I had the opportunity this week to go out to Redmond, Washington to attend the Microsoft Web Developer’s Summit at the MS headquarters. For this summit, about 25 leaders in the PHP (and PHP project) community were invited out to sit down with members of the MS product development teams and provide critical, honest feedback about Microsoft.

Background

The MSWDS is one of only four significant annual events within the PHP community (others include tek, DPC and ZendCon), and this summit is a bit harder to get invited to. Unlike most other conferences, where all you need is the cash to pony up for a conference pass and a hotel room to crash in, invites are very limited and attendees are selected because they have had some interaction with the folks at Microsoft, and are believed to be leaders and influencers within the open source community. To be blunt, these summits cost Microsoft a lot of money, so they need to make sure they’re getting the best bang for their buck.

Keeping that in mind, it would be easy to assume that we were being brought out there so that Microsoft could pitch us on the latest and greatest Microsoft products, trying to get the movers and shakers of open source to drink the corporate kool-aid and switch to Microsoft products. While more acceptance of Microsoft products within the open source community is obviously a goal, they are making a concerted effort to learn from us – what we need, where they are falling short, and how we can move forward together.

Discussions and Format

The summit itself was a total of three days, with the last day being optional for those open source developers who were willing to sign an NDA to discuss some of Microsoft’s emerging technology. During the three days, different representatives from Microsoft’s product teams sat down with us and asked for our comments, thoughts and ideas about where they’re at, and where we think they should be going. We met with folks from the IIS Web Platform team, the SQL server team, as well as some representatives from Codeplex, Silverlight, Powershell, ASP.NET Ajax (which is not exclusive to ASP.NET, despite the name), and Bing maps.

We had a chance to air grievances, which was cathartic in some ways, but I think it was more important to us to be able to sit down with the actual teams who are working on this technology at Microsoft, and really get into the specific challenges we face. The approach was not generally pitchy, and with very few exceptions, a great deal of effort was put into making all of us from the open source community feel like respected authorities in our field whose opinions really matter.

Something they did this year which was apparently not done last year was to include representatives from well-known PHP-based projects who are not normally parts of the PHP community. I honestly hadn’t realized that the many of the folks over Joomla, WordPress and Drupal often don’t consider themselves as part of the greater PHP community, and getting a chance to discuss that with them brought up some interesting perspectives. I don’t think the guys representing these projects were there in an official capacity, but their point of view was one that had honestly not occurred to me before, so that was a really interesting and unexpected benefit. There was some debate on whether or not these types of projects should be a more involved part of the PHP community, with good points on both sides, but I think most walked away with some ideas on how to move forward in making those lines of communication more accessible and open.

My Perspective

Of course the ultimate question from Microsoft was “What would it take for you to switch to Microsoft products for your clients?” My smartass remark was, of course “A fucking miracle.” But everyone in the room knew I was joking. I hope. If we weren’t willing to work with Microsoft on improving their products to work with open source better, we wouldn’t have been there.

As often as Microsoft has been an easy target in the past, and as much bad blood as there may have been in the past, there are people at Microsoft that care about working with the open source community, and who are making progress to get there. It is our job as technology professionals to fairly evaluate technology and make recommendations based on what makes the most sense technologically and financially. It is NOT our job to make religious decisions based on zealotry.

That means that if and when Microsoft can meet my needs and/or the needs of my clients, it can and should be part of that evaluation or I’m not doing my job. Does that mean I’m ready to switch back? No. Not yet, anyway. But I believe they are listening, and I saw some things during this summit that make me far more likely to start including some parts of Microsoft’s products into the technology I suggest as being potentially viable for client projects, which is a far cry closer than I was last week. Specifically, some of the stuff I learned about Silverlight, Bing’s geolocation products and Windows Azure (Microsoft’s cloud hosting platform) was pretty impressive. As I get to play with these products a little more, I’ll be blogging about them with my fair evaluation of pros and cons, so stay tuned.

