I am an avid reader and really enjoy reading trade magazines.  There are very very few I’ll actually pay for.   Here is my list of magazines I feel are worthy of investigation and in the few cases, worthy of plunking down the subscription fee.

	Redmond Magazine used to be the free Microsoft Certified Professional magazine from way back when.  Back in those days, you had to be a MCP to get the free magazine.  Now, the magazine is more of a collection of critical observations and skepticisms of Microsoft than insider technical information.  I’ve heard TECHNET magazine is the way to go, but I haven’t read that magazine.  Why do I read this magazine?  Some of the articles are good, but usually it gets my ire up enough to keep me turning the pages and the occasional muttering of Linux conspiracies under my breath. Cost:  FREE.  (Sometimes you get what you pay for…)
	Money Magazine is actually a great financial magazine.  I remember my Dad subscribing to this magazine when I was a kid.  I find the articles very relevant to our financial situation and enjoy the tips and tricks. Cost:  $20 per year  (More than worth it…)
	Game Informer is actually my son’s magazine.  I do read it as it feeds my game playing inner-geek.  The magazine is actually well done.  The art is fantastic, articles descriptive, scoring system fair, and the “letters from readers” provides the comedy. Cost:  $15 per year (Eh, it’s worth if if you buy games at GameStop…)
	Dell Power Solutions is one of my favorite magazines I look forward to reading.  It’s chock full of interesting articles relevant to the Dell product offering, covering servers, desktops, storage, and networking.  Some of their magazines cover a theme, like virtualization solutions or Windows 7 upgrades.  I am amazed at the level of information they put together!  One observation I will make is more recently the articles have taken on a salesy approach compared to years ago.  Next time I see that, I’ll be sure to email the editor… Cost:  FREE.  (Awesome factor = 1000)
	Maximum PC is my #1 favorite magazine!  Formerly Boot Magazine, I’ve had this subscription since I’ve been married (13+ years) and lean on it’s articles to keep me up to speed with the latest and greatest around PC hardware, video card performance, and the consumer side of the industry.  Can’t recommend this resource enough. Cost:  $25 per year (My must read magazine every month…) PS.  This is the only magazine I could find in Amazon’s store to view on my Kindle.

JMM

Probably one of my biggest pet peeves is witnessing the back and forth in email trying to coordinate meetings.  There had to be a way to make this more accessible.  Was there a tool that allowed me to publish my calendar and allow external people to access it?  Allow people to send me invites based on open slots?

I’ve been amazed that Microsoft Exchange doesn’t have a way to make it easy to schedule meetings other than publishing your calendar to specific people.  Publishing a web page for calendaring isn’t feasible.  And one to one sharing isn’t reasonable for the many vendors needing access.

So, here are the collection of tools I am aware of:

• Google Calendar – My defacto go to calendar, although Google’s calendar agent has some gotchas and didn’t work 100%.
• Microsoft Office Online – My first attempt at calendar publishing.  Microsoft DX’d this service and broke it in Outlook 2010.
• Microsoft Live Calendar – Never could get my mailbox to sent to the calendar.  Only from the calendar.  Outlook Connector didn’t fix it.
• iCal Exchange – Works, but the UI is not very usable and also had a problem with time zones (an Apache issue).  Not been touched since 2007.

Enter Tungle.me.  I stumbled across it looking at the signature from a blind sales email.  Checking it out, I got real excited at how user friendly and interactive this tool is.  A game changer.

Simply, Tungle makes it easy to schedule meetings inside or outside your organization, across calendars and time zones.

• No more back & forth finding time to meet  <—YAHOO!
• Prevent double bookings
• Automatically adjust for time zones
• Connect to your existing calendars <— A litany of choices… Outlook is one of them!
• Propose multiple times for meetings <— WOW! 
• Easily share your availability with anyone <— Way too easy.. Small client does the sync.

Need to see more?  Check this out:

Youtube Video On Tungle.Me

This tool is GOMERRILL Approved!

JMM

Ok… That was hard to say.  Feels like I betrayed my Microsoft roots.  Nevertheless, I took the tablet plunge after a deep inspection of the playing field.  Mostly, I wanted a smaller tablet I could easily carry around and read books from.  My wife is starting to accumulate a impressive ebook library and buying books is becoming a storage challenge.  So, I took the plunge.

The Specs

CPU
1 GHz TI OMAP 4 4430 (dual core)

Storage capacity
8 GB

Memory
512 MB RAM

Display
7 in multi-touch Gorilla Glass display, 1024×600 at 169 ppi, 16 million colors.  Capacitive touch sensitive.

