I’ve played with speech recognition in Vista on and off since it was released and while I like it I do get funny looks – at work I share and office and at home the dog thinks I’m talking to him. But sometimes when it’s just me I turn it back on and play (it’s particularly good on my UMPC which has a very small keyboard)

But it’s not that quick to do some thing. As a user who grew up with keyboard shortcuts (I started using computers before mice were common so cut me some slack) I still hit Ctrl-V instead of right-click, select paste. So having to go through the somewhat laborious process of talking my computer through navigating menus in Outlook is occasionally frustrating.

So I was really pleased to see the arrival of Speech Macros – or more properly “Windows Speech Recognition Macros tool” aka WSRMacros. It means I can now create a macro that is triggered by a spoken comment. The macros can be a single action (eg “insert signature”) or more complex (eg selecting a particular playlist and playing it)

<speechMacros>

<!-- Play Artist Command -->

<command>

<listenFor>play ?the ?artist [Artists]</listenFor>

<listenFor>play ?the band [Artists]</listenFor>

<listenFor>play ?the group [Artists]</listenFor>

<disambiguate title="Which artist do you want to play?" prompt="Choose an Artist" timeout="25" propname="Artist"/>

<wmpMediaControl command="pause"/>

<speak>Playing Artist {[Artist]}</speak>

<wmpMediaPlay attrname="WM/AlbumArtist" attrvalue="{[Artist]}"/>

</command>

</speechMacros>

So go on… next time you’re alone in your office give it a try. Fire up Vista speech recognition and give it a go. If your accent is like mine be prepared to spend a little while on training but you can work with the WSRMacros with minimal preparation.

While it’s great on a desktop or laptop, try it out on a UMPC with constrained keyboard to really see the power of being able to talk to your computer.

Now all we need is a Live Gallery to share macros….

Have you ever wanted to be able to take a snapshot of your phone. Or better yet, a video to show something working. Or maybe use a real keyboard to edit a phone number or someone’s address?

Maybe it’s a side effect of my job, but I find it becoming more and more important as my phone becomes more useful to me that I can interact with it in more ways. Dashwire for instance is a great way to ensure I have a backup before I do something silly (like cross the road in the rain – can end up with a handset dead in a puddle).

My latest new best friend is MyMobileR. A desktop application that let’s me connect to my phone (via ActiveSync, Wifi and even Bluetooth) where you then have full remote control.

You can drag’n’drop files to the device, or you can scroll through your contacts and make a change. If you want to show someone else how to do something then you can take a screenshot or record a video.

This looks like one of those really simple apps that does it’s job so well you’ll wonder how you did without it. And when you check the price (free!) you’ll agree it’s a bargain!

I’m off to explore the limits of what it can record and how much control I have (there’s one physical key on my Shadow I can’t find yet… but I’m sure it’s there!)

If you need more functionality then check out Soti for their device management and remote control solutions, but for a quick and easy every day solution MyMobileR has a place on my desktop.

“Huge Web hack attack infects 500,000 pages - Microsoft's IIS Web server may be to blame, says researcher” read the headlines today.

But it looks like he’s jumped the gun with his finger pointing…  This particular attack like so many before it (but admittedly at a much higher scale than many previous attempts) is due to a compromise known as a SQL Injection Attack.

The vulnerability is due to poorly-written SQL code that does not properly examine user input from a Web page form and allows commands to be “injected” and execute directly against the database with the same privileges as the sites own code.

What scares the heck out of me though is it’s spread to half a million pages already (though one attack targeted at, say, a shopping site with 10,000 pages would rack up a pretty big number very quickly!) because it implies a lot of fairly sloppy code is in production and not being maintained very well.

This attack – typical symptoms include pages with the code <script src=http://www.nihaorr1.com/1.js> embedded somewhere on them – is particularly neat because it’s self contained… the server is hit with a modified URL, the code is injected and updates the server all in one hit (so very hard to look out for and track). Older injection attacks normally looked for a vulnerability and then came back to exploit it.

The researcher in question seems to have jumped to a conclusion looking for some sensational PR coverage – which does make me a little skeptical about any claims they make around the level of protection they can offer ;) SQL Injection attacks are equally likely for MySQL, Oracle, SQL Server or any other database if the queries you feed to them are not sanitized. It’s not a new problem, and there has been good advice around for a long time to help developers avoid the problem.

