understanding is that customer fear is the main cause of pain when proposing or implementing Agile methodologies. This is another topic which I hope will be covered in the BarCamp.

The following table shows the original "Principles behind the Agile Manifesto", and how it would look if used for infrastructure. (changes emphasised)

Further reading:

• Manifesto for Agile Software Development
• Principles behind the Agile Manifesto
• Wikipedia – Agile software development
• Wikipedia – BarCamp

Mauricio has just completed the upgrade of the Geekzone site and it is now running on Windows Server 2008 (RC0, I’m assuming.) This is a good showcase for Microsoft as Geekzone is in the top 15 NZ sites for unique visitors, according to Mauricio. Microsoft have already moved 75% of their servers on to Windows Server 2008 which shows the confidence they have in the new version.

I’m genuinely excited about Server 2008, and every day I learn about new features that will benefit all sizes of organisations. Today, at the monthly Unplugged event at Microsoft in Wellington, Nathan showed off the new Group Policy Preferences which almost completely remove the need for login scripts. This is a feature that was acquired by Microsoft when they purchased Desktop Standard, so it’s nice to see it being released for free as part of the operating system.

I have the latest build and will be testing it out over the next week, including the newly-announced virtualisation role – now called Hyper-V. I’m also hoping to test out the Windows Essentials Business Server product which was code-named ‘Centro’ (much cooler name) up until recently.

Update: Mauricio got a shout out on the Windows Server blog

This press release just popped up as I was about to sign off the for the night, but I just had to get a quick mention out: "Integrated IT Designed for Midsized Businesses"

Microsoft have finally revealed some details about a new server bundle for "midsized" business called Windows Essential Business Server. This has been known as Centro in the invitation-only beta phase, which I had hoped to participate in, but was lacking three spare 64 bit servers to test on.

My previous understanding of Centro was that it would require three, 64 bit servers and would bundle several Microsoft server products into a unified, easy to manage, suite. It is effectively a step up from Small Business Server, which runs on a single server and is licensed up to 75 users.

The term "midsized" is relative, depending on the market, but in Microsoft’s terms this is up to 250 computers.

Windows Essentials Business Server will bundle the following products and will provide a single Client Access License (CAL) to cover use of all included products:

• Windows Server 2008
• Exchange Server 2007
• Forefront Security for Exchange
• System Center Essentials
• ISA Server (whatever the next version number is called – probably 2008)
• SQL Server 2008

The press release doesn’t confirm whether three servers are still required or not, but looking at the components, you would want to run them on no less than three boxes. I’d imagine that the ISA server would act as the gateway box, running Forefront SMTP scanning and the Exchange Edge Transport role; then Systems Center Essentials and SQL Server 2008 would sit on another box, and the other Exchange roles would be on the third box. (All 64bit of course.)

Microsoft have also announced the usual list of partners that will be providing solutions specifically for Essential Business Server (EBS) such as HP, IBM, Intel on the hardware front, and Trend Micro, CA, and Citrix on the software front.

The private beta will be expanded into a more public beta in the new year, with a final release date set for the second half of 2008.

This is big news for NZ companies as I know of lots of companies that quickly grow out of an SBS solution but are still small enough to not be considered an Enterprise customer. Local Microsoft partners will be keen on this too, because if a customer is considering upgrading to Exchange 2007, then why not see if they would like the latest version of ISA to complement Exchange – and then you’re two thirds of the way to implementing EBS.

Still some questions that need to be answered…

• How will the licensing work for customers that already have Server and Exchange CALs – will they be able to trade them in for EBS CALs?
• How easily will EBS integrate into an existing environment? SBS needs to be its own root domain and can’t join into any existing domains, surely this wouldn’t be the case for EBS?
• Will there be an upgrade path from SBS to EBS?
• And will there be an upgrade path from EBS to the full version products if needed?

I’m looking forward to testing out the bits and pieces… anybody want to donate/lend me three 64bit servers??

Update with new links:

• Windows Server "Centro" is officially unveiled and has a new name!!
• "Centro" = Windows Essential Business Server
• Windows Server "Centro" has a New Name
• Windows Essential Business Server – why didn’t they just call it Centro?