Graphics
PowerVR SGX540

Connectivity
Micro-USB 2.0 (type B)
3.5 mm stereo socket
802.11b/g/n Wi-Fi

Online services
Amazon Prime, Amazon Cloud Storage, Amazon Cloud Player, Amazon Instant video, Amazon Silk, Amazon App Store, Amazon Kindle Store

Dimensions
190 mm (7.5 in) H
120 mm (4.7 in) W
11.4 mm (0.45 in) D

Weight
413 g (14.6 oz)

After Three Weeks Impression

Primarily, I am using Kindle for reading books and occasional web browsing.  That’s really all.  And with those two functions, the Kindle is pretty darn cool.  The device is deceptively heavier than it looks and the power button is at the bottom of the device instead of the top.  No big deal, just something to get used to.  Overall, a strong “A” rating.

I will admit there was an initial learning curve on using the device.  I don’t feel the Kindle is as intuitive as it could be.  I needed to read the “Getting Started” to get the tips and tricks down.  Also getting on the wireless was a little bumpy.  However, the fluidity of the interface and ease access books sets the bar on how this type of content should be accessible.  A-.

I did load TouchDown so I could access email.  I wish I could say it was “easy” to get up and running.  Took me about an hour to figure out.  Using the quick wizard actually was encumbering, so I don’t advocate it it to peers.  After manually typing in our Exchange info, accepting the SSL cert, it grabbed email.  So, it does work… Again, just not as intuitive as I had hoped.  C rating as this shouldn’t be so difficult.

Also am bummed that the Kindle Fire doesn’t include the audio reader, as the original Kindle.  Instead, you get links to Audible.com and free 1 month access.  What a major let down.  I love audio books, but don’t see paying for Audible.com being a realistic option.  F rating as this is a glaring missing feature.

Highly recommend a case for the Kindle.  I happened to purchase a leather case that envelops the Kindle and I can’t say enough how wise that decision was.  I dropped the Kindle just 3 days in and it survived the drop without a crack or ding.

Am I A Convert?

I am glad I bought it.  I definitely will use the device and probably find other ways to allow it to intrude my daily life.  My wife has an iPad and I compare it to mine here and there.  I repeatedly come to the conclusion I like what I have.

There is one thing I will mention being the purist I am.  Although the Kindle/Android combination seem to be a win, I find myself wanting the Windows 7 Phone experience on the Kindle.  As an loving owner of a Nokia 710, I would bet 7 phone would be as big of a win UI-wise on Kindle than Android is.

Just saying.

One of my colleagues shot an email over to me regarding their company’s password policy, just put into effect:

- Standard user account passwords will require at least eight (8) characters for all accounts.

- Privileged account passwords will require at least twelve (12) characters for all accounts.

- Service account passwords will be require at least twelve (12) characters for all accounts

I had to reflect on this a moment and smile as we’ve been 12 characters for 6+ years. I won’t say it had not been a tough sell, especially amongst senior leadership and physicians. Identity theft and breaches are so common now, it’s not unusual for people to personally know people who’s been effected. And usually the correlation involves the password not changing for years or is inadequate (not complex).

What’s my stance on passwords?

I subscribe to these points:

1. Password History – Best practice is anywhere from 12-24. 12 is fine for the vast majority.

2. Maximum password age – 90 days is best practice for anything below 11 characters. However, 12+ characters meet complexity requirements, thus can pushed to 120 days.

3. Minimum password length – 12 character “passphrase” is the current Microsoft security best practice, although 15 characters is the new “12” according to the SANS institute. I am not recommending 15, but organizations should ready themselves for this possibility.

4. Password complexity – not required for passwords 12+ characters. See below.

Password Complexity

According to the SANS institute on network security, 6 character passwords can be cracked in less than 0.1 seconds (for example). These findings can be found here: http://www.sans.org/windows-security/2009/06/12/how-long-to-crack-a-password-spreadsheet

Net-net, 12 characters taking 200,000 years to crack assumes a single PC, no GPU benefit, running consumer grade processors. People who hack/crack for a living don’t use pedestrian equipment and typically utilize “workstation” class hardware, multi-processor/multi-core, multi-GPU, running server-grade processors. That slides the scale down to 1 year, a far different value from 200,000 years.

Not to mention the new “in-thing” in cracking circles is to utilize the cloud to hack passwords. Hackers purchased cloud services from Amazon EC2, which hacked Sony PlayStation Network back in April 2011. Although the majority of the passwords were 6-8 in length, it easily cracked 10-12 in the 2-day duration. High performance computing clusters add a serious level of depth to the time to crack metric, which is why anything exposed to the internet is of considerable risk. Another example is an security researcher was caught developing applications to crack WIFI encryption using Amazon EC2, which included WEP, WPA, and WPAv2. That’s 400,000 passwords per second using a 8-GPU system.