The Register has a good write-up outlining the scale of the problem, and how hard it’s going to be to clean up…

One thing that it does go to prove though is that for users you can’t really trust anywhere you visit on the web – there’s always a risk than an attack will find a way to compromise a page you think is safe. If you don’t keep your system up to date with security patches for your client operating system, and run current anti-virus / anti-malware / anti-spyware (call it what you will) then you’re taking more risks than you need to. Personally I’m a fan of OneCare but NOD32 is another really good package. If you don’t want to pay a few bucks for insurance AVG Free does a really good job.

Update Apr 27: Read the update from the Microsoft Security Response Center on this issue, some recommendations on how to avoid SQL Injection attacks and some more handy tips from Bill Staples (the head of the IIS team, so he should know what he’s talking about). Also if you want a good background on why security matters and should be part of the initial design, not some random after thought you should read this blog.

So, your plans for world domination didn’t quite go as you hoped. You clone army didn’t stand up to repeated photo-copying and so it’s back to the drawing board.

Rather than mope around in your hidden lair of darkness (or your bedroom) why not get back into the fray… but this time you could focus your efforts on creating a virtual army of smart robots to do battle – or at least compete in a series of challenges to determine the winner.

While most mad scientists have to assemble their robots from a scrap-yard of parts using plans downloaded from some of the weirder parts of the internet you have an advantage…

You only have to develop the control package for the robot which will compete inside a virtual environment. To get started you’ll need to install and set up the Microsoft Robotics Studio (a free add-on that works with trial and express versions of Visual Studio) and you can develop using your favorite .Net language. Once tested and ready to rumble you upload the Microsoft Robotics Developer Studio 2008 playback file (.PLB) and some supporting documentation and … may the best robot win!

Vista sidebar gadgets and embeddable BotCards will let you stake out a claim and keep track of your progress – but if you do well and are one of the finalists… well, you’ll just have to read the clues from the RoboChamps League Commissioner to find out…

Microsoft’s SPOT (Smart Personal Object Technology) has had quite a long life in it’s original form, with up to date information being delivered to various devices – as diverse as watches and coffee makers – but as times have changed demand has waned.

Partners are no longer selling SPOT enabled watches – although the good news for us who use them is that the service will continue to deliver news, weather and other updates as expected for time to come.

That doesn’t mean it’s the end for the brand though. The MSN Direct service is changing along with the needs of it’s audience and delivering content in more appropriate and targeted ways… the SPOT devices are becoming less visible and more just a part of every day life.

What use is traffic data and gas prices delivered to your phone? If you’re in the car then wouldn’t it make sense it your GPS device knew that information and could make use of it? Well, with the partnership with Garmin (“MSN Direct services for GPS Navigation Devices” according to the marketing folks) the technology is embedded into your Satellite Navigation to help make smarter decisions.

One criticism of the SPOT enabled watches was the screen size. Well, a lot of people already carry a device with a much larger screen every day – their phone. Using over the air data delivery or WiFi (for phones that support that) the MSN Direct service is available both as a native Windows Mobile client or via any mobile browser by visiting the mobile enabled http://phone.msndirect.com.

It’s great to see how this really simple technology has evolved from it’s useful but admittedly clunky origins. Of course, if you’re determined to have a really high tech watch you should check out the Epoq EGP-WP98B – a smart watch that runs Windows Mobile 5 (yes, it’s a phone!)

While I really like my Shadow I needed to do some testing of a landscape app, and get a feel for 3G performance (I' was used to it in Australia but have yet to experience it here in the US) so I now have a wine red Samsung BlackJack II (aka i617) with an AT&T pre-paid SIM in.

First let me get a little rant at AT&T out of the way. I don’t mind pre-paid SIMs. I use them a lot when traveling. The initial purchase and setup was really slick and painless. But the fact I can’t get data on the cheaper plans is annoying as I have to sign up to a monthly renewal and more annoying in order to upgrade from the penny a Kb to unlimited data I can only reset it for the second month. If I didn’t want to try out their 3G service I’d have paid the unlock fee instead and stuck my T-Mobile SIM in.

Anyway, back to the phone.