The PowerShell team have just released the first publicly available CTP of PowerShell 2.0. This hasn’t even reached beta stage yet, so there is bound to be lots of bugs and no doubt the product will change  a lot prior to release.

Lots of new features, but the stand-out ones for me are:

• Remote scripting – now you can run PowerShell scripts against remote computers, as long as they also have PowerShell installed.
• Background jobs – you can run a PowerShell script and it will run in the background. This means that your cursor will return to the next line in the console and you can continue with other tasks. You can then query the progress of the background job at any time with another command.
• Script cmdlets – cmdlets can be created using PowerShell scripts whereas in the current version you need to compile them as managed code, for example C# or VB.Net.
• PowerShell GUI – there’s an early preview of a graphical PowerShell front end that gives you colour-coding syntax, as well as multiple tabs with multiple shells (up to eight.)

There’s also mention of improved hosting APIs but I’m not sure if that just applies to compiled applications being built on top of PowerShell. I’d like to be able to run PowerShell in HTAs in the same way that VBScript can currently be run.

I’ve been giving a lot of thought recently as to how PowerShell can be implemented in production, and some of these features will definitely make it more relevant – especially the ability to run PowerShell scripts against remote computers.

While I was away on holiday, Ubuntu released the latest version of their desktop operating system: Ubuntu 7.10. I had last tried the 7.4 release on my new notebook without much luck as the hardware was a lot newer than the operating system.

I wasn’t too hopeful of having much luck installing 7.10 either on my HP 6910p notebook, but a funny thing happened – it just worked!

I downloaded the 64 bit version and booted up the Live CD, preparing myself for disappointment, but after a short while the desktop appeared with a nice little startup sound (wow – the sound card works!)

The resolution of the screen wasn’t perfect though as it should have been set to 1440×900 but a quick look in the resolution settings showed that it had maxed out at 1152×864 and I couldn’t set it any higher. I haven’t used Ubuntu that much but I looked in the System menu and found a hardware devices icon which looked like it may be able to help. Sure enough, my graphics card had been detected but couldn’t install the drivers as they were proprietary, and this flies in the face of the Ubuntu principals. However, a simple check box allows you to give Ubuntu permission to install the evil drivers. A reboot is supposed to be required but as I was just running the Live CD, I would have been reset back to default so I just restarted the X server by using the Ctrl+Alt+Backspace command.

Hey presto – I had native resolution!

But what about networking? Especially wireless networking – something I’ve never had any success with in Linux. I noticed a networking icon flashing in the top task bar (or what ever it’s called) and clicking on this brought up a list of wireless networks that had been detected. I selected my home wireless network, entered my WPA password and I was connected – simple as that.

This was the first time that I had sound, video and networking all working out of the box (almost) in Linux.

During this whole process my iPod had been connected through the USB cable and it showed up on my desktop with an iPod icon and the correct name. Wondering if I would be able to access the songs on it, I looked in the Applications menu and ran the Rhythmbox audio player. Surprisingly, the iPod shows up as a device in the left had side just like in iTunes – so you can browse through all the songs or the playlists and play them just as you would in iTunes.

However, there is one catch – Ubuntu doesn’t include any proprietary audio formats either, so you need to install the restricted Ubuntu extras package through the add/remove programs applet. This also installs additional fonts, Sun Java, and lots of audio and video codecs. Once installed you can plays music from your iPod through Rhythmbox!

All of the above was done using the Live CD with no reboots and without affecting the Windows installation on my notebook. I’m going to install Ubuntu properly soon so that I can also test out the new Compiz bits which make your desktop come alive with nifty and useful 3D effects. But so far I’m really impressed with Ubuntu’s latest release and it’s becoming a real contender in the desktop operating system market.

