Slacker licenses music directly from publishers, and includes a perpetual subscription in the cost of the player. Slacker creates stations that feed out an endless supply of music. The new models are $200 for a 4GB model with the ability to list 25 stations (up to 2,500 songs), or $250 for an 8 GB model with 40 stations (up to 4,000 songs). You can also sync your own music in MP3 or WMA format. For $7.50 per month, you can upgrade and store songs you're listening to, as well as avoid ads.

The G2 is already getting reviews as a much-improved upgrade from the first release. Like the Zune, there's no browser or other Internet features, and that might be a positive.

The G2 is tied into Devicescape's Wi-Fi home and hotspot authentication system, which lets Slacker G2 owners pre-program encryption keys or login information for hotspots that they frequent. Devicescape's software both retrieves and stores login information, allowing the G2 to be used in places that would otherwise require either tedious entry of a WPA passphrase, or be unavailable without a Web browser to handle the login.

Apple added access for iPhone and iPod touch users to a subset of its iTunes Store over Wi-Fi--the awkwardly named iTunes Wi-Fi Music Store--more than a year ago, along with the ability to access that store at no cost from handhelds and laptops via Starbucks outlets in New York, Seattle, and throughout the San Francisco Bay Area. (Chicago and Los Angeles have been "coming soon" for a year, but the new AT&T/Starbucks deal may have delayed opening up those markets.)

Terrestrial AM/FM radio stations would like to figure out how to remain meaningful in a world of streaming Internet radio. Their latest strategy is to embed information that allows a listener to mark a song they want, potentially getting a piece of music sold in this fashion. With FM tagging, Zune players tap into an existing very low-data-rate encoding protocols that allow stations to push out their call letters and current song information. By adding a very short code, broadcasters can allow Zunes to look up the appropriate song.

At launch, 450 stations from major networks, including Clear Channel, Entercom, and others, will broadcast tagging details. Note that Microsoft includes KEXP, a Seattle independent and alternative radio station, in its sample image, for the new models. KEXP, given a boost a few years ago through significant short-term funding by Paul Allen--funding that involved changing its call letters to his Experience Music Project museum initials--has an enormous listenership over the Internet ironically enough. KEXP will be a programming partner creating channels of music for the subscription-based Zune Pass service. (Zune Pass is $15 per month, all you can eat.)

This option could allow Microsoft to ink partnerships with hotspot networks to brand them with Zune compatibility, lets radio stations promote something other than iPods that they would have a direct relationship with (and, potentially, some kind of revenue stream from?), and may be part of breaking Apple's digital music hegemony. May be. Nobody's gotten rich betting against Apple for the last several years. (Details of revenue sharing with radio stations hasn't been discussed.)

Apple opted for a partnership with HD Radio broadcasters and equipment makers that has a relatively elaborate process of tagging songs. HD Radio is digital AM/FM, a patented and licensed method that has provoked a lot of controversy, and has lagged enormously in the marketplace, despite well over 1,000 stations (including many public radio stations) broadcasting in this digital format, some for over three years.

HD Radio tagging requires an HD radio receiver with a Tag button; pressing that button stores the song's tag information. The radio must also have an iPod dock. Docking an iPod syncs the tag information, and the next time the iPod is sync with iTunes, you can see which songs were tagged. Kind of tedious compared to "press a button while listening to an FM station and buy the song over Wi-Fi." (I've been writing about HD Radio for years, and even launched a blog that's gone moribund; the technology is interesting, but Internet radio on mobile devices coupled with on-demand music purchasing over cell and Wi-Fi may simply make HD Radio unnecessary for listeners.)

Microsoft has a more compelling "marketing story" for this feature than Apple, that's for sure. On the other hand, do you really need to tag songs from stations that play only the most popular music in a given format?

If you’re planning to, or are implementing wired 802.1X, wireless security and/or NAC, the contents of this blog may save you hours of time and trouble.

Throughout the implementations I’ve done, for both wired and wireless 802.1X, I’ve developed a procedure for implementing and testing 802.1X each step of the way. Following these steps my seem to be tedious and unnecessarily time-consuming. But, if  you’re just starting with 802.1X, I’m offering a way to implement it in phased pieces that will give you the information to test, confirm and troubleshoot at each step.

To be honest, I frequently skip these steps, but I’ve done many 802.1X implementations and can usually hit the bullseye the first time (unless there’s buggy software or firmware- you guys know who you are). But, if something doesn’t work, I start right back at Number 1 here and I follow this procedure.

1) Configure wired 802.1X
First setup the basic wired 802.1X. Ideally, start with a Windows test, using XP SP3 or a later server edition and PEAP. Provision RADIUS, I recommend Microsoft IAS because it’s well-documented and well supported. Even if you have other future plans, if you’re using Active Directory, start with IAS. You’ll need to setup a test RADIUS group and policy and link to AD. Get a test switch, add it as a RADIUS client, and configure it to talk to your RADIUS. Set up some ports for 1X and enable it on the switch. I recommend testing with PEAP as the authentication method and a Windows credential pass-thru. Note- you’ll need to create a server certificate to use PEAP- a self-signed Microsoft cert is fine.