I’m also excited to see where the Microsoft Web Platform Installer product heads. Right now, the WebPI product is a very easy to use, slick solution for the less techy individual who wants to, for example, deploy a WordPress blog in 5 minutes or less and may not have the savvy to do the install themselves – basically a MS version of Cpanel/Fantastico, which we have had available to us as web administrators for over a decade. That product is less interesting to me right now, but some of the directions they could go in for more advanced users like us hold real potential. We had some suggestions that were well-received, and if they are actually implemented in the way I envision them, it could honestly turn the table and make some of the Microsoft web server products something that I could consider recommending, or even using myself. (I should also mention that Cpanel is the most horrific, insecure, hack-prone web control panel I’ve ever used, and I am NOT endorsing it as a solution.)

The reality is that competition inspires innovation, and Microsoft getting better means progress for everyone. I saw a post on Twitter that basically implied that open source representatives attending this conference were traitors or sellouts. I don’t see it that way at all. We have amazing open source products like Firefox because the open source community worked together to create a better product, and Microsoft responded by making vast improvements to Internet Explorer, building in more security and standards compliance. When we work together to innovate, everybody wins.

Another transition I’ve been seeing in Microsoft which was really made more obvious by this summit is that there is a less omnipresent feeling of “all or nothing” within many Microsoft departments. As open source advocates, we enjoy having choices. Previously with Microsoft, you’d get the most benefit from their products by committing to an entirely Microsoft development process (“drinking all of the kool-aid, since the best stuff is the sugary goop at the bottom”), with benefits sharply falling off if you opted to pick and choose. This philosophy has always been distinctly in opposition with the open source philosophy, and I believe was likely the cause for some of the distrust coming from the open source community. Seeing this transition into a paradigm of being able to cherry-pick what we like for some things and sticking with open source solutions we like better for others is a step in the right direction, in my opinion.

An additional unexpected benefit to sitting down with all these MS product people was that I got a chance to better understand some of the legal/licensing challenges Microsoft faces. I’m not making excuses for them, but I hadn’t considered some of the obstacles in the way of people at MS who care about working with us. Microsoft is a big target with deep pockets, and they have to cover their own asses. I was quicker to dismiss some of the corporate decisions as being “evil” prior to sitting down with some of them and understanding why they do what they do. Don’t get me wrong – some of their decisions (*cough*sudo*cough*) still don’t make sense to me and I believe they are wrong, but I think I have a better understanding of where they sit than I did before

Wrapping Up

Overall, I would consider this summit a great success, and I hope I get to participate again in the future. There are several people who really deserve a shout-out for all of the hard work that went into this and are directly responsible for it’s success. From the PHP community, Cal Evans was a co-host and an absolute rock star, always quick to make sure things ran smoothly and kick-start conversations and redirect us back when we went off on tangents. From Microsoft, Karri Dunn, Tonya Young, Josh Holmes, Peter Laudati, Lauren Cooney, and others were amazing. I may be forgetting a few – I am still a little wiped from the week and the traveling.

Was this an instant fix? Certainly not. Do we all have a lot more work to do before we’re “there”? Absolutely. But as Cal Evans put it on his own blog roundup, “The more people I get to know at Microsoft, the less I’m able to despise the company.” They took the time to find out what we think, even when it may not have been what they wanted to hear. Time will tell whether or not they actually act on it.

Other PHP Representatives Blog Post Roundups

I’ll be updating this list as more people finish their blog post roundups, so you can get take their on the summit. Many of them are far smarter than I am, so it’s worth reading what they have to say.

• Cal Evans (@CalEvans)
• Chris Cornutt (@enygma)
• Maarten Balliauw (@maartenballiauw)
• Rafael Dohms (@rdohms)
• Keith Casey (@CaseySoftware)
• Romain Bourdon (in French) (@le_vrai_roms)
• Marco Tabini (@mtabini)
• Sam Moffatt (@Pasamio)
• Helgi Þormar Þorbjörnsson (@h)

MS Representative Blogs

If you’d like to see more about the fabulous people at MS who are working hard to move the company forward in a way that works with open source, check out their blogs. I’m proud to call these guys friends, and as long as we continue to have people like this working for Microsoft, I think the lines of communication and cooperation between both sides of the aisle will keep moving forward.

