The cloud demands identity. Microsoft has a strong, secure, privacy-friendly identity technology that’s open, easy to federate and will transform the Web and the cloud. So why is Windows Live ignoring CardSpace?

OpenID is a great tool for logging in to a Web site that you want to use but don’t need to trust. You wouldn’t want to use OpenID to get into your banking site because it’s just not secure enough, but it’s great for not having to remember passwords for LiveJournal, Dopplr, Plaxo and the like. You log into one site and tell the others to ask that site who you are. OpenID is getting less vulnerable, but it’s simply not intended to protect really important information.

The information card system is secure; it’s protected by cryptographic keys, it’s got a user interface that makes it very clear when you’re being asked to log in to a site, what the site wants to know about you and it lets you choose from a ‘wallet’ of cards to prove your identity. That gives you security and privacy and ease of use together (which improves security by stopping people using the same password everywhere. Microsoft put it into Vista and Internet Explorer 7 as CardSpace (information cards are the generic system and there are implementations that you can use in Firefox and Safari, on Macs and Linux machines, CardSpace is just the Microsoft implementation).

And since then, I’ve been waiting for Microsoft to deliver the next pieces. A token server that a business can use to issue its own information cards, and to validate them so you can use them for access to internal apps, preferably federated so you can also validate partners. And a public service that issues not just the self-certified cards that anyone can create with their public details but managed cards that have useful information that you want to protect. When you wave your passport or driving licence in an American bar, the bar doesn’t – or shouldn’t take a copy of it; they just need to know you’re old enough to have one. Put your birthday into a managed card and you can prove that you’re over 16 for a shopping site without handing over details that could help someone hack your bank account if the site loses its customer details on a USB stick, because the site only gets the assertion that you’re old enough, not the actual day, month and year.

Issuing cards was going to be a function of ADFS at one point, because it fits wither where enterprises store identity information; for development and resource reasons it went on and off the feature list and now it’s going to be a free component in Windows Server 2008 (and maybe other versions), code-named Project Geneva. Currently in beta at www.microsoft.com/geneva, there will be a feature-complete beta in the first half of 2009 and a final version in the second half. It leverages AD and SAML and x509, it interoperates with a wide range of line of business applications and it makes using secure identities easy in a business.

That just leaves a managed card service for those of us who aren’t in a big business and I’m still waiting. And in the PDC keynote today, Microsoft announced that Windows Live ID would be issuing a new kind of identity – but it’s not information cards.

So why is Windows Live ID proudly announcing that it’s issuing OpenIDs but not CardSpace IDs? Is it because OpenID is accepted by a lot of sites? So are information cards, and if you could get an identity you could trust from Windows Live other sites would be more likely to adopt them – because it’s easy to use Windows Live ID instead of running your own username and password system. Is it because OpenID is, well, open?

CardSpace is the most open project Microsoft has ever done. The architect, Kim Cameron, has almost single-handedly changed the perception of Microsoft in the identity community, which isn’t bad for a company that was so roundly derided for Passport. The open nature of information cards “just isn’t up for discussion” Cameron says (before plunging into a discussion with senior VP Bob Muglia about why you can’t constrain the scope of identity to just in the cloud or just on the server or just on the Web or just on the desktop).

Is it because CardSpace 2 is going to better than CardSpace 1? It will let you transfer information cards from one PC to another, and when you go back to a site you’ve used an information card with before, CardSpace 2 will show you the card you used last – which means that even if a phishing site accepts information cards to try and fool you, you’ll be able to tell (and the phishing site isn’t going to get the details out of your card so scammers can’t steal it). But Microsoft has adopted the first version of plenty of its own technologies even when there has been something new and better just around the corner. And issuing managed cards today, cards that have been verified and are backed by an identity provider, would be a huge step forward.

If it’s because Microsoft wants somebody else to issue managed cards because a supermarket or a post office or a government already has relationships with people and systems for handling information – or because they look like a more natural place to prove your identity because they can prove that you have a loyalty card or a post office box or a passport – then I’d say yes, but you can’t wait for that to happen. Once the first managed identity provider proves its value then banks and services that sell you certificates will join in, but you can’t keep on waiting to go first them to go first.