And let me call out these particular statements from the article, to which I fully support and agree:

Password complexity is good, no doubt about it, but passphrase length is much better. For any given set of assumptions in the red cells of the spreadsheet, as you move horizontally across the spreadsheet to the right (as we increase complexity) the number of days necessary to crack increases, which is good, but as you move down the spreadsheet (as we increase length) the rate of increase in cracking days required grows even faster. In general, then, adding more length is better than adding more complexity. Passphrase hashes are generally much more resilient against cracking than complex-password hashes.

References:

http://www.zdnet.co.uk/blogs/mapping-babel-10017967/amazon-cloud-used-in-playstation-network-hack-10022454/

http://www.zdnet.co.uk/news/cloud/2011/01/14/researcher-uses-aws-cloud-to-crack-wi-fi-passwords-40091430/

JMM

Blogging has been far and few due to the usual suspects… Family, work, and hobbies… As the first quarter closes, I look into 2012 with both excitement of new projects ahead and exasperation because of the new projects ahead.  Let’s look at a few of them here…

#1 – SharePoint 2007 to 2010 Upgrade

Our organization is moving ahead with SharePoint as our BIS intentions have exploded demand for more reports, more content, and more exposure to our hospitals.  I can’t say I am surprised as healthcare is knee deep in building the metrics culture as the government pushes meaningful use out across the nation.  Nevertheless, SharePoint 2007 is problematic and we’ve heard there are many many many fixes in SharePoint 2010.  That project kicks off in late April.

#2 – Data Warehouse Upgrade

Much of the ETL processes that back end into our Microsoft SQL environment have suffered with performance.  We’ve outgrown the first configuration as we grew the solution.  New hardware and optimizing the environment kicks off early April.

#3 – Cisco ASA Firmware Upgrades

The infamous 8.4 upgrade has got the network team very… annoyed… afraid… frustrated… apprehensive… This upgrade necessitated upgrades and rethinking our edge security.  8.2 is very dated and 8.6 already out.  We’ll be bringing in some guns to get this upgrade done.

#4 – Active Directory Migrations

Probably the biggest project this year in terms of scope and impact.  Three of our hospital forests will be migrated into the Texas Health Partners forest.  We are moving rapidly towards a private cloud offering, commoditizing the desktop while diving into virtualization.  This may or may not kick off this quarter, but if I were a betting man… it will.

#5 – Microsoft System Center Configuration Manager (SCCM) 2012

Desktop images, deployment flexibility across physical, virtual, and mobile, application command and control… We’ve outgrown trying to maintain Microsoft Deployment Toolkit successfully and the sheer grunt work of managing so many GPOs.  Managing the desktop environment with half a dozen different platforms has us needing a better solution.

Git er’ done!

JMM

For me, there is a big difference between leadership and mentoring.  Consider these definitions:

Leadership – Providing direction or guidance in the execution of duties and responsibilities.

Mentoring – Providing instruction and guidance of another for the purpose of learning and growth.

As leaders, we talk quite a bit about mentoring and the need to do more of it.  The majority of new hires coming in don’t fulfill all our requirements, so the necessity of mentoring is real and a big part of leadership.

However, this post is about an aspect of mentoring which I see as a growing problem!  It involves spending time with the people you mentor, establishing goals, taking time to educate, using tools, sending them of to use what you’ve shared… and allowing them fail.

Allowing people to fail is not something that is instinctive.  Especially if, during the time you spend mentoring, familial bonds emerge and you genuinely hope for their future and want to see them succeed.  However, I’ve found if you don’t do it, then you stop mentoring and you begin to cultivate behaviors that are either similar to doting parents or fearing the wrath of failure from others.

When tough events occur, it’s stepping in to shield or intervening because it’s easier to correct than allow your people to apply what they’ve learned.  I see this quite a bit in the workplace.  And typically also see these behaviors coupled with leaders being frustrated with their people they are mentoring.

If your mentoring people, one of the best lessons for you when mentoring your people is allow them to fail.  Failure is a teacher.  It gives wisdom.  And wisdom coupled with knowledge builds skills in not just applying our trade.  But also develops political and operational discretion which is just as important as learning the technology.

Dear Sir -

I write this letter today to bring awareness to a real problem with Sprint’s retention of long term customers, as well as a failures in customer service both in Sprint branches and on the phone.

Let me preface that I’ve been a Sprint customer for eight years and would rate my satisfaction as high during the timeframe.  Compared to others in my area, Sprint’s service has been stellar with no drop calls and great voice quality in North Dallas.  During all that time, I can remember only one event where I experienced two days of shaky service when a lightning bolt hit a water tower in my neighborhood.

