Must include at least one number. Must be longer than six characters. Cannot have more than four sequential characters from your previous seven passwords. The rules for password creation vary wildly from site to site, an effort to protect users from those who would hack their identities.

These protective measures don’t go very far, according to the New York Times, because hackers can get ahold of passwords with software that remotely tracks keystrokes, or by tricking users into typing them in. The story touches on a range of issues around the problem, but neglects to mention the obvious: the march toward a centralized login for multiple sites.

Sponsor

A universal login could solve a lot of the issues around password security, from keylogging to the problem of users having their passwords discovered after writing them down.

It would also solve the problem of password-overload. Managing logins for all the Web sites that require registration is a pain, and any frequent Web user who says differently is either lying or has a photographic memory. Browsers have taken some of the pain away by remembering passwords for us, but clear your browser’s history and suddenly you have to answer secret questions and email your username to yourself for umpteen different sites.

A handy chart to help you create secure passwords, from Microsoft.

One or more options for a universal login is inevitable and progress is well underway. More and more sites are supporting the easy-to-use Facebook Connect, which lets users register for a site with their Facebook profile instead of creating a site-specific username and password. As of last year, there were more than nine million websites using OpenID, the openly-developed standard that users can use to log in across multiple sites.

Standards like OpenID carry their own security problems (and other problems – see The Troubles With OpenID 2.0), the obvious being that a successful hacker can gain access to all the sites and services you use at once. But the convenience of a universal login is irresistible, especially for the myriad sites where there’s no danger if your password is hacked, such as news sites. Users who try it won’t want to go back – which is why it’s important to talk about the security issues around these new protocols for users and the sites that implement them.

How do you manage your logins?

Discuss

Java gets a bad rap. It’s considered old-school. People say that young developers prefer Ruby-on-Rails and other Web-based hot stuff. True – but these are not bad times for Java at all.

James Governor of RedMonk wrote a post that provides several good reasons why Java is really doing quite well.

Elance shows the current demand for people with Google App Engine skills is greater than those knowledgeable about Amazon Web Services. Audrey Watters of ReadWriteCloud saw the news and posted on the topic of IT Jobs as the question for our weekly poll.

Sponsor

The reason why Google App Engine is doing so well? It’s all about the enterprise. VMware’s Spring Platform is based upon SpringSource, which has become the dominant platform for launching Java-based apps. It now integrates with Google App Engine, a primary reason for the growing success of the platform.

Governor makes some points that are worth noting:

NoSQL is one of the hottest trends in tech right now. Many of the technologies built on the platform are written in Java. It was born on the Web but will eventually move to the enterprise.

MapReduce? It’s what Google and Yahoo! use to get fast responses over large data sets. It is built on Java. Hadoop is based on MapReduce. It has its own ecosystem developing around the technology.

And then there’s this from Governor:

Of course we’re also seeing innovation from the new hotness – thus Erlang underpins CouchDB and RIAK. But Java is certainly core to the innovation. Lets look at RabbitMQ for example – which though written in Erlang was acquired by SpringSource as a messaging engine to underpin a Java-based programming model.

Governor goes on to provide a number of other examples to make his point.

And we have to agree. Java is not dead. it still has plenty of room for innovation.

Discuss

Microsoft’s new mobile OS has shipped to handset makers and will be appearing on phones in time for the holiday season, the company announced today.

The stage is set for Microsoft to either rock the mobile world with a mainstream alternative to the iPhone and Android platforms, rebounding after a string of failures a la Bing, or flop in its attempt to catch up after “missing a cycle.”

Sponsor

The long-awaited update to Windows Mobile is expected to show up on devices from Dell, HTC, Samsung and LG, so there is the possibility that an exciting handset like the Dell Lightning could rekindle interest in Microsoft’s mobile offerings.

Windows Phone 7 is designed around tasks with programs pushing information to the home screen. This “hubs” design may lessen the need for third-party apps. But Microsoft is still hoping apps can be evangelists for Phone 7, offering developers tools and an emulator last month for free. Microsoft says the tools have been downloaded more than 300,000 times.