I wonder if it’s the legacy of Passport. Maybe the Live team wants to be extra sure they don’t rush out with an implementation that could have problems and create another Passport backlash. Or maybe they aren’t comfortable with the way that CardSpace takes the power of identity away from the provider and gives it back to the user; issuing managed information cards would be admitting once and for all that Microsoft is never going to own user identities in the way that Passport envisaged. Everyone I’ve met from the Windows Live team so far is smarter than that, which leaves me confused. Because it’s ludicrous that Microsoft has a far superior identity technology to OpenID that it’s getting ready to offer to businesses and it hasn’t even talked about how to bring it to everyday Web users who need it just as much.

It’s a simple rule, and one that fixes a huge proportion of IT problems. I’d have done well to remember it when the door to the office NAS neatly unplugged a network segment, and I spent a happy half hour trying to debug just why the wireless printer wasn’t working.

It’s also one that might have saved us several days of little or no phone connectivity, and an extremely flaky DSL connection that has yet to train back up to full speed. Still, at least now that the BT engineer has visited, we have a new cable between us and the street furniture, hopefully ensuring a faster and fault free connection in future.

BT’s online fault tracking service is well designed, and surprisingly helpful. Log on and report a fault with a line, and you’ll be  able to receive reports by email or text, and even set up a free divert to another number. It wasn’t long before my mobile became the office phone (and as a result I may well invest in YAC or similar number so I can just give the world one number that redirects to wherever I am).

Every half hour or so I clicked refresh on the fault page, to watch just where BT had tracked the fault to. First it was in the exchange, then the street cabinet. Finally it was the network, and this afternoon an engineer came to take a look at what was wrong. That’s where checking the cable came in, as he was able to just look at the wire between the pole and our office to see exactly what was wrong.

At least everything’s back to normal now, and the nearly 7 seconds of delay on our DSL caused by the death throes of an aging, fraying cable, has gone away (along with an old junction box under the window). But can I have fibre now please?

–Simon

Simulating the big bang and colliding particles at the speed of light takes a lot of space, makes a lot of data - and it isn’t going to blow up the planet.

The Large Hadron Collider has been running quietly for a week and no tiny black holes have made their way out through the giant concrete end caps yet, so the world is probably safe.

The collider itself is a vast confection of superconducting magnets and we were lucky enough to go down into the caverns last year while it was still being constructed. The scale of the shaft and the cavern are impressive enough; ATLAS is just one of the detectors on the ring and the structure dwarfs the engineers putting to together.

We’ve put together a look at the detector using Microsoft’s Silverlight DeepZoom technology.

An experiment like the Large Hadron Collider also produces a lot of data: 15 million gigabytes a year, streaming out of CERN to a worldwide computing grid at 2GB/second through an HP ProCurve infrastructure. The mainframes and supercomputers that processed the data in decades past have been replaced by rows of PCs. The cavernous computing centre looks like an old school gym; half of it is full of familiar tower cases, the other half is filling up with racks and blades and tape library robots as CERN builds its own mega-data centre.

You need a special invitation - or a research project - to get into the caverns at CERN, now that the LHC is switched on. But you can book a tour to see one of the other particle accelerators, decelerators and colliders where researchers try to recreate the first seconds after the Big Bang - or you can head down to the basement to see the Tim Berners-Lee’s first Web server.

A slightly battered NexT cube with a hand-written label peeling off from the front of the case, the memo of the original World Wide Web proposal lying over the keyboard; if there was a coffee cup in the display case, you’d expect Sir Tim to come back and sit down at any minute. Also behind glass is one of the first Cisco routers to make it to Europe; it’s a hefty beige box that cost $10,000 back in 1984.

Tours start in the dramatic wooden Globe of Science and Innovation, but take a minute to stand in the main reception area across the road. The coloured lights shooting through the concrete floor flash every time cosmic rays are detected; that bright blue could be a solar flare or a supernova.

-Mary

BT shareholders should stop worrying about the cost of fibre. Everyone wants fast broadband and the current plans aren’t so expensive that they’ll take years to pay off.

I noticed the other day that the market didn’t take well to the news that BT is really moving forward on plans to roll out fibre across to the UK to drag broadband speeds into the 21st century (think 8Mbps DSL is fast? - check out Korea, or Paris where they’re laying 30Mbps fibre). Cable coverage in the UK is a joke (NTL bought the cheapest demographic data it could find for high population density and ended up cabling multiple occupancy council estates where it couldn’t get licenses to offer a service and running out of money before it got round all the consumers and small businesses that actually wanted cable modems).

