Scott Hanselman

Outlook 2007 Beta introduces its own Feed URL Protocol. Ew.

October 28, '06 Comments [19] Posted in Reviews | Tools | XML
Sponsored By

(This discussion refers to Outlook 2007 Beta 2 Technical Refresh)

I'm really not sure how I feel about this.

There was a big discussion about if the feed:// protocol was needed. Personally I've always said I think it IS needed while the RSS Team at Microsoft disagrees.

However, I just noticed that not only does Outlook store it's RSS in the PST (and syncs with the Common Feed Store, which we already knew), but it also registers two new "Protocol Handlers" explicitly for handling RSS feeds - they are OUTLOOKFEED:// and OUTLOOKFEEDS:// with the latter including an "S" for secure feeds.

This doesn't seem exactly fair or consistent. I understand that an enterprise, especially one using SharePoint would want to have folks subscribe to a feed directly into Outlook. However, not only is Outlook creating these new pseudo-protocols that are Outlook-specific, it's also taking over FEED:// as well. We'll see if there's changes in the next RC. 

That doesn't seem fair. What if RssBandit started using RSSBANDITFEED://? Of course, any of these aggregators can try to take over OUTLOOKFEED://, although Outlook will likely bork. However, it's the very existence of this custom psuedoprotocol that I find offensive, it doesn't matter it can probably be disabled.

ASIDE: For some reason FeedDemon always warns me that it isn't the default feed reader (i.e. it's not associated with the feed:// protocol, and even though I want it to be the default aggregator, it keeps prompting. This might be a Vista-specific administrative thing, but I suspect Outlook is taking over feed:// also.

You can test these various protocols on your machine by trying each of the following links:

Also, right now, if you click an RSS Feed while running FeedDemon (just using FeedDemon as an example application that eats RSS but also hosts IE7) then IE7 tries to subscribe using the RSS Platform and the Common Feed Store, when really FeedDemon should be getting the subscription request. I know that Nick @ FeedDemon will eventually fix this with some cleverness, but should he really have to? 

I'm just unclear on the usefulness thus far of the Common Feed Store. I like the API (inside msfeeds.dll and a few other places that you'll get quietly when you get IE7), even though it's COM-based, and I like that it handles the retrieval and the parsing/canonicalization of the various feed formats. However, it's unclear how I am to administer it effectively. IE7's interface is a little week if you have 400 feeds. There's no shift-select-delete support in either IE or in Outlook 2007 so I can't remove the hundreds of duplicate feeds that have appeared in the last few weeks. I've found the sync'ing solution from NewsGator to be a decent start - as an idea - but the implementation is NOT working well as it's incredibly slow and 10% of my feeds just don't sync.

Rather than blaming NewsGator or Microsoft, I'm forced to ask, is it really this hard to keep my Feeds and Read Status sync'ed between a few computers and a few applications? Apparently it's wicked hard...this leads me to wonder if ONLINE feed reading is where its at.

Apparently my readership thinks so. At least half of you are using online aggregators (or NewsGator sync'ed aggregators which includes NewsGator proper as well as FeedDemon when you're sync'ing feeds).

What do you think? Do you read your feeds online?

Do you like the one-click convenience of FEED://, or do you prefer either using FireFox's clever Feed Reader Chooser, or are you a Right Click|Copy URL|Alt-Tab|Subscribe|Paste|OK type?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Who moved my Office Cheese - Mapping Office 2003 commands to Office 2007

October 28, '06 Comments [0] Posted in Reviews
Sponsored By

I'm loving Office 2007 more and more. It really does grow on you. For those of you who are having trouble finding stuff in the new Interface (and haven't discovered the automatic hotkey mapping - that's hot), there's a sexy little Flash Application that lets you select an existing menu item or toolbar item from a Word 2003 interface, then it'll show you the new Word 2007 interface and walk you through where that feature is located.

The same interactive command location finder exists for other apps within the Office 2007 Suite, it's just buried in the help. I say, set it free!

It's very well done and I suspect your Mom/Cousin/Spouse will appreciate it when they start using the new 2007 stuff.

Frankly, the whole Office Online Beta is pretty fantastic. Do check it out if you're trying to get up to speed. I can only hope they will maintain (i.e. 301 redirect) the beta permalinks once Office goes live. It's a shame that these interactive Flash Demos, that I think are very effective, are effectively hidden

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Daylight Savings Time and Windows

October 28, '06 Comments [7] Posted in Internationalization
Sponsored By

We have to change our clocks on Sunday here in the US, but if you're running a server, you need to know about this:

Sunday marks end of daylight savings time

October 27, 2006

[Folks across the country] can look forward to an extra hour of sleep as clocks turn back one hour in observance of daylight savings time at 2 a.m. Sunday morning.

The time shift occurs twice per year in North America: one hour is lost on the first Sunday in April, and the hour is gained back on the last Sunday in October. This policy was enacted by the Uniform Time Act in 1966.

Lawmakers made recent changes that will extend DST four to five weeks beginning in 2007. The Energy Policy Act of 2005 will change DST’s duration from the second Sunday of March to the first Sunday in November. Those in favor of the change said the US will save on energy costs by taking advantage of the extra hour of sunlight during the extended period.

It'll save on energy costs, but I wonder what the IT cost will be. Windows folks can check out http://www.microsoft.com/windows/timezone/dst2007.mspx for more details. Thanks to Tim Heuer and Bill Evjen for the pointers! A test version of the patch is available through support as KB924840.