First impressions are really great. It feels solid and robust, speakers are good, the screen is clear, camera – though only 2MP – is adequate. After the Shadow the full keyboard will take some getting used to. I prefer it to the Dash/Excalibur though.

I like the fact the BJII includes GPS (though you do need to jump through some hoops to enable it for apps other than the built-in ones), and of course the speed of the 3G data (I’ll like it a lot more when the unlimited kicks in). I really don’t understand why the decided to not include WiFi of any sort in this device though – in the office I get very poor signal coverage so WiFi is a must… so this phone becomes a paperweight.

So what were the first things I installed? TinyTwitter, Windows Live Search and (once I’d sorted out the GPS) Navizon.

The early experience has really been improved by the MyBlackjack2 and MoDoCo BJII forums – you should really pay them a visit if you’ve got one of these devices (or plan to)

Oh, and apparently there is a MicroSD WiFi card that would solve my connectivity complaint… but despite early announcements I can’t find anyone who actually admits to stocking it!

As I don’t plan to switch to AT&T just yet my Shadow will be the day to day phone, but the BJ II will be getting a good workout in the weeks to come… The other thing that would negate this being a day to day phone is the non-standard charge/data connection. Mini-USB works really well on the Shadow and not having one on the Blackjack II is a real negative for me.

Have you ever wanted to Tweet more than 140 characters? Do you want to post a random bit of text but don’t have a blog? Want to send a message to friends but make it more private than email?

Check out ShortText.com for a solution.

It allows you to post a block of text and it returns a URL that you can point people to. If you want to make it private then you can add a secret key (which hides it from search engines as well as anyone else who doesn’t have the key).

No signup, no complications. Though it is ad supported. If you want an ad free version (that lets you go back and edit your posting, as well as select the URL that is used for the link) then it’s $2 per year for the URLs.

While I try to keep my tweets short and to the point I particularly like their API and Firefox plugin that let you extend the functionality…

Like Frank I upgraded from an old school telephone to a Communicator solution (okay, not like Frank… I’m 11 months behind him on the upgrade!) but I went a slightly different path. No desktop handset for me, I now use Communicator exclusively for my phonecalls with the same headset I listen to music from my Zune Desktop client or Pandora.

While there are some hiccups with it (my music doesn’t pause automatically, and I keep looking where the phone used to be for the clock!) it’s pretty neat… and even funnier is when I’m at home the experience is totally seamless for callers.

I will be rigging up a USB speakerphone next week (just need a hub!) and then taping over the annoying blue light on the headset (what is it with blue lights)!

At home we’ve also gone VoIP. Initially we used Skype – which I still think is great value for overseas calls – but issues with quality drove us to find a better solution. Despite their *really* annoying website (turn off your speakers!) we’re fans of MagicJack but you might want to check out the Unofficial forums before jumping in (thought at the price it’s not that big a risk) – we have it plugged into the Windows Home Server and a normal DECT phone to make calls. I miss not having the integrated phonebook that Skype offered with the Belkin handset but reliable service makes up for it.

The cool thing is that while offering “free” US calls (one fixed payment a year), incoming calls to a number in an area code you choose and international calls at very good rates… you can also send one to a friend overseas and they don’t have to pay international rates to call you!

Now we just need ubiquitous WiFi or WiMax and I can go VoIP mobile as well ;)

Thanks to Michael for pointing this out.

Your Windows Live ID is your passport (no pun intended) - it’s the key to a world of services (not just Microsoft – a number of third parties use LiveID as an authentication method) and you should treat it as carefully as your ATM PIN.

The Windows Live team have posted some pretty straightforward bits of advice to help keep you safe – check it out before you next log in…

Some services – such as Microsoft HealthVault – enforce some of these requirements, and sites like PayPal are encouraging users to play it safe.

I recently bought a Zune and I’m surprised how pleased I am with it. I guess I shouldn’t be, but after being an iPod user for some years and listening to the haters it was easy to pick on the flaws.

Then I got one and now I don’t think I’ll go back. It works really well, the audio quality is great and I prefer the Zune Marketplace and ZunePass to the alternatives.

I found this advert for the Zune (the original from Digital Kitchen is here, but requires QuickTime)… Most of the Microsoft adverts on TV don’t move me (and don’t get me started on the “I’m a Mac/I’m a PC” ads) but if we could get Digital Kitchen to cook up some more like this I’d be a fan!