If this simple configuration doesn’t work, you have some troubleshooting options. First, view the system events log in the RADIUS/AD server and look for informational events from IAS. If the authentication request is making it from the client -> switch -> RADIUS, you’ll see something here. The something you see should tell you if the EAP method is mismatched, or if the credentials were wrong, etc. Your second line of troubleshooting comes if you don’t see any RADIUS log activity. If that happens, throw on a packet capture utility like Wireshark. You want to search for 2 things. First look for conversations from your Test Switch to the RADIUS server (filter on IP or MACs). If you see something here, see where the conversation drops off. If that comes up empty, it means the conversation is terminated between the Test Switch and Test Client. I have some neat tricks for troubleshooting I’ll share with you later.

2) Add in Wireless
If you’re planning to implement 802.1X for wireless, now is the time to throw 802.11 in the mix. It’s harder to sniff wireless traffic for troubleshooting, which is why I recommend starting with wired 1X. Keep it simple, and then start layering. Once you have the wired 1X configured, all you need to do is get your AP ready and configure it just as you did your switch- add it as a RADIUS client and configure it to talk to RADIUS. For wireless, you’ll need to configure encryption also. Note, I recommend (for testing) to begin with your primary VLAN.

If your wireless 802.1X isn’t working, follow our troubleshooting above and re-check settings based on the RADIUS event log contents. If nothing is making it to RADIUS, then most likely something is misconfigured in your AP/Controller and the AP isn’t communicating with the RADIUS server. You know the rest of it’s working (RADIUS, AD, Client) so you can narrow your troubleshooting scope. Once that’s working you can stop if wireless is your goal, or keep going if you’re layering on more security.

3) Replace with Custom Pieces
If you’re planning to use a different RADIUS server or a different supplicant, now would be a good time to start swapping out our vanilla configuration with custom pieces. Replace 1 piece at a time and re-test.

4) Add in NAC or Endpoint Integrity
Most NAC or EI solutions will integrate with your 802.1X infrastructure (if you want them to) and can be ‘consulted’ prior to authenticating and opening the secured port. My suggestion is to always get 1X working 100% before you add any type of integrity or compliance testing.

If you follow these steps, you can turn a complex configuration into a set of simple baby-steps. It may sound stupid, but I promise it’ll work for you every time!

# # #

Microsoft expands its commuter bus system: The Wi-Fi equipped buses will grow to handle 4,600 riders a day from the current 1,800. A good friend will now have a 5-block walk from his Seattle home instead of a sort of impossible bus commute or a tedious daily drive. Microsoft was late to the game of offering free bus service to its employees, and thus their expansion must indicate that the increase in productivity and other goals are being met. The company told the Seattle Post-Intelligencer that 2,500 of the 4,300 employees who have so far used the system for a total of 130,000 rides were single-occupant car drivers.

Nikon's new Coolpix S52c pairs 9 megapixel images, Flickr, Wi-Fi: The $300 camera, shipping in a few weeks, has a 9 MP sensor, 3x optical zoom, and vibration reduction and stabilization. The camera's internal Wi-Fi works with a local network, where it transfers photos to a computer, which then can upload them to their own online service, Picturetown, or it can "email" photos (sending low-resolution images that the companies tend to forgot to give you the specs on how low resolution) at hotspots. The camera comes with six months of T-Mobile service. Pictures can be transferred to Flickr and social-networking sites via a feature at Picturetown.

Most discussions I've seen around security and virtualization center around subtle threats to the hypervisor layer, and whether its possible to jump from one virtual machine to another. Then there are the circular discussions about whether its provably more secure to perform AV and intrusion inspection from inside the virtual machine, or have the host perform all the functions.

All pretty tedious if you ask me. I reckon we've some much bigger problems in a virtual world.

Isn't it more of a problem that in a virtual world its harder to keep track of what business activities happen where? Isn't the patch and vulnerability management process exponentially more complex when you're instantiating and destroying virtual machines left right and center? How do you determine what risks you're introducing if you move a virtual machine from one place to another? How do we track all this and demonstrate it to our friendly auditors when they come a-knocking?

I reckon we need to elevate the level of conversation to talk about the real risk consequences of virtualization, and what it does to the security business model.

Don't get me wrong, we do need to consider these more subtle virtualization threats, but rather than talking about them in isolation, we can incorporate them into wider conversation. This can then include the slew of new deployment, implementationm and licensing options virtualization introduces for security services, and devise a more business oriented way to establish who does what, where, and when for optimal security and cost.