The OS has gotten mixed reviews, including a scathing critique from InfoWorld’s Galen Gruman, who called it “a tepid knockoff of a 2007-era iPhone” and claimed it was “a platform no carrier, device maker, developer or user should bother with.” Other reviewers praised the OS for its zoomy user interface, integration with Microsoft Office, voice search and other features.

Microsoft has been agonizing over the development of the Phone 7 OS, throwing money at the launch, carefully studying how people use their phones and engineering down to the most minute details. For example, Windows Phone 7 will feature eight keypad tones, so that a user will hear slightly different clicks when typing instead of the same tone repeatedly as is the case with the iPhone.

A Windows Phone 7 preview by InfoWeek in July.

Whether the attention to detail pays off will be decided in a few months by consumers in the general public – who largely pay little attention to the OS pedigree of a phone, and can therefore be trusted to evaluate Windows Phone 7 without being biased by Microsoft’s track record.

Discuss

VMworld starts in the morning and all eyes will be on what gets announced and how virtualization is extending its reach into the realm of cloud computing.

We sometimes find that during big events there is such a blur of jargon that it can be helpful to do a bit of homework for a grasp on how companies view the actual technologies and the ways they relate.

In that context we went to YouTube and explored how three companies view the relationship between cloud computing and virtualization. We graded each on its explanation.

Sponsor

Cisco

Cisco Systems Glenn Dasmalchi does a decent job of explaining Cisco’s view about the relationship between cloud computing and virtualization.

In Cisco’s view, cloud computing and virtualization are separate concepts but do relate. Cisco views cloud computing as a broad range of IT services that are delivered on demand with the ability to scale up and down, depending on the need.

He says Cisco divides virtualization into three categories: network virtualization, storage virtualization and virtualization as it relates to computing.

Dasmalchi does not fully explain how Cisco views the relationship between cloud computing and virtualization. Instead, he seems to dart around the issue of the private cloud and how a virtualized infrastructure provides an opportunity to move data in and between data centers. He does point out that a networking opportunity unfolds as data passes between different points. In a virtualized network, the end points are no longer static. Providing the right level of performance and security plays to Cisco’s strengths.

Cisco gets a a B- for its explanation. Dasmalchi dances around the concept of the private cloud without actually saying what it is. But you can see his argument strengthen when he relates virtualization directly to networking, Cisco’s obvious core strength.

Citrix Systems

CitrixCTO Simon Crosby crisply explains the company’s view on virtualization in private and public cloud environments.

Citrix desktop virtualization services represent its core strength. It acquired XenSource three years ago which put the company into the infrastructure as a service market. XenServer is sold on top of Microsoft HyperV. Crosby uses the video to explain how virtualization aligns the business and users to get access to IT it resources in a pooled environment.

He explains that in a public cloud environment, Citrix markets the Xen platform as an open-source infrastructure. Xen is designed for large-scale multi-tenant environments.

We give Citrix an A-. Crosby is well-spoken and clearly distinguishes between his views of a public and a private cloud. We take a few points off for the explanation of its infrastructure play and use of terms that have a fair dose of jargon mixed in. But, generally, it is pretty clear how Citrix views the relationship between cloud computing and virtualization.

BlueLock

BlueLock uses legos to explain its view on the relationship between cloud computing and virtualization. It’s a concise explanation that demonstrates how much the stack is changing.

In the explanation BlueLock CEO John Qualls shows the traditional approach to building an on-premise infrastructure. He then explains how virtualization enables its version of the cloud.

BlueLock is a service provider. It provides the capability to add resources to a virtualized environment. The video clearly shows how cloud computing fits by taking lego pieces that represent the different parts of the stack and how they can be moved, depending on the need.

BlueLock is the winner of the three. We give them an A for showing how the traditional stack is changing. They show how the cloud can be scaled up or down depending on the customer’s business needs.