Now the analysts at Point Topic have done some interesting sums. BT’s proposal to cover 40% of the homes in the UK for £1.5bn works out at £150 per household - a lot less than the £800 each in previous calculations for doing all 25 million households. And making that pay dividends to all those worried shareholders will only take about £3 per household, according to Point Topic, because BT will be making savings on operating costs. Fibre means new services to sell; we might finally be able to get seamless roaming between landline calls, mobile calls and VOIP - it’s all IP underneath, after all. Some of the bandwidth will doubtless get eaten up by pay-for IP TV services.

And the regulator will need to keep an eye on who you can buy fibre from or we’ll be back to a monopoly faster than you can tell Sid pirated content isn’t the only reason anyone wants a fast connection (when did you last use an MSDN CD instead of downloading the ISO?). The industry has been asking OFCOM to promise it will be able to make money out of fibre as if it was something new and different. There may more trenches to dig in remote areas - although you can blow fibre down an existing conduit with compressed air - and you have to get the termination right, but it’s not rocket science. As Tim Johnson at Point Topic puts it, “by and large BT’s shareholders should be able to finance the investment, carry the risk and reap a good profit in return.”

Bandwidth; it’s a business, not a right, but it should be good business all round.
-Mary
 

A comment from Wyse popped into my inbox the other day, criticising the government for using desktop PCs instead of thin clients which are “inherently more energy efficient” (surprise surprise).

David Angwin, director of marketing for EMEA, claimed that “thin client computers give users exactly the same applications and performance as a PC and run on as little a tenth of the electricity.” Certainly, Wyse is one of the few thin client manufacturers who can claim to support a wide range of applications; I know one financial company who had to replace the first batch of thin clients they tried with Wyse kit almost within the week because the others couldn’t cope with video clips. But is that power figure the whole story?

Earlier in the year I was talking to Barry Goodall at the Royal Borough of Kensington and Chelsea. He’s spent a lot of time and effort greening the council’s IT and although he’s a big fan of server virtualisation, he has a much less positive view of the green credentials of thin clients after he disproved the figures in a Frauenhofer Institute report on green computing. “The report said we could save million of pounds by using thin clients, so we were quite interested in this! We looked at some of the details and things leapt out at us; in particular the power consumption of PCs was markedly higher than ours - we use Dell desktops.”

He was checking his Dells anyway, because Dell was claiming upgrading to model 745s would save as much energy as changing from CRT to LCD screens. “We have an electricity monitoring gadget from Maplin which I highly recommend: don’t trust anything the manufacturers tell you! It’s very easy and you need to measure it yourself.” His measurements showed the model 745s used the same 60 Watts of power as the Dell kit he already had; Dell’s 45 Watt figure assumed energy management features that weren’t turned on by default. “Energy saving features in the BIOS count for nothing unless you enable hibernation in Windows!”

But 60 Watts or 45, it was still a far cry from the 120 Watts that Frauenhofer was assuming for a desktop PC. That’s what you’d expect from a top-end home machine with a high-power graphics card for gaming; business desktops are rather more frugal.

That wasn’t the only place he felt the sums didn’t add up. “Although the report said in the text that they had accounted for PCs being turned on maybe ten hours a day, terminal servers are typically running 24/7. If you tot up the number of hours people work out of the year, even though it feels like you work all the hours God sends, it’s actually about 2,200 and the figures in their tables hadn’t taken that into account. When we plugged in the correct figures they supported the opposite arguments; with the number of clients per server they assumed, it was more expensive in terms of CO2 than a typical fat client environment. Thin client can be more energy efficient but you need to be clever and turn some servers off when demand is low; you have to be monitoring the workload so you can turn some servers off overnight and come the morning, start turning them back on again - though you’re running a little bit of a risk that maybe one or two servers won’t start up and you’ll struggle a little.”

When I talked to Jon Stewart at Cisco about security trends recently, he slipped in a few network arguments (as you’d expect from a network company). “I have a feeling [that] what you’re going to end up seeing is very thin, light application suites that are endpoint based and a very rich experience using massive network build out. It’s already started to happen; definitely BT has gone down this route. You’re basically saying the end point is going to matter less at a computational level. The display and the keyboard and the system that you interact with, is the most valuable. Think about Lufthansa going to wireless on their planes, they’re trying to solve the inability to do work when you’re mobile. Everything about handset mobility, you’re trying to solve work when you’re mobile. But each time it happens, less and less computational necessity exists on the device - you’re just getting the service on the device.”