• Dave Bost (@DaveBost) – Developer Evangelist
• Josh Holmes (@JoshHolmes) – UX Architect Evangelist
• Tobin Titus (@tobint) – MSDN Site Manager
• Peter Laudati (@jrzyshr) – Developer Evangelist
• Mark Brown (@MarkJBrown) – Product Manager for Microsoft Web Platform
• William Coleman (@will_coleman) – Developer Evangelist
• Lauren Cooney (@lcooney) – GPM for Web Platforms at Microsoft
• Jas Sandhu (@jassand) – Interop Strategy Evangelist
• Ruslan Yakushev (@ruslany) – Program Manager on IIS team in charge of FastCGI and PHP support
• Scott Hanselman (@shanselman) – Principal Program Manager Lead

Funnily, as I’m writing this, Futurama: Into the Wild Green Yonder has been on television, and the scene that just played is the one where Calculon says “I’d like to thank the academy, my agent, and most of all my operating system – Windows 7, for everything it –” at which point his OS locks up. Windows 7 is actually a great product, and I run it on my Mac using Bootcamp and VM Fusion, but I thought the timing was amusing.

Kool-aid photo taken in Belize by me – just thought it was funny. Lead post image by Eli White.

Possibly related posts:

1. Final Fail of the Year This is just a quickie to let you know that...
2. Trying out Facebook Connect After much deliberation, I have decided to give Facebook Connect...
3. Identify and Fix SQL Injection Vulnerabilities in Web Applications Scrawlr is a free software for scanning SQL injection vulnerabilities...

I have received two virus emails from two unrelated friends, indicating their accounts have been compromised. The messages are being sent through Facebook and both have had a spammy sounding subject line and a link to a geocities website. This was suspicious enough, but the fact that one message came from a friend I haven’t spoken to much in a year made it even more so.

The first virus email subject was “RE: You were caught on our secret camera!” and the second was “RE: You have a great hair cut in this movie” . The geocities addresses they pointed to were for user’s reedgates21 and richiemack11. I’ve googled both addresses and gotten no results, so my guess is that they are randomly generating geocities accounts and generating these emails. A co-worker just one too – variation on a theme. Subject is “Don’t cry! Your mom will never see this movie”, also pointing to geocities, user name rkssbcyzk. Another one, “I’m not kidding I just saw your pics all over a site address swimcaw” has come through as a wall post.

The links in the Facebook messages point to websites that contain viruses. Do NOT click on them.

Below are some examples of what they look like. (These are just images, so you can click on them for larger versions to see how the messages come into your inbox.)

Screenshot 1

Screenshot 2

Screenshot 3

If you’re using Firefox, your browser should warn you that you’re about to try to access a page that has been linked to virus/malware when you click on the Facebook messages in question, but if you’re using an older version of IE (shame on you!), you may not get any warning at all.

When You Receive a Virus Email

1. DO NOT CLICK ON THE LINK
2. Send an e-mail (or call) the sender, letting them know they are likely infected with a virus
3. Suggest to the friend that they change their password from another, uninfected computer, and follow the steps further down in this article to remove the virus. (The method they use will depend on which virus they’ve been infected with.)
4. Once the virus is cleared from the sender’s system, suggest they install a free anti-keylogger program and switching to Firefox just to be safe

Ultimately, its like anything else – common sense will go a long way. If the email seems odd (for example, the fact that the subjects sometimes start with “RE:”, as if they were replies to a message you sent, but you never sent a message with that subject), the phrasing seems off or not something your friend would actually say, something is probably awry. If you’re unsure, contact the friend directly and ask if they sent it to you.

This has been happening a lot lately, and the scenario Tech Crunch describes in this article sounds a lot like what’s happening here.