In all, we think this coming year will see a far more clear picture of how cloud computing and virtualization relate. The bridge is being formed. Now it’s a question of who can tell the story most effectively. We hope more can emulate BlueLock. There’s nothing better than showing what you do. We can watch talking heads all day. The people may be smart but legos are far more fun and something we can all relate to.

Discuss

Last week, Alex Williams posted a list in ReadWriteWeb’s Cloud Computing channel of the “!0 Common Mistakes Made by API Providers.” Alex’s post points to some of the problems that occur in both the technical and the business realms of API development. In the case of the latter, he lists “Poor Community Management” and “Not Recognizing the API as a Core Line of Business” as common business-related errors.

The API has long been seen as a cornerstone of BizDev 2.0, a term coined by Hunch co-founder Caterina Fake. But parallel perhaps to the misconception that “if you build (a product), they will come,” is the notion that simply because you’ve developed an API for your business that you have, in fact, upgraded your business development to that 2.0 level.

Sponsor

Hunch’s VP of Business Development, Shaival Shah has written a post along these lines today, with suggestions on how to “Cannabilize Business Development by Popularizing your API.” As Shah writes, the challenge isn’t simply to build an API: “the great challenge is how to market your API so that people know a) that it is available, b) how/why to use it and 3) what value they can generate from it.”

Shah stresses the marketing of the API and gives the following as goals for doing so:

1. Developing market awareness about your service and about the availability of your API
2. Nailing three partner use-cases that are reusable across the market
3. Establishing metrics for success and developing analytics so you can preserve future monetization options

As Shah notes, the idea of a “self-service” API may be a misnomer, particularly at the beginning, when there are still a lot of “hand-to-hand deals” in order to get those initial partnerships established. From there, Shah invokes the “bowling pin strategy” – finding a niche, then leveraging that to knock down surrounding markets.

Shah argues that this API-oriented business development should be less sales- and more product-oriented. And in the end, suggests Shah describing his own goals for his biz dev role at Hunch, this will “cannibalize” the business development function by popularizing the API.

Discuss

At Tuesday’s Demo Day, the latest batch of Y Combinator startups raved about the experience, the guidance, the resources, the networking that their participation in the incubator program gave them. As of today, YC startups can add another benefit to that long list: priority access to some of Facebook’s technologies.

Sponsor

Y Combinator and Facebook announced today that they’ll be teaming up to help encourage and support socially-oriented startups. Facebook says that it will provide “product, technical and design resources to support new Y Combinator companies interested in working with us to build deeply social products, whether a website or an application on Facebook.com. These companies will have priority access to our technologies and programs such as Facebook Credits, Instant Personalization and upcoming beta features.”

Facebook once operated its own startup program, the fbFund, but in July said that it had “no plans for future iterations of the program.”

By partnering with Y Combinator, says Facebook, it will help foster startups who offer “transformative social experiences.” And with priority access to the social networking giant, as well as mentorship from the premier incubator program, future YC startups will no doubt have a solid lead that, as Facebook notes, “others will follow.”

Discuss

The Google-owned social network Orkut is not well-known in the U.S., but it’s extremely popular in India and Brazil – that is, until Facebook started catching up. But Orkut just announced a new feature that makes it look pretty good.

“You’re not always the same person. Why should it be any different on the Web?” That’s the title of the Orkut blog post announcing the changes that place emphasis on grouping your friends.

Sponsor

The question is right on target. If you’re one of the people who joined Facebook in college, you probably connected with every new person you met at a party, added “pounding beers” as an interest, blasted updates about skipping class and tagged yourself in every drunken photo. But then your little sister joined Facebook. And then your mom did. And then you did a summer internship, and your boss was on Facebook. And suddenly you were censoring yourself for three or four different audiences.

Sometimes we want to use social media to talk about how much we’re growing and learning at the new job, and sometimes we want to complain about work and talk about how wasty-face we’re going to get tonight. Google seems to get this separation of online personalities now, an interesting twist after the fallout when Google Buzz tried to make all your friends be friends with each other.