But do we care less and less about devices? Again, you’d expect Steve Ballmer to favour the PC, but he told his audience at the Partner Conference that actually, all the devices that are getting attention are fat (we just need to make them easy too). “It’s ironic, people talk a lot about whether people want thin clients. And I don’t deny people want reduced cost, and complexity of management. I think we’re all hearing that from our customers. But people don’t want to really give up the richness and capabilities of a rich client. We even see that in phones. What’s going on in phones today? Phones are actually getting richer. That’s what Windows Mobile is, that’s what the iPhone is, that’s what Symbian is, that’s what Android is: all of these things are getting richer, and Windows PCs will be the richest, most capable device that most people ever own.”

Chatting with Peter Biddle, ex of Microsoft and now at UK enterprise social networking startup Trampoline, he suggested that as usual, what matters is both the device and the network. “Think about it; when did you last do any useful work without being online?”
-Mary

I wouldn’t be surprised to open a packet of cornflakes  and have a 3G USB dongle fall out, they’re getting so common. They may be convenient but they’re not the most efficient way to get a 3G connection on a laptop. A notebook with a built-in antenna gets 25% better bandwidth (because the better the signal, the more data throughput you get). And given that most 3G cells have only a 1Mbps pipe connecting them to the Internet , you need all the throughput you can get. 

The rumblings about EU regulation of SMS and mobile data costs carry on in the background along with OFCOM’s proposals for a voluntary code of conduct for ISPs to make sure your DSL line gives you the speed you’ve paid for, and OFCOM has also been making noises about checking out what speeds mobile broadband really offers. It’s a nice idea and it might concentrate the attention of the operators on the issue, but the speed you get depends on a mix of your handset, the Internet backhaul of the base station, how many other people are using data on the same base station - and the weather, so it’s hard to be precise.

I was impressed by the independent tests that Vodafone was trumpeting last month claiming they have the fastest HSDPA network. They’re claiming up to ten seconds faster to download a 2MB MP3 file (13.54 seconds) and four times faster to open a Web page (6.7 seconds). Anecdotally, Vodafone does feel faster than T-Mobile and Orange in the areas of London we visit, on EDGE and on HSDPA. With BT’s announcement today that it’s dropping backhaul pricing, if the mobile operators put in connections from the base stations to the Internet that are as fast as your connection from your phone to the base station, we’ll start to see which side of the network really needs to speed up.

I expect better battery life is also going to be better when you’re using built-in 3G than when you’re going through a USB port. The voltage won’t be much different but you can have much more sophisticated power management - and of course if you have a better signal, you don’t have to keep turning the radio up to try and improve things.

So Lenovo’s Centrino 2 announcements caught my eye today. Either the growth in the dongle market means Ericsson has dropped the prices of its 3G modules (scale, competition or a mix of the two) or Lenovo has decided that 3G is the best way to fight off the buzz around ultra-cheap machines like the Eee PC and Aspire One that cut features along with the price. Whichever it is, Lenovo is dropping the price premium for built-in 3G from around £100 to around nothing: from August 4th notebooks with a mobile broadband module will cost, and I quote, ”approximately the same price as those without”.

Although BT is now referring to the still-in-draft 802.11n proposal as a standard and putting it in the shiny new BT Home Hub (the rotating ten foot model of it at the BT event last night was a little scary), the n debacle drags on. At this rate, we might have HSDPA built into more laptops than 802.11n…
-Mary

One of the highlights of the Future in Review conference is the chance to go to the supercomputing visualization lab at the University of California in San Diego, CalIT2. It’s run by Larry Smarr, who used to run the National Computing Supercomputing Applications where told one of his graduate students, Marc Andreessen,  to write a visual browser for the World Wide Web Tim Berners-Lee was working on over at CERN. When they showed NCSA Mosaic off, “everybody told us nobody needed it”, he says.

Given how wrong, that turned out to be, it’s worth keeping an eye on what Smarr thinks is important – bandwidth and pixels. Not content with the bandwidth of Internet2, he’s been putting together a multigigabit network connecting universities around the world for sharing data and collaborating over video conferencing. And making video real enough to suspend your disbelief means a lot of pixels; the 60-foot screen in the CalIT2 lecture theatre has four times the resolution of HD, the standard digital cinema will use when the movie theatres work out how to make money from it. To kick off the evening, Smarr invites Microsoft’s Curtis Wong to show off the 12 terabytes of images in the new World Wide Telescope, a map of the sky that zooms from star fields to galaxies to the solar systems coalescing inside them out of dust, fading into infra-red and wavelengths that show more structures.

