BMS Blog: SBS Consulting in the UK

Some of our customers certainly think so! There’s no doubt that social networking websites such as Facebook can and are used for genuine business purposes, however they can also be the cause of much lost productivity in the office.

One of our larger customers recently asked us if we could produce a report of which websites their employees were visiting and how long they were spending on the sites each day. The results were very interesting to say the least.

Without going in to details several employees were spending 3 to 4 hours each day on sites such as Facebook. Of course not all that time was spent directly interacting with the site but nevertheless it added up to 16 lost man hours per day! The individuals responsible have since been reprimanded and Facebook has been blocked.

The question is should we as our clients trusted IT providers be recommending the blocking of such sites? Do we really want to become the “net police” for our clients?

It surprised me that even though a lot of our clients have clearly written Acceptable Use Polices and the ability to monitor communications that so many employees abuse the system. Maybe they don’t see it as abuse and it is just a natural extension of gathering around the water cooler for a chat?

I keep reading articles about the disappointing take up of Vista particularly in business which made me think about the reasons why.

Many of the articles blame the lack of any major perceivable benefits in Vista for the poor uptake. What a load of twaddle that is! Vista is packed with great new features that we should be pushing on our customers. No, lack of new benefits is a red herring. Personally I blame software developers and ISVs, and here’s why:

We talk to business clients on a daily basis. We know for a fact that many of them want to upgrade to Vista to get the benefits but can’t because they are running Line of Business (LOB)applications which don’t yet support the new O/S. It seems unacceptable to me that this long after the launch of Vista there are software houses out there that have yet to produce a version of their software that runs properly on Vista, and I’m not just talking about the small guys who haven’t got the resource but some of the big players as well. It’s not like they couldn’t have started development during the beta and Release Candidate stages of the O/S.

OK, so assuming we sell Vista into a client as all their LOB applications support it, that leaves the question about how we support it from an infrastructure viewpoint. Guess what, the remote control software we use isn’t Vista compatible yet - back to the software developers needing to pull their fingers out! I know we could use Remote Assistance but that relies on interaction from the end user, and often they aren’t available when we need to work on their systems.

So, where does that leave us? Between a rock and a hard place! So, Microsoft, if you want your SBSC and Certified Infrastructure partners to shift more copies of Vista - tell the ISVs to pull their fingers out please.

Spotted this on the Sophos security blog:

Finding vulnerabilities for popular products is one of the best ways for a previously unknown application security company or a hacking group to get themselves known in the industry. The more popular the product, the bigger the potential reward for the group that discovered the first vulnerability.

It is therefore no surprise that iPhone, running a scaled down version of Mac OS X, became one of the primary targets of security researchers as soon as it hit the shops in the US on 28th of June.

Today, a company called Independent Security Evaluators disclosed preliminary details of an iPhone vulnerability which will be fully disclosed at the Black Hat conference in Vegas next week.

Although the full details of the vulnerability and the exploit are not published the concept seems plausible. It seems that the group has managed to find a vulnerability in MobileSafari, the web browser used by iPhone. Since websites are one of the most common sources of malware it is not surprising that the iPhone attack is making use of the web.

As with other browser attacks the user has to visit a malicious web page using a vulnerable browser. Once the malicious page is visited the code on the page exploits a vulnerability and starts a piece of executable code (shellcode) in the background.

The theory is that once the shellcode is running in iPhone?s memory, the phone is compromised and the attacker can access all the details available to the user. iPhone, like many other PDA-type devices has a simplified single-user security model with all processes having unrestricted access rights. This unfortunately means that any exploited process will also have full access to the user data and the functionality of the iPhone. Unfortunately, Apple has closed iPhone for third party applications, which means that they will have to release a patch as soon as possible since they will not be able to rely on other security vendors for protection.

One thing that bothers me with this disclosure is its timing. Although ISE claim that they have notified Apple about this problem they have chosen to disclose the details before allowing Apple enough time to release a patch. This seems rather irresponsible from a group that considers themselves serious security researchers. Next week when ISE will be releasing the full details of the vulnerability I will also be at the Black Hat conference and I hope to be able to find out more and discuss their somewhat questionable disclosure policy.

Vanja, SophosLabs UK

I’ve been having all sorts of fun today with Microsoft CRM. No matter how much I tried I just couldn’t get the workflow rules I was creating to work. They all ended up in a paused state in the Workflow Monitor.

I did some digging around on the ‘net but couldn’t find what I was looking for. Eventually it turned out to be that the user account I was using to create the rules was running in a restricted access mode. A quick un-tick of the box and hey presto - all my workflow rules started to work

Sometimes it’s hard to see the wood for the trees! I think I need a direct line to Julian at Vigence!

I saw a link to this over at the Microsoft Small Business Blog so I downloaded it and gave it a go. What a great bit of software!.

From the Windows Live Writer download page:

• Writer is a desktop application that makes it easy to publish rich content to your blog.

  Before installing Writer, please review the release notes.

•  

•  

• WYSIWYG editing

• Writer knows your blog’s visual theme. So you can see exactly what your posts will look like as you write them, before you publish. No more wasting time previewing your posts online.