Keep in mind… Facebook applications do NOT have access to your password, so unless you installed an application that “required you” to download an executable application (any kind of .exe, .msi, etc), your Facebook applications should NOT be the cause. (Being an application developer, I can say that I couldn’t steal someone’s password even if I wanted to, using their API. HOWEVER there have been several reports of phony applications and groups that require some sort of download in order to get the full experience (Secret Crush was one of them).

NO application or group should EVER require you to download and install anything. If they do, report them to the social network immediately.

Also keep in mind that these viruses are not limited to Facebook users. I’m more familiar with the Facebook scenario because I avoid MySpace like the plague, but every time I login there are spammy and/or virus-y emails awaiting me. This isn’t as much a flaw in the Facebook platform as a result of social networks still being young and going through some growing pains. MySpace has just as much of a problem with these issues, if not moreso, since they have been historically less concerned about user experience and safety.

Another Variation – Fake YouTube Links

Another variation of the viruses being sent around Facebook is a similar message to users suggesting they are appearing in a YouTube video and providing the supposed link to view it. Instead of actually seeing a video, the virus advises viewers they need to download an updated version of Flash, which if followed may install a virus into the user’s computer. More info on that version, including sample messages and screenshots, is available here.

Why Its Working

If you find yourself infected, don’t be too hard on yourself. People have become so used to receiving emails from Facebook asking them to confirm this or that that it could be argued that people are more prone to click on a link that looks like it came from Facebook without being as diligent as we would be if we weren’t used to preforming this same action 10 times a day for legitimate Facebook actions. For example, most users of Facebook are familiar with the “Joe has added you as a friend on Facebook€¦” stock email.

Some users are conditioned to follow this process whenever they receive an email of this sort. Some people can receive this email several times every day and perform this login procedure so often it becomes automatic. This simple, clean design is very easy for a phisher to mimic. Since users are conditioned to follow this process blindly, they might not notice that the email is spoofed or that the address bar is slightly incorrect. This makes Facebook users ideal targets for the type of generic phishing attacks that are usually directed at financial institutions.

If You Clicked on the Link And Your Computer is Infected

I spent some time trolling Facebook’s forums to see if anyone had any specific direction on how to remove this virus from an infected machine. I found a few possible solutions, although since the people posting didn’t know or didn’t mention the name of the specific virus they were infected with, it may take some trial and error to find the solution that works best for you.

If your virus detection software determines that you’re infected with Bolivar23.exe, you can click here for directions on how to remove it.

In early August, there was a different one going around, called Koobface. Kaspersky’s website writes:

One confirmed method of removing this virus is by downloading MalwareBytes – for some at the time, it seemed to be the only out of the box software that was able to remove it.

Still another that was around this time, Troj/Dloadr-BPL Trojan horse, was reported on by Sophos:

Messages left on Facebook users’ walls are urging members to view a video (which pretends to be hosted on a Google website), but clicking on the link and visiting the webpage takes users to a site which urges them to download an executable to watch the movie.

Sophos detects the executable file as the Troj/Dloadr-BPL Trojan horse, which in turn downloads further malicious code (detected as Troj/Agent-HJX), and displays an innocent image of a court jester sticking his tongue out. [more]

In Conclusion

This isn’t the first wave of social network viruses, nor will it be the last. There isn’t one social network that is more prone to them than others. As we allow social networks to become a bigger part of how we communicate, we must simply remain cautious and avoid the temptation to become complacent. Pay attention to the links you click on that are sent through Facebook, the same way you pay attention to suspicious e-mails that come in through normal e-mail.

Possibly related posts:

1. New Facebook Phishing Attempts Looks like a new round of phishing attacks are well...
2. Advertising on Facebook – Part One I have a Facebook application that seems to be doing...
3. Advertising on Facebook – Part Three Part three of this series will deal specifically with an...