The 30″ screens on most desks around the lab are dwarfed by the 200 megapixel video wall - eleven rows of five 30″ Dell screens crammed side by side to make one giant display with 100 times the resolution of HD. There are displays that wrap around the edges of a small room, stretching over your head and powered by eight HD projectors, that show us the surface of Mars in 50 million pixels rather than the 2 million pixels from the Word Wide Telescope.
 
It’s not size to prove screens can keep getting bigger; Larry Smarr thinks we need the bigger view. “We’ve artificially limited our brain by this stupid million pixels on a screen and we’ve unblocked that.” So how much more can we see; is there a limit? “Reality! You don’t see everything you think you see - it’s not as simple as pixels. There’s a limit to what you can resolve spatially, above 24 frames per second you don’t really see more. But the brain is capable of absorbing about 1gigabit per second, 24 bits deep 16 million colours. ”

From medical images to satellite maps, there are plenty of images to enjoy at that size. You can see the intricate details inside cancer cells or watch winter spread over the world. You can stand inside a building that exists only as a CAD diagram and walk through lifesize doors to see if the layout works. You can step forward to see the hidden sketch under a Leonardo painting, revealed by infrastructure-red photography and displayed so you can see every line. Or you can watch life-size opera live from the Concertgebouw in Amsterdam, or the opening ceremony of the Nobel prize from Japan and fill like you’re almost there. Every candle flame, every reflection, the brocade patterns on every kimono, the expression on every face.

These are the technologies that are coming to office video conferencing if you have the network bandwidth. Smarr advised HP on developing the Halo system and he’s putting in a Cisco TelePresence room at CalIT2 for academics to use for collaborations. The commodity hardware and open source software that powers the high-resolution screens isn’t as expensive as those. Each screen of what Larry Smarr calls the optiputer - systems connected by optical fibre that make up a worldwide computer system - costs about $2,000. But of course the bandwidth is what really raises the price tag.  Cisco TelePresence needs about 10Gbps; the big screen system is over ten times more.

On the Internet, nobody knows you’re a dog. You can put up a Facebook page, send spam, pretend to be a bank; as long as you can read distorted characters, you can leave comments on a blog under any name you choose (I’d like to see at least one Mickey Mouse commenting to this post). Passwords are well past their sell-by date but proving your identity securely matters more and more. Identity online covers everything from throwaway accounts on forums to online banking and no one system is every going to ‘win’ - but they can learn to work together.

You can buy a hard drive from any vendor you like; as long as it fits in your PC and uses a standard interface, your operating system will take care of accessing the hardware and loading the drivers, leaving you to enjoy the storage space. The identity metasystem will do the same thing for user information, identity providers and sites that accept user details in the form of information cards. The terminology comes from Microsoft, the impetus comes from a wide range of customers and the technology comes from everybody from Oracle to Sun, IBM to Novell, the Liberty Alliance to the Higgins Project. Does it all work together yet? Not quite - but the Project Concordia interoperability workshop that opened the RSA conference today was a step forward.

Not least because for the first time Sun demonstrated an information card logon that used no Microsoft software at all; Sun’s Pat Patterson showed a system using OpenSSO v1 build 4 - which Sun will ship in the summer as Federated Access Manager 8.0, with an Oracle identity provider and Novell’s identity selector to deliver the same experience of logging in with an information card as a Vista user gets on the system using CardSpace.

Microsoft showed CardSpace sending SAML 1.1 and SAML2 tokens to a WS-Federation system. Ashish Jain of Ping Identity demonstrated a system using an information card from Sun to log into Gmail, running Vista in a virtual machine on a Mac talking to a Linux system. And systems from Ping, SymLabs, FuGen and Shibbloeth talked to each other and to Sun, Oracle and Microsoft systems using WS-Federation and SAML, transferring not just the identity of the user from a managed information card provided by a trusted identity provider rather than one the user had created themselves but also information like whether the user had provided a password or a smartcard rather than just clicked on a link.

Who needs that heterogenous a system? General Motors for a start, which is why Bob Haar, an IT architect at GM was chairing the workshop along with Microsoft’s Mike Jones and Eve Maler from Sun. Jones repeated what Microsoft is hearing from customers; “Some of the more interesting business discussions have been about risk. Certainly in the automotive industry, a decision has been made that there’s both at least cost savings and possibly minimisations of risk by going to federated authentication for collaboration with suppliers. Think about how many companies are involved in building a GM automobile or a Boeing airplane; it’s mind boggling.”