From that page:

Windows XP SP2 and Windows Server 2003 will require the update. Windows XP SP1 and older operating system versions have passed their end of support dates and will not be receiving the update. Windows 2000 has passed the end of mainstream support and will not be receiving an update without an Extended Support Hotfix Agreement. Find more information about support policies around hotfixes.

So all you Windows 95, 98, ME, and 2000 folks, be prepared to be an hour off until you notice it and change it yourself. I predict 15 minutes until someone writes a freeware utility to fix this problem themselves. Will it be me? Nope, I'm taking Z to the Children's Museum.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

iTunes 7 Unspeakably Slow

October 26, '06 Comments [48] Posted in Podcast | Reviews
Sponsored By

When did iTunes start sucking?

I rarely Blog Bile™ but I've been an iTunes fan since day one, and suddenly iTunes 7 is the only application that can utterly suck the life out of Windows. It's ridiculously slow. Literally simple things like moving or resizing the window are "Click...wait 2 seconds...drag" operations. I've got a lousy 7034 songs and I can't even scroll or search without pain. It's bad under Windows XP, but it's unusable under Vista. I'm also totally unable to play my protected songs under Vista RC2. I've googled, but I'm not getting a sense that this is a pervasive problem.

Is anyone else seeing this problem? What happened to cause iTunes to fall from grace?

Please, discuss.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

High Assurance or “Extended Validation” EV SSL Certificates

October 25, '06 Comments [12] Posted in
Sponsored By

Here's an excerpt from a "mid-level" educational/nutshell whitepaper I'm doing on the new shiny SSL certificates that are coming soon. If you want information from someone who REALLY knows what they are talking about, subscribe to Tim Callan's SSL Blog. Also, watch the IEBlog. If you're running IE7, you can download and install a sample testing certificate then visit the fictional https://www.woodgrovebank.com and see the new certificates it in action. 

ASIDE: On a totally different (but, eh, slightly related) note (and I'll blog or Hanselminutes.com about this later), if you're running IE7 and .NET Framework 3.0, check this out.

SSL - Secure Sockets Layer

What is changing?

Every online banking site protects their user’s data while it is in transit on the wire using Secure Sockets Layer or SSL, running one layer below protocols like HTTP and FTP. Many end users are informed enough to look for the “s” in HTTPS in their browser’s address bar and most look for a lock in the browser status bar before sending private data across the Internet.

Early versions of SSL used comparatively weak 40-bit encryption but most sites now use at the very least 128-bit and in some cases, 256-bit AES encryption. Many impose this important restriction by default by allowing only SSL3.0/TLS1.0 over HTTPS.

This screenshot from the Mozilla Firefox browsers shows that the encryption strength of two different banking sites. This dialog is reached by the user clicking on the lock icon within their browser.

In these examples, both sites are using high-grade encryption.

Recently more and more phishers have been successful in fooling the public into giving up personal information with the use of so-called “domain-authenticated SSL Certificates.” These SSL Certificates go through virtually no background check to prove the site is who they say they are. They prove only the domain name, but as the general public rarely clicks on the lock icon to view more information about the company or organization behind a SSL connection, they assume that a secure connection equals a trusted connection. This, of course, is not the case. Unfortunately these SSL Certificates look essentially the same to the browser as one issued by a highly trusted certification authority, thereby causing a phisher’s site to look “as secure” as your bank’s site.

High Assurance or Extended Validation SSL Certificates are a new kind of SSL certificate that will be treated very differently by newer browsers. Internet Explorer 7 will be the first browser to take advantage of this new technology with others like Firefox and Opera very close behind. This standard is being actively developed by the CA/Browser Forum as of this writing and will be referred to commonly as EV SSL Certificates.

To quote from Tim Callan’s SSL Blog at http://blogs.verisign.com/ssl-blog/2006/03/a_new_kind_of_ssl_certificate_1.html:

If every Internet user in the world had a browser that recognized the difference between High Assurance SSL Certificates and traditional ones and if every legitimate site used a High Assurance certificate, then phishing as we know it today would essentially be eliminated.

A lofty goal indeed, but one worth striving for.

How will an EV SSL Certificate change the end-user experience?

When visiting a test Banking Site that has an EV SSL Certificate using IE7, the address bar turns green and a new active lock icon appears showing the name of the organization this site claims to be.

The lock icon toggles back and forth also showing the Certificate Authority that issued the certificate.

If the user clicks anywhere in the secured area of the address bar, the identifying EV SSL Certificate popup is green and shows the user information they can use to make the decision to trust this site or not.

What is required to get an EV SSL Certificate?

As of this writing EV SSL Certificates are not yet available for purchase, but they are expected within very soon as the standard is finalized. Within a year expect all major browsers to support the standard and within another year most e-commerce users will know to watch for the new browser behaviors when making their decisions. I predict some browsers will have settings that will only allow users to visit sites over SSL that use EV SSL certificates.

Educate your organization about the importance of having an EV SSL certificate when they are ready to be issued, and be prepared to meet the much more rigorous standards that will be expected by the Certificate Authority before they issue one. There will likely be a revised Certificate Authority WebTrust auditing standard (usually called CA Web Trust) that CAs will have to pass before they can issue an EV SSL certificate, and CAs will impose much stricter vetting procedures to verify the company or organization requesting the certificate is who they say they are.

Conclusion

Given the concerns on today's Internet around privacy and control over content, every e-commerce or banking site should be prepared to upgrade their SSL Certificates to EV SSL. There's no downside.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.