Freeware application Lego Digital Designer is a virtual Lego kit for your Windows or Mac desktop. Once installed, you can either use LDD to build your own masterpiece from scratch or—if you’re lacking patience—you can get a head start by using one of their starter models. With over 763 brick types to choose from, your LDD-design will have reached well beyond the limits of your normal lego kit. Once you’ve built the perfect prototype, you can upload the results to the Lego web site to order a custom kit with every brick you’ll need included! Lego Digital Designer is freeware, Windows and Mac only.

Possibly related posts:

1. Death in the Digital Age Because it’s New Years Eve, and I’m kind of a...
2. Awesome Gift Guide for the Geeks in Your Life If you’re a non-geek, trying to shop for the geeks...
3. Photo Retouching – How to Salvage a Dark Digital Photo I prefer not to shoot with flash when I can...

As part of my seemingly never-ending quest to get data synced between multiple computers running different software, I decided to give Plaxo another go. They felt terribly intrusive the last time I tried them, which admittedly was over 5 years ago. The reason I decided to give Plaxo another go is because research was showing me that they were one of the few services that could sync with Thunderbird. Here’s my setup:

• Office: Currently WinXP using MS Office – this will change once I start at the new place though, since they are a mac shop
• Home: Four machines – two Win laptops running Thunderbird, one WinXP desktop running Thunderbird and one mac OSX using mail.app
• Mobile: Windows Mobile on a Treo 750 running Outlook for Windows Mobile

I don’t need my actual email synced, since I use IMAP for just about everything – but contact list syncing was a real priority for me. I was using Memotoo for a little while, since they offer LDAP services for specific addy book groups, which meant I could share my animal welfare contacts with my board members. Problem is, its not a two-way sync, so I would still have to login to Memotoo to make address book updates. Boo. That said, being able to share addresses by LDAP was a bonus, but not a hardcore requirement – so my needs were not being met. Plus, the Thunderbird add-on that synced with Memotoo randomly stopped working one day. So even the bonus wasn’t working anymore.

At first, Plaxo seemed perfect. I imported my contacts into Plaxo using gmail (which meant alot of outdated contacts were pulled in, but oh well.) I synced that up with Outlook and got a merged version of all of my contacts. I de-duped using their shmancy de-duping tool, and spent some time updating information, deleting contacts, and cleaning up data. Synced again with my Treo using their Windows Mobile sync software, and everything worked marvelously. When I got home, I installed their Thunderbird plugin. I deleted my address book, since everything in it was old, and I only wanted the new version that I had spent so long cleaning up. Unfortunately, this time, things went wrong. Rather than using Plaxo as the authoritative source, it used Thunderbird as the authoritative source – effectively deleting all of my contacts. I tried syncing with my Treo to restore the contacts, but this time it did use Plaxo as the authoritative source, and then the contacts disappeared off my Treo. At this point I was pretty pissed.

When I got back to work the next day, I fired up Outlook. The Plaxo plugin in Outlook is at least smart enough to ask before deleting 500 contacts. It asked me if I wanted to delete them all, which would be done if I synced, since once again, Plaxo was being used as the authoritative source. I said no. I synced my Outlook back to my Treo to restore the contacts there and made a backup of my contacts. I synced with Plaxo, my contacts were deleted, and then I imported my backup address book into Outlook and synced. This time Outlook was seen as the authoritative source, and my contacts were back in Plaxo.

The final test – I got home, and decided to try syncing with Plaxo from Thunderbird again. Plaxo does periodic backups of your address book, so if something went wrong, I could always restore from backup using their system. This time, inexplicably, it worked like a charm. My contacts all imported in like buttah. I made a few changes in Plaxo, synced again, and the updates were reflected in Thunderbird. Wewt.

So anyway – it looks like Plaxo will actually be the solution I’m looking for. Not sure what happened the first time with Thunderbird, but it would sure be nice if you had the option of which direction the sync would go, so mishaps don’t happen like that.  But overall, if you’re looking to a solution to having a million address books, all in various stages of disarray, Plaxo may be a good solution for you too.

