Security Problems for IE 7 (Already)

Here we go again. Deja vu. Same song, different verse.
Microsoft’s newly released IE 7 (Internet Explorer 7) has a bug that allows it to be tricked by malicious code. What makes this worse is (a) Microsoft has touted the security in this release of IE, and (b) the bug is an old one that appeared first in IE 6. reports,

The company has constructed a test that shows how IE 7 can be tricked by a malicious Web site to spoof the content of a pop-up window opened on a trusted site.
Secunia said the vulnerability was confirmed on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2 (Service Pack 2).

Where was quality control at Microsoft when this happened? Come on guys, when are you going to get this right?
Old Window Injection Flaw Reappears in IE 7

Project Green Strategy Beginning to Come Into Focus

Microsoft bought four products from the mid and upper market ERP space: Great Plains, Solomon, Navision, and Axapta. Since then, the products have been renamed to Microsoft Dynamics GP, Microsoft Dynamics SL, Microsoft Dynamics NAV, and Microsoft Dynamics AX. Most people remember that about three years ago, Microsoft also announced “Project Green.” The idea was that–eventually–there would be a single product that combined the features of all of these products. Originally, it was to be available sometime around the 2007/2008 timeframe, as I recall (could be wrong on that one, though).
That’s been three years or so ago. And even then, the industry experts in-the-know doubted that it could be done in the timeframe that Microsoft envisioned. Today, the word has been out for 2-3 years that Green won’t appear until at least 2011.
But, with the preliminary information available on version 5.0 and 5.1 of Dynamics NAV, the strategy seems to be coming into focus. The key is to preserve the existing product investment in functionality while at the same time migrating to an environment in which all of these features can play together in the same sandbox.
The sandbox, as many of us anticipated is IIS, with SharePoint sitting on top of it.
And–I have to say–the preliminary versions look pretty good. Keep tuned for more information about role-based user interfaces, and new features as well as the progress toward the end result.
Microsoft Dynamics NAV product overview

Microsoft: It’s What They Don’t Say

In their defense, it isn’t just Microsoft. I’m still stinging from the software vendor (name withheld to protect the guilty) who threatened to fire employees if they published the internally developed list of 100+ features from the DOS product that weren’t included in the Windows version. And that’s been ten plus years ago.
I just got back from Directions 2006. It’s a VAR created, staffed, and sponsored conference for Microsoft Dynamics NAV (the software formerly known as Navision). Navision is a great product, acquired a couple of years ago by Microsoft. It consistantly wins awards for features, and meets the needs of many businesses that otherwise would need much more expensive software. But that’s for the sales guys…
Version 5.x of Dynamics NAV is coming out in early 2007 (5.0 announced in March, 5.1 to be released, probably in November 2007 [just in time for Christmas]). A few years ago, Navision had announced that a major revision was planned for “release after next.” By my calculation, since the current version was 3.x, that would be version 5.x. There were rumors that they had actually prototyped it in Denmark (where Navision was headquartered before the acquisition).
And now we’re almost there…5.x is coming out. To be completely honest, it looks great. They headline the new features with a feature that I personally think our clients will all want–purchase order and sales order approval, with the ability to comment. They aren’t calling it “workflow,” but they’re awful close. The first release, 5.0, looks pretty much like 4.0, which is good for clients that have trouble adapting to new things. And–better yet–there are some really nice features, and fixes of some things that VARs have been asking for. Like inventory costing, for example.
It’s 5.1 that people are worried about. It looks different. The new user interface (UI) is built in a Microsoft technology called SharePoint Server. They call it role based. This means that an accounts receivable clerk will have a different screen than an accounts payable clerk or a salesperson. In theory it’s great. In a demo this morning, one of the Microsoft pundits showed how you could create a sales order in 7 clicks in the 5.1 UI that took 18 clicks in the 5.0 UI. Good deal. But it looks different. Microsoft has done “usability testing.” They’ve brought in real people to work with the software, and they claim that all of them love it.
Also, they’ve backed off the idea that they’ll replace the original Navision development tools with all-new, all-better Microsoft tools. They’re leaving most of the old tools in place.
I just wonder if somewhere there’s a list of 100+ things that they don’t want us to know about. It’s what they don’t tell me that bothers me. Because I usually find out about the time our clients find out, and then the Microsoft employees are nowhere to be found. By that time, it’s my problem, not theirs. It’s what they don’t say…

Miscellaneous Web Sites

These sites aren’t new, but if you haven’t seen them, you might be interested. – A site that allows you to create bookmarks, tells you who else has bookmarked the same page, and ennables sharing of bookmarks. I use this to bookmark at home and retrieve the bookmarks at work, or vice-versa.
YouTube — An online video sharing service. Doesn’t require a special plugin to play the videos. Just purchased by Google for a mere $1.65 BILLION. Yep, that’s billion with a “B.”
Facebook and mySpace — You should have heard of these by now. If you haven’t you should really look to see for yourself. Also, if you have children, find out if they have a site on these social networking sites.
If you find yourself on, link to me. I’ll share links there as I find them.
Today, tomorrow, and Saturday, I’m at Directions 2006, a Microsoft Dynamics conference. More posts on that later.