The problem with retention seems to be centered around the lack of incentives to stay and how existing customers are treated by Sprint staff members.

Once my contract expired in 2011, I received a phone call from Sprint Customer service advising I was close to coming to term on my contract and was told to renew.  I asked why I should renew.  Specifically, do the terms of the Everything Plan change if not under contract.  I was told there are no differences in price, but being under contract locks in terms in the event that the plan cost changes.  During the contract term from 2010 to 2011, that statement was false as I was told in email that the plan was going up $10 due to having a smartphone on the plan.  Since I was basically a happy customer, I overlooked this slight and another by removing Premier/Gold status, sun setting that program.  Net-net, I declined to renew my contract and told customer service I would go month to month.

In February 2011, as I was walking to my car, my HTC Arrive broke when it fell out of my pocket.  This was my fourth phone and I decided, after having insurance on the first 3 and having horrible luck getting replacements, to decline purchasing insurance as the cost of the plan didn’t equate to the value being provided.  During the one time I tapped the insurance, I had a run of bad phones as most were reconditioned/refurbished phones that were DOA on arrival.

I decided to immediately visit a Sprint store to see what my options were.  I was presented with two.  First, I could buy another HTC Arrive phone for $450.  Second, I could buy a refurbished phone for as low as $69, but it would have to be online and take 3-4 days to ship.  The $69 phone was literally a flip-type phone that would normally be free to new customers.  There was no options that would have me leaving the store with a phone.  After explaining I was a long term customer with Sprint, that changed nothing.  The store personnel looked up my account and noticed I was 3 months away from a “upgrade” and advised I should wait and something could probably be done.

He also mentioned I was in contract and couldn’t leave Sprint without a contract termination fee.  When I told him I explicitly told Sprint Customer Service I did not want to be in contract, I was told that there was verbiage in the contract that would auto-renew and is done as a convenience!

What a frustrating situation.  Did Sprint sales staff actually expect me to wait for 3 months and pay for service with no phone?  Auto-renewing a contract after the customer told Customer Service not to do it?  The fact I couldn’t even get a commodity low end phone in the store was completely unacceptable, especially as a long term customer.

This week, I terminated my contract and switched to T-Mobile.  I was able to secure a Nokia Lumia 710 for free and the onboarding process was great.  Although I know I am getting inferior service compared to Sprint, your leadership gave me no incentive to stay.

I am disappointed in Sprint. Although I am one former customer out of the hundreds of thousands of customers, please hear this message:  Sprint’s current retention strategy isn’t working.  The lack of options and double-speak during interactions with sales people underscore the problem with Sprint’s business practice. You didn’t earn my continued business and tarnished the trust that was built.

Shameful.  Farewell.

Jonathan Merrill

It’s been several years since I looked at ITIL.  I’ve never really considered it in practice as taking on ITIL monumentally shifts thinking.  I’ve had hard enough times evangelizing the merits of Microsoft technologies and using their solutions framework, so why ITIL?

Texas Health Resources has committed to a pathway containing many transformational values as a part of a larger initiative.  In doing so, a demonstrable commitment to move move IT down an ITIL path where organization and efficiency being the desired outcome.

This week I attended a training event covering the foundations of ITIL V3.  For three days, we explored ITIL V3 in all it’s splendor, taught by Paul Wilmott, from the Education and Consulting division of HP.  I found the class infectious, exciting, and leaving me wanting more time to deep dive into how this could work for our organization.

HP did a great job with the material as well as the exercises that drive home what is learned.  Specifically, a mock exercise called HP Racing To Win, a simulated the technical support dynamic between engineers, IT support, and management.  It’s something that has to be seen to be explained.  Let me just say that our class really stunk at it… terrible… just terrible!

Here is a quick video of what it is all about:

JMM

HAHA!  You thought you were going to read another skeptical article on the craziness surrounding Microsoft’s decision on Metro UI in Windows 8.  On the contrary, Metro UI designed for touch and succeeds on that front.  My Windows 7 tablet is actually much easier to navigate with 8, especially the onscreen keyboard… It’s zippier on my Dell Latitude 2110, an Intel Atom based Netbook… Which I like a lot.

Well Metro UI succeed?  Probably in the long term with consumers.  But I bet you it will take a considerable amount of time to adopt it in the corporate world.  Especially in healthcare.  Heck, healthcare is just now coming around to Windows 7 in general.  Very few healthcare vendors have worked towards optimizing their product for Windows 7, choosing instead to make it “compatible”, which is a shame.