Facebook added the ability to make lists to combat this uncomfortable merging of social worlds. But the “customize” feature for updates and photos is an afterthought on Facebook, buried several clicks away, while Orkut’s groups are front and center.

Orkut is assuming that “Who is going to see this?” is a major consideration with every post. It now lets you can create friend groups manually as well as “automagically” based on how you interact with specific friends. Orkut will also suggest new friends to add to your groups based on your social graph.

You can now choose the privacy level for each “scrap” or bit of content you post to Orkut, choosing between individual friends, a group, multiple groups, all your friends or the public Orkut timeline.

Orkut has also started pushing games more, linking games and applications from user homepages. Orkut said “more than six million people have created cafes in CafeMania and 36 million people manage their Farms,” in a period of just two months. Orkut will also soon be releasing a new platform for its communities feature, which is similar to Facebook Groups.

Do you ask yourself, “Who do I want to see this?” when you post something to a walled social network such as Facebook?

Discuss

Everyone wants to replicate Apple’s smash hit, instant cool, stand-in-line-overnight success when it comes time to roll out a product or stage an event. Plenty of companies attempt this by imitating Apple, copying its sleek design or attempting to maximize hype using secrecy. Not surprisingly, that turns out to be hard to do – so the marketing folks figured out a shortcut.

The secret? Don’t sell your product. Sell iPads!

Sponsor

From “Play Finger Balance – Win a Free iPhone” to “Win An iPad In The MyTown Scavenger Hunt,” Apple has apparently cornered the market on prizes used to entice people to buy or try a new product.

Kudos to Sirikitiya Jensen from Beneath the Earth Film Festival for admitting that an upcoming promotion is all about riding Apple’s coattails:

So it’s quite apparent that the world has gone iPad crazy. And even though it seems like they’re everywhere, not everyone has one. But it’s definitely safe to say that almost everyone wants one, and wants one desperately. So I’m curious to see to what length people will go to get an iPad (save those that would steal one).

Beneath the Earth Film is an online film festival that launched this spring. They’re giving away two iPads, along with many other prizes, in a weekend-long scavenger hunt starting at 8:00 a.m. Labor Day. Participants have to follow clues to locations of iconic film scenes in New York, take pictures of themselves re-enacting the scene, and race to submit the photos to Beneath the Earth.

A logo for Beneath the Earth’s scavenger hunt featuring the irresistible prize.

Ordinarily, that would be a lot to ask people to do for a no-name film festival. But, with the power of Apple:

We’re wondering if this is too high a barrier-to-entry for an iPad, but I’m starting to think that you can never underestimate the power of an Apple product. We’ll soon see what the promise of this summer’s hottest toy can incite in people.

Jensen even referred to the “potential iPad driven success” of the promotion.

IPods, iPhones and now iPads make great prizes. They’re instantly recognizable, compact and expensive enough to convince most consumers to stop by your booth, register a domain or even spend all day tromping around a major metropolitan city. Everyone wants one, or wants a second one, and they’re easy to resell on craigslist.

The devices appeal to every demographic, which is why they’re being used to sell a huge range of products and ideas: iPad cases, subscriptions, ladder safety.

Most companies aren’t like Apple, and most products aren’t like the iPod, iPhone and iPad. Not everyone can make a product that people will want desperately. But why should they? The Beneath the Film Festival looks pretty cool. It could capture the attention of New Yorkers without dangling an iPad in front of them. So why not sell the festival on its own merits?

What do you think? Is it cheating to use iPads to attract customers or users? Is it even effective – or will the winners of this scavenger hunt walk away with the iPads and never give the film festival a second thought?

Or is an iPad gimmick a smart way to introduce people to something they might otherwise have ignored?

Hey, it got me to write about a random film festival. Hm…

Discuss

Much of the chatter over the past two days about the Intel/McAfee deal has been about why Intel decided to acquire McAfee. But what does the deal mean for enterprise security managers? We asked a few experts at other security vendors to for their take on the news.