• Rich media publishing

  Writer makes publishing rich media as easy as sending e-mail. Insert and customise photos, maps, tags, and lots of other cool content?then click the ?Publish? button. It?s that easy.

• Compatible with your blog service

  Writer can to publish to Windows Live Spaces, Sharepoint, WordPress, Blogger, LiveJournal, TypePad, Moveable Type, Community Server, and many other weblog services.

• Powerful editing features

  Creating compelling blog posts is much easier with the ability to insert and edit tables, check spelling as you type, and format and hyperlink content at your fingertips.

• Now you can blog anytime, from anywhere. Writer synchronizes drafts on your blog with changes you make when you’re offline, so you don’t have to worry about reconciling different versions.

Ever wanted to know what the end users Vista downgrade rights are? Then check out this pdf that explains all.

OK so you want your users to be upgrading to Vista but sometimes for whatever reason they’re not ready for it. The ability to exercise these downgrade rights overcomes the objections, and they can then install Vista when they’re ready.

 We’re going to print off a copy and put it up on the machine room wall in our office.

Takeaways from Steve Ballmer’s keynote:

• Steve’s favourite thing to do: meet with partners!
• first 3/4 fiscal year - good numbers - looking for same in last 1/4
• MS mission is to enable potential
• Computational model and UI need to evolve
• MS used to be a desktop company - moved to an enterprise company - now moving to an online and non PC devices company
• The future: software + services: comprising of desktop, enterprise, web, devices.
• Users want rich client experience - not thin client
• Rich client experience available in Silverlight
• Silverlight demo by Brian Goldfarb - general manager - Silverlight
  • Ajax has limitations
  • Silverlight faster & better quality
  • No other technology currently as good at HD content
• Services will take on new dimensions: huge server farms
• Computation will move to online model hosted services on large scale server farms
• Rich clients - yes. Migration to offsite services - yes
• MS building services platform “in the cloud”
• Software + services will happen rapidly
• Era of S+S beginning now
• Consumers expecting a shift in this direction
• MS will lead computation & UI transformation

What gives? Every other country seems to have their own blogging zone at WPC.  The closest we have is Ireland. No disrespect to Nigel or Ireland but it would have been nice to see one of the Brits in there too C’mon guys & gals - get in there! You know who you are

Just watched Kevin Turner (MS COO) delivering his keynote at the WPC. These are my hastily scribbled notes in between taking calls and answering queries:

• FY 2007 excellent year for MS
• Launch date for Windows 2008 & SQL 2008 set for February 27th 2008
• Dynamics CRM Live launched
  • Live Demo by Brad Wilson - General Manager for CRM
  • Ability to download and completely remodel the CRM environment via partner provided XML templates
  • Direct competitor for salesforce.com etc.
  • Early adopter program
  • Only available through partners
  • Focus on making revenue from consultation
• Partner eco-system: 600,000 partners. 8MS looking very hard at helping partners increase profit levels
• Software + Services. MS totally committed to S+S and SaaS
• Office Live has 400k+ installed SMB base
• Focus on connecting digital lifestyle with digital workspace
• MS transitioning from product centric to people centric
• MS want partners to concentrate on:
  • Execution (sell, sell, sell)
  • Competing to win
  • Taking care of our customers

I think I got most of the main points down!

A recent trip helping crew 2 historic narrowboats that were being moved from Braunston in Northamptonshire to Ellesmere Port in Cheshire gave me time to think about what clients should expect from an SBSC partner.

Those of you that know me will remember that I’m a keen canal enthusiast and I’ve had my own boats for several years so I consider myself to be reasonably experienced. However, crewing a historic narrowboat is a world apart from what I’m used to : on the surface things seem the same but they are in fact very different once you start to dig deeper. The boats are owned and operated  by very experienced, knowledgeable and friendly members of the Boat Museum Society (another BMS!) So what has this to do with being an SBSC partner I hear you cry!

The answer is - people. When I look back on the experience the thing that stands out is not the boats themselves, but the people crewing them. Their dedication, knowledge, willingness to impart information and going that extra mile to make us feel welcome made all the difference between just a day out and an experience I want to repeat. That is the position you should strive to attain with your clients.

Now consider this. What do you do for your SME customer that means you go that extra mile? What value do they see in you they don’t get elsewhere. I’m not talking about giveaways and the like, I’m talking about real added value like taking the time to sit down with your client and really understand their business from the inside out. Next time you start a conversation with them start it off with asking them how their industry sector is doing or which way they see their market going, not how many new workstations they need. Chances are you’re dealing with the owner manager and the possibility to bend someones ear about their pain points is all it will take to open a whole new world of opportunities for you.

I’ve said this before and I’ll no doubt say it again - the goal is to become their trusted IT provider, and as an SBSC partner you are in an enviable position to do just that. This is where Microsoft position you when they talk to SMEs and you should always keep that in mind. You want to be the obvious person they turn to when they have any requirement for anything IT. You may not be able to help them directly, but as their trusted IT provider you will almost certainly be able to point them in the right direction via the community links you have. 

Building the trust relationship with your client is far more important than building that first server for them. A trust relationship will ensure they remain a customer for life.