Pick Your Vista Carefully

In November, the business versions of Vista start to come out. January will bring the home versions to the market. And–as with XP–users will have a choice of which version to buy. But buyer beware…if you buy the wrong version, you could be paying to upgrade it.
Remember XP Home? Businesses bought it for laptops and desktops thinking they’d save a few dollars…and then spent more than they stood to save buying XP Pro–which they should have bought anyway.
You’ve been warned. If you want more info, check out the article below. Disclaimer: I don’t own any Microsoft stock, so I could care less which version you pick.
Which Vista Is the Right Vista?

The Gladys Principle

My co-workers–and some of my clients–are tired of this story. So of course, I’ll tell it once again. It has to do with the Gladys principle. Gladys was my first boss, at the ripe old age of 15. I worked in a Concession Stand at a local “Mini-Golf” business. The business is long gone, as I would assume Gladys is, but the story still works.
Here’s the crux: If Gladys gave me 100 things to do, and I did 99 of them perfectly, the one I left out was

  • The most important one (and it didn’t matter which of the 100 it was), and
  • The first thing she noticed

Businesses fall prey to the Gladys Principle all the time. In first meetings with businesses that are sure they need to replace their software, they usually have a list of all the things they need software to do that their current software doesn’t do. They ignore all the things the software they have does well.
The assumption is that if the current software is 10 years old, or only cost $100, or was put in by their next door neighbor’s dog’s owner’s friend, ANY new software will have all these features and then some.
Here’s a good example: In businesses that move from QuickBooks to something else, the most common question I get is, “How do I change the invoice once it’s been printed (or posted, etc.)? In QuickBooks, I could do that.”
Yep. That’s right. You can change invoices even after they’ve been printed…even, for that matter, after they’ve already been paid. And accountants all over the world are turning over in their leather chairs and pulling their hair out over this. “What about the audit trail?” they ask.
And the accountants are right. For most businesses, it would be a disaster if the employees could go back and change things after they have been finalized. Invoices sent to customers wouldn’t agree with invoices in the computer system. So “better” accounting software makes you issue a credit or debit memo (another transaction) to change the amount of the invoice. It’s been business practice for years, but…for the small business it’s somewhat annoying.
From their perspective, they lose a feature. But wait, didn’t they change software to get features they didn’t have. Yep. If you looked at the list of things they needed from software, this one wasn’t there. Because it was one of the 99…they only listed the “ones” they didn’t have.
It’s why Needs Analysis is critical to the selection of a business software product. It’s the place to start.

Are You Practicing Safe Computing..

This isn’t another article about virus protection and anti-spyware. You know you should have those in place, and most careful businesses do.
I just have one question: Where is your backup from last night, and if your building burned, do you have a way to recover the data you use on a daily basis? If not, you might want to do some disaster planning.
Take it from me, standing outside your building and watching smoke pouring from the windows on the floor your office is on (happened to me in 1998), or the floor above (happened last year) makes you ask this question. But the stress induced by the answer is much less if you actually have a good answer to the question. In both cases, DGG was in good shape. Are you?

Back to Basics: Thinking Out Loud

I entered the business world as a CPA, working for a local Memphis, TN CPA firm. I worked there for 5 years, starting out as a CPA on the general staff doing tax returns, audits, etc. I learned a lot about what I didn’t know–like how to run a 10-key adding machine. Then the firm started giving me work to do for clients that needed computer systems work.
Then five years later, I started Data Guidance Group. We were very clear about what we did: computer technology for business. We offered expertise related to selecting, implementing, and using computer systems in business. And we still do.
As I read this blog–my blog–I realize that some days I need to think a bit more about the average businessperson and how they use technology. For most businesses, technology is a cost center. Not that it should be that way…it just is.
I’ve spent the most of my career trying to help businesses see the applications of technology that would produce the best return on investment for them, and trying to help technologists focus on business, not on the technology.
In working on this blog, I’m well aware that the folk that I could potentially benefit the most (at the top of organizations) may be the last people who will read it. That’s a terrible thing, but it’s more about how I write for the blog than whether they read it. I take the general approach that if I write it, you will come. So give me some feedback…is this stuff useful? What would you like more of?
And so…expect more of a focus on business applications…we may have to slip in an occasional tech piece, but business will be the focus.

We’ve Waited Nine Years…and now for the drumroll

Microsoft released it’s newest version (7) of the Internet Explorer (IE) browser yesterday. I’ve been working with the Vista Beta version since I installed Vista a couple of weeks ago. I really do like it. It’s more secure, which is good for most folk. It took me a couple of minutes futzing around with the security options to get the Microsoft MSN plug-in for Portfolio management to work. Also took a bit of work to get the GoToMyPc program to download, but overall it’s fine. Hopefully, it’ll keep the kids from destroying my machine with spyware.
Install with care, though. It may break something you’ve come to rely on. And of course, if you have questions, give us a ring.
IE 7: Finally, Something to Write Home About