I’ve been too busy recently to pay much attention to this blog, and with the impending holiday coming up (see first point) I won’t be doing much blogging this month either. So a bullet point list of stuff…

• The Maxwell family is going on holiday! We’re taking Elliot on her first big trip to see family and friends in London and Amsterdam. Really looking forward to this.
• On the topic of our trip, www.tripit.com is probably the best new site I’ve found recently. It’s one of many online trip planners available, but what makes it different is that you don’t have to manually enter in your itinerary – you just email them your itinerary that the travel agent gives you, and they instantly convert it into a trip planner and email you back your login details! Great idea.
• Cafenet need to get a better password reset form on their website. I needed to get urgent access to my emails but I had forgotten my Cafenet password. You can reset it from the Cafenet site but they just email it to you – obviously no good to me as I need to log in to Cafenet to read my emails. Couldn’t they just text it to me, or ask me a couple of security questions to reset it??
• Microsoft are releasing the source code to their .Net framework libraries. But pay close attention to the wording though – they are not open-sourcing their code as that would imply that you can modify the code or contribute to it. You won’t find any of the Microsoft guys saying that the code is open source, more along the lines of "opening up the source…" or "releasing the source code…" The code is released under the Microsoft Reference License which is effectively a read-only license – no modifying or redistributing. If you’re a Dot Net developer looking for better debugging ability, this is for you. If you’re an open source developer wanting to look at the code for help with your project, beware – you should read this eWeek article first.
• I’ve gone back to Vista, after vowing to avoid it until at least service pack 1. There is just one feature which I’ve decided I can’t live without and that is the hybrid sleep function. For a mobile user, this is essential – it allows you to start up and shut down within seconds by putting the computer into a sort-of "deep sleep". It’s somewhere between the normal sleep and hibernation. All the fans turn off and the computer goes into a ultra low power state so that your battery doesn’t drain. If you’re thinking that the hibernation feature in Windows XP is just as good, then you haven’t tried hibernating with more than 2GB RAM – it’s almost as quick to cold boot than to un-hibernate a computer with a lot of RAM.
• I’m going to miss the Technet Unplugged event in October due to aforementioned holiday. That’s a pity because it looks like a good one.
• The whole "Office 2.0" space is really hotting up at the moment with new announcements every day. Zoho has an online database application to go with the rest of their office suite. Google now was a presentation app for their Google Apps suite, but it’s far too basic to be useful at the moment. SlideRocket shows how to do online presentations much better – but you wouldn’t want your internet connection to go down during a presentation, so not sure how sensible it is (and we all know how flaky internet connections are at conferences.) Now Adobe has a cool looking word processor built on Flash/Flex/Air/Whatever – basically it runs in a browser but the technology they are using means you can take it offline too. (maybe SlideRocket need to look at that too.)
• Is it just me or is Apple starting down a slippery slope towards becoming as ‘hated’ as Microsoft? I didn’t mind the fact that they dropped the price of the iPhone so soon – especially since they offered a $100 gift voucher/peace token to disgruntled customers. But it does bother me that they have turned people’s iPhones into bricks. These are the same early adopters that flock to the MacWorld conferences and evangelise their products for them, for free. And you can’t even say that the iPhone bricks were an unfortunate side-effect of the update – Steve Jobs himself said that Apple was prepared to play a cat and mouse game with hackers who try to make their iPhones more functional. This is all about money and greed and it wouldn’t surprise me if more and more Apple fans start turning against their beloved company.
• On a related note, I’m looking to buy a Nokia N95. This has all the functionality that’s missing from the iPhone, just not the big screen or cool interface. I want the high quality camera, GPS and maps, Exchange sync (Nokia app takes care of this), Java apps, HSDPA modem, and no lock in to any particular carrier. The current model has come down in price recently, but that’s probably due to the 8GB model coming out that also has a larger screen (2.8" as opposed to 2.6") Do I wait for the new, expensive model, or pick up a bargain and settle for less. (I think I’ll wait…)
• I’m planning to read three books while away on holiday that I’ve had for a while now – Getting Things Done by David Allen, The 4-Hour Workweek by Tim Ferris, and The Dip by Seth Godin – probably in that order too.
• I’ve spent the last few evenings getting my accounts in order, and I’m always amazed at just how good Xero is to work with. The improvements they made to reconciling accounts are just incredible, I reckon Xero saves me around 1 to 2 minutes per bank transaction and if you add it all up, Xero becomes far better value for money than any desktop finance application that I’ve tried. It’s important for me to justify it like that  as I still sometimes wonder if I’m paying too much for the service.
• I fell off my bike the other day trying to go too quickly down a flight of stairs near Frank Kitts Park. The huge graze on my leg wasn’t as bad as my damaged pride when the old lady I had just zoomed past came up to me to find out if I was OK…

OK – that’s enough for now…