Haar explained that in a little more detail. “We think the federation gives us more control in real time to monitor and control access. There are legal and contractual aspects of setting up the business relationships and supporting for activities about auditing - if there’s a question about who changed this financial data or when it came through the federated environment, we have to have systems and procedures in place to make that happen.”

Sun’s demo didn’t use any Microsoft products at all and Patterson took something of a cheap shot by apologizing to Microsoft for that. Mike Jones smiled back and said actually, Sun had given him two of his three wishes. “I said three years ago we’ll know the metasytem is succeeding when interactions occur that use no Microsoft software, where Microsoft receives no revenue and Microsoft has no idea the interaction is taking place.” Today, the point is for the companies to be talking so they can make this all work. When it does all work, Sun wouldn’t need to tell Microsoft anything to have happy customers who could use CardSpace against a system that uses Oracle to issue identity information to connect through to another system that uses ADFS to do it. Assuming ADFS could issue and understand identity beyond Active Directory…

There isn’t a name for the next version of ADFS, or a shipping date but Microsoft promises, it will issue and consume information cards. This has gone in and out of the feature list for the next version of ADFS as shipping schedules and priorities shifted, but it’s back on the table says Jones - and Visual Studio will get tools for working with identity. “We probably wouldn’t have gotten permission to show SAML2 token support in the next version of our identity server products if we were not going to put tools into deployers hands to easily build and consume these tokens. We get that until it’s easy for developers to do this, a lot won’t. We’re looking at federation and information cards not as separate things but as parts of a spectrum people can deploy as it makes sense for them.”

Standards are good, runs an old joke; that’s why we have so many of them. Whether it’s a proprietary approach that’s become popular enough to document or a philosophical difference in approaches, there’s hardly anything in technology that you can’t do in two completely incompatible ways by following different standards. What’s happening in identity is a remarkably grown-up approach to tackling a problem. When did you last see Microsoft, IBM, Sun, Novell and Oracle playing nice together without government interference? Instead of expecting to own the marketplace, all the major players are putting in the effort to get their systems working with each other and with the standards. Imagine if all the effort spent arguing about whether OOXML and ODF could both be ISO standards had gone into writing translators to move documents between the two.

But once it’s easy for a service to accept identity logons from a variety of information providers, what is the user experience going to look like? The test sites had buttons to log on with every combination of service and they exposed the debug information so you could see what was happening; real sites won’t have that. But they shouldn’t have umpteen buttons to choose which information provider I want to use either; that way madness and another set of chances to get me to do something insecure lie.

Every credit card I have has its own branding, and there are plenty of different card readers in shops, but they all have a slot I put the card into and a keypad where I type in the PIN. I don’t have to press a button saying I want to use a MasterCard or an Amex card before I start - I put in the card and the reader works it out, hides the process and asks me for the important thing, my PIN. Sites using identity should do the same thing. Don’t give me a button for OpenID or SAML or Ping or Oracle or whatever underlying identity system I’m going to use happens to be, and make me click it and then click again to pick an information card. Use the same identity selector I’m going to give you my information card in; that way your Web site doesn’t have to have five otherwise identical pages and CardSpace or the Higgins identity selector or whatever the experience is on my OS and browser can do the hard work. All I have to do is say yes, I do want to use this information card with this site and you can concentrate on building something that works better because you know who I am without either of us having to care about passwords.

Is a Windows desktop an expensive and insecure liability that you’d like to get under control, or a flexible and powerful tool that lets your employees work, play and be productive? Martin Banks reported recently on an insurance company who rolled out two whole new overseas offices without leaving the office by shipping out thin clients. You can’t complain about the efficiency for the IT team but I wondered about the difference for the end users. Did they have as much freedom and flexibility - in terms of trying new things or in terms of being allowed the level of personal use people expect (in the UK at least)?

If they can’t, some IT teams might be quite happy, Martin told me. Flexibility and personal use  can be” `danger areas’ seen by IT managements, and if they can bring desktops under better management and control, stopping personal use and cutting the risks of virii infestation etc the better they will like it.”