Sponsor

It’s Time to Give Next Generation Security Products Another Look

Chris King, director of product marketing at next generation firewall vendor Palo Alto Networks says the companies Palo Alto works with tend to prefer vendors that are focused exclusively on security and might not be keen on working with vendors that are involved in other areas. “They don’t want to get lost in the morass of a bigger company. They want the focus of a security company,” King says.

He also notes that companies tend to lose a lot of talent after an acquisition. King says “Every company says its acquisitions are going to be ‘wholly owned subsidiaries.’ What that means is ‘We’re trying to keep as many people as we can.’”

Forrester analyst Andrew Jaquith is already warning enterprise IT managers to avoid making long-term commitments to McAfee solutions until they can see how things shake out.

King is optimistic that the shake-up will lead to more enterprises taking Gartner’s advice and moving to next generation firewalls.

Security Will Move Both Up and Down the Stack

But Kurt Roemer, chief security strategist at Citrix (a partner of both McAfee and Intel) says that although there’s often exodus of talent after a normal acquisition, we shouldn’t assume that will be the case after this deal. He believes that the acquisition is a logical one, and a move based mostly around Intel’s cloud acquisition. “The cloud market is like a startup market – there’s lots of room for innovation.”

Roemer, like King, emphasized the need for next generation security products and believes that this will shake things up in the security market. “It’s not going to be business as usual in desktop security,” he said. He envisions security moving both upwards (into the cloud) and downwards (onto chips) in the stack instead of being solely OS focused.

Diversify Your Security Vendors

But Chris Larsen, head researcher at Blue Coat’s research lab, cautions against relying too much on one company for security protection. “If you have McAfee everywhere – your antivirus, your firewall, etc. – then you are only protected against what they know about.” Diversifying your vendors means you will get a wider variety of threat databases and improve the chances of preventing malicious code from wreaking havoc on your network, he says. There could be big advantages, especially as services move into the cloud, to having a single, integrated security solution at many levels of the stack, but it will still be a good idea to add an extra layer of protection or two in there somewhere.

Photo by Anonymous

Discuss

Earlier tonight, we sent Facebook some questions probing for more details about user experience on Facebook Places that weren’t covered in the presentation tonight.

Facebook’s presentation about Places focused on the user experience and how adding a location element to social networking will make the experience richer and more useful. The company also gave a shoutout to developers, announcing an Application Programming Interface and bringing developers of other location services on stage to cheer Facebook on. But it glossed over some of the nitty-gritty logistics.

Sponsor

There’s good news and questionable news. The good news – users must be “within a certain range” of a location in order to check in, which should prevent users from gaming the system. Facebook had a huge advantage over MySpace because it encouraged users to use their real names; similarly, it’s smart to ensure its users’ location updates are reasonably accurate – especially considering the emphasis on real-time sharing.

“So, if you’re at a bar that is next to a restaurant, it’s possible you could check in to the restaurant since it will show up in the list of places nearby. You cannot, however, be in California and check in to the Empire State Building in New York City,” a Facebook spokesperson wrote in an email.

The questionable news concerns user-submitted places. If a place doesn’t exist in the database provided by Localeze, users can add it and check in right away. But the mechanism for removing inappropriate places – such as a user’s home or something offensive – sounds ambiguous and vulnerable to the problems some have had with Facebook’s opaque policies for removing fan pages.

Users can “report” a page that they believe violates Facebook’s Statement of Rights and Responsibilities, but Facebook does not say how quickly pages will be reviewed or what the criteria for removal might be. In addition, official representatives of a business will be able to claim their Places page using the same verification systemin place for fan pages. Fan page administrators will also be able to merge their Place page with their official Page on Facebook.

We hope that Facebook has a plan and doesn’t intend to do this kind of maintenance by the seat of its pants, or the Places feature could get messy in its first iteration.

Discuss