Metro UI targets touch and that platform is tablets.  And tablets are the current rage thanks to Apple.  It’s tough to disparage Apple’s tablet in the face of overwhelming financial success and legions of Apple fandom.  I do point out that a really good observation was made over at FUIT, which is people with tablets want to run healthcare apps on their tablet.  However, what they don’t want is RDS or a Citrix session connecting them back to the application… what they really want is an app for that.  Me skeptical?

But I digress… The real purpose of this post was to make a recommendation which was based on the complaints on the Windows Team Blog.  Overwhelming concern about the Start Button and confusing UI on the desktop.  “More steps to accomplish the same things” was a concurrent theme from observers.  Yikes, more steps means more work for IT having to support those end users… My excitement around that prospect just dipped a tad!

So, how can Microsoft get the MOJO back in Windows 8+???

It’s the concept of giving users’ choice with what UI they should use based on the type of device they have and be able to dynamically shift the UI as needed.  I propose four choices for users:

Metro UI	Legacy UI	Retro UI	Simple UI

1.  Metro UI – The touch interface.  Primary uses for tablets, netbooks, MS Surfaces, etc.

2.  Legacy UI – Keeping the same Metro theme, but keeping the Windows 7 AERO interface, Start button, and overall UI interaction.  This is the worker bee desktop and people are good with it, used to it, and refreshing it with Metro UI keeps it in tune with stepping into tablets.

3.  Retro UI -  Keeping the same Metro theme, but using… Program Manager, circa Windows 3.1, with all the modern improvements of Metro UI.  I love this idea as it would be a major difference in UI approach.  I think it would be be a welcome change, if done right, as sometimes you just need a simpler solution for Applications.  (I never was a big fan of Windows 7 start menu customization).

4.  Simple UI – Still keeping with the same Metro theme, but using Windows 7 phone UI as a simple alternative.  I personally love Windows 7 phone’s interface and feel it could easily work for tablets or desktops where the purpose is to keep the desktop simple and easy.

Food for thought.

JMM

That quote was from an article written in the Millennial Star, a Church of Jesus Christ of Latter-day Saints, Nov. 15, 1851,339.  And it’s as true today as it was in 1851.  And the context I put it in is two fold:

“Responsible Accountable End User Principles”

1.  Technology Security Awareness – Not just network security, but educating your customers on social media security, malware, passphrases, and protection your mobile assets.  The “human firewall” side of security.

2.  Business Application Education – Not just assisting with educating end users on their internal applications, but include the mainstream, albeit less focused on applications, like Microsoft Office products, Winzip, antivirus, screen-capturing tools, etc.

3.  Good Management Solutions – Showing the business how to use technology, investing in strategic technologies and not “cheap” solutions, not using technology to cultivate unhealthy cultures with their employees.

4.  Empowering Customers With Tools – Encouraging the business to use technologies that empower employees to get things done.  Listening and educating end users on productivity tools to get more work product efficiency.

5.  IT Partnership – Cultivating business unit and IT trust.  Developing relationships that cultivate ideas, research opportunities, and give IT some direction to solve business problems.  And actually solve them without creating new ones.

“Professional Educated IT Principles”

1.  Mission Oriented Protective Postures – In other words, while performing our work keeping security, safety, and making informed responsible decisions at the forefront.  Not needlessly exposing the business to risk by acting irresponsible, such rushing to get things done, no planning, blaming others, and not knowing the technology.

2.  Culture of Learning and Growth – Building an atmosphere where learning and growing skill is just as important as customer service and project execution.  Incentivize skill growth by not just goal building, but giving opportunities to grow and using train the trainer methodology to teach others.

3.  Cultivation of Communication and Documentation – Practicing effective communication verbally and in writing, growing workgroup based communication, and teaching when and how to document methodologies and technology.

4.  Benchmark and Measure IT – Just like anything else in business, if you can’t measure it you can’t manage it.  Identifying workflow processes and technologies that are benchmark-able.  Not just trouble tickets and work orders.  Automation improving workflow to improve time to close as an example.  Showing faster responses to technology as you or your people’s IT skills grow.

5.  Strategic versus Reactionary – Chinese fire drills versus intentional fire prevention.  Leading the technology direction in complements to the business direction.  Planning and execution of identifiable tangible objectives with real benefit to the business.  Stop the fire fights!

FIN

As I wrote this, I began to ponder whether principles just as these are truly attainable and aren’t “pie in the sky”.  I would agree with healthy pessimism.  Up until the last few years where I’ve had the pleasure working for really good IT leaders, which underscores the importance of leadership.  Yes, it can happen.  But, it may have to start with you being that leader.

JMM