I asked Microsoft the same question a few years ago, in a discussion about the parental controls and user account protection: shouldn’t companies go all the way and only run white-listed applications and only allow access to whitelisted Web sites and block personal devices… The immediate and forceful reply was that this would be missing the point of the desktop, where anything from a relaxing game of solitaire to experimenting with graphics software could unleash the creativity of your staff. And the point of the PC over the dumb terminal or the Web browser as OS is the range of software you can get, the ease with which you can run it and the way that no matter how obscure the way you fancy spending half an hour, someone will have written some software to help you do it.

You can only concentrate for 20 minutes at a time, they used to tell me at school (in the middle of a 45 minute lesson, ironically enough; I did have one lecturer at Oxford who took a five minute break in the middle of a lecture to chat about his kitten on the same principle). Whether it’s relaxing by watching a Star Trek mashup to the tune of White Rabbit on YouTube, losing a hand of Spider Solitaire or spending ten minutes doing your online banking rather than an hour in the queue at the hole in the wall they call a bank branch these days, personal use makes the users happier. Personally, I think if personal use is excessive it’s time for a chat with your manager rather than a visit from the IT team.

The assumption with thin client is that you can’t do that any more. It’s my own assumption usually. But when Aspen talked about the way they’re using thin clients for branch offices at VMWorld today, they had a very different emphasis. Yes, they liked just shipping out thin clients to the office and letting the brokers plug in their keyboards and screens and get on with it without any IT setup time. Yes, they like not having to send technology support out to the office - and not worrying about servers left under the desk in an office that’s not locked until the cleaner goes home.

But a couple of days after they sent the first batch of thin clients out to the office, they had to replace them with Wyse models because they’re better at streaming AV. The brokers need access to the BBC and Bloomberg and videos of CEOs reading out company statements - and YouTube (although it’s not clear if that’s business or pleasure). Aspen supports any USB device the brokers want to plug in from printers to iPods. They chose their current system over Citrix so they could have Vista and XP desktops and a full range of software. After all, the brokers are probably well paid and in demand: tie down their IT system until they’re tripping over it and you’ll lose more money than you save on not sending people out for a desk-side support visit.

That’s good news for the users and thin client obviously works well for Aspen. But it means that picking thin client over a desktop PC might not be the decision you originally thought you’d be making.

-Mary

The usual round of email press releases dropped into the SandM mailbox this morning. One caught our attention, from the folk at PC World, which signals something we’re pretty sure is going to be one of the big IT trends for 2008.

In a tie up with 3, they’re going to be offering a free cheap laptop (or £350 off most) along with one of 3’s 3G dongle modems. You’ll need to sign up for a £35 a month data tariff for the cheap laptop, which gives you 3GB of data (with 10p/megabyte for anything over) at up to 2.8Mbps.

Ignore the free laptop (after all, PC World have a lot to get rid of, if you remember their recent results!) - it’s the 3G modem that really interests us.

It wasn’t long ago that 3G data was the province of the technophiles, using cards with complex drivers and expensive connections. Pricing models have changed dramatically in the last 6 months, as networks try to compete with WiFi - and as a new, lower cost, set of 3G chips arrived. Hardware is now cheap, and the latest USB designs self-install software as soon as they’re plugged in. Even the current tariffs are affordable - T-Mobile has just introduced a pay-as-you-go Web’n'Walk for just £4.50 a day.

That’s where things start to change.

Look at the cost of WiFi. Sit in a Starbucks and hook up to a T-Mobile WiFi connection and you’re already payig more than that (and let’s not go into the costs of BT OpenZone or The Cloud). HSDPA data is more convenient (if a little slower), and it’s now cheaper. You can use it anywhere, and with any PC. In fact, if you’ve got a recent laptop, there are reasonable odds that all you need is a SIM and you can use the built-in 3G WAN hardware.

3G data is here to stay. With higher speed HSUPA networks going online, things are going to get faster still.

My guess? The WiFi networks in places like Starbucks are going to become a loss leader. WiFi prices need to drop to compete with 3G - and we’re also going to see more deals like T-Mobile bundling WiFi with new contracts for it’s Web’n'Walk (why not for us existing subscribers?) and O2 providing free Cloud access to its iPhone users. O2’s also tweaked its data pricing to compete with the rest of the industry.

The endgame is going to be good for us users. WiFi will become free or very low cost, and 3G prices will continue to drop as operators finally start to digest the effects of data usage on the rest of their revenue in the light of voice becoming a commodity…

–Simon