Interestingly, they’re now jumping on the social networking bandwagon – they used to be just contact management. Their social networking system is called Pulse, and although the last thing I need is another social networking site, they are smart enough to realize that people are probably already using a bunch of them, and so Pulse is specifically set up to be able to pull data in from Facebook, MySpace, Twitter, Flickr, and about 20 other social networks – so it doesn’t really have to be treated as a new social network if you don’t want.

One of the nice things about Plaxo is that (at least before, not sure about now) if your contact signed up for Plaxo, their information was considered authoritative in your addy book – which means your contacts update their own information in your address book – this was a very clever feature for people with a lot of contacts that move or change jobs often.

As an aside, I like the direction many of these social networks are going in – they’re finally all starting to put in the ever-important customizable filters and they’re being a lot better about pulling in data from other sites. I’m sure that felt a lot like sleeping with the enemy for many of them at first (or at least parsing rss feeds with the enemy), but I think they’re finally starting to get the fact that people are not going to stick to just one network (theirs). Rather than trying to fight that, they’re starting to make it easier for people to integrate the systems they like best. People will use the systems they like best for different aspects of their life. I use LJ to blog, since it has the most filter support. I use Facebook to post items of interest, since their browser widget makes it a two-click experience. I use Twitter to post quickies, since Twitterfox and Twitter’s gtalk interface makes it so darned easy. I use Picasa for photo storage because the desktop integration makes it so easy to upload photos. I use MySpace for – well, nothing really, but I do have an account, if for no reason than to redirect people to my Facebook  and LJ accounts. I don’t think Plaxo supports LJ, but it supports just about everything else I’d want, so that’s handy.

Anyway, other than the one glitch – the one that had me pretty pissed, I admit – Plaxo seems to be spot on for what I need. It may be more than many of you need, but it looks perfect for what I need. As an added bonus, it syncs your tasks, calendar and notes (all your standard Office stuff) as well. Unfortunately, Thunderbird doesn’t have good calendar or notes support , so once I’m off using Office, that will be a wasted feature for me.

Something I wish Plaxo supported: the ability to define the groups you invite people under. Currently you can invite people as “Friends”, “Business” or “Family”.  While that probably works for most people, “Business” to me could be a tech contact or an animal welfare contact. Those labels define what content you allow each group to see, so it would be nice if there were a few user-defined groups in there, too – but I can live without it.

Interestingly, I had posted on Twitter how pissed I was when Plaxo first ate my contacts. Less than a few hours later, I got a reply on my Twitter feed from the guy who heads up marketing for Plaxo, asking what was wrong. While part of me was a little creeped out by that – and still another part of me wanted to ask if part of his job as head of marketing is to troll Twitter for references to Plaxo – it certainly is nice that they’re taking a proactive approach to fixing things that customers are having trouble with.

Possibly related posts:

1. First Look: Postbox Beta Postbox is a new cross-platform for both Mac and Windows...
2. Technical Emergency So a girl I work with just came running into...
3. Is IMAP/POP3 Gmail or Gtalk periodically rejecting your password? I have run into this many times: my Gtalk password...

Check out Dir Utils, a little freeware shell extension that lets you quickly organize piles of files and folders with just a few clicks. Its  a great utility for anyone who regularly finds themselves organizing downloads and media files. The utility adds five new options to Windows’ right-click menu, including “Unify,” which grabs files from a folder’s sub-directories and moves them all up to the main folder; “Alphabetize,” which puts all files in sub-folders into A-Z folders based on file name; and “Extensionize,” which does the same based on file extensions. In other words, Dir Utils saves you the time you would’ve spent re-organizing MP3s, gathering a seasons’ worth of episode videos, and keeping a hefty downloads folder organized.

Note: The original Dir Utils website is down, but DJNuts.Com has been kind enough to host a copy of the software.

Possibly related posts:

1. Dropbox versus FolderShare for Syncing Files Between Computers In my eternal quest to sync up all of the...
2. Lego Digital Designer Builds Your Lego Masterpiece Freeware application Lego Digital Designer is a virtual Lego kit...
3. Track Your Stolen Laptop (for Free) with Adeona Adeona is the first Open Source system for tracking the...