Due to the slow economy, most tech companies are being cautious and ratcheting back sales forecasts for software and hardware. The exception: Infra-Strategy, a company that operates a group of Web sites that help people find a lawyer and info to deal with bankruptcies, divorces and DUI cases. Visits to the sites are booming – with visits to totaldivorce.com, for example, up 112% in October 2008 (I found the picture on the website particularly compelling). Apparently, in bad times, divorce rates go up. Who knew?

Is it always a recession when it comes to IT Operations? Companies are constantly trying to find ways to do more with less in IT – reducing costs but keeping the same or even adding functionality – deploying technologies that drive IT consolidation such as mobile and remote access, unified communications and virtualization. Chris Silva of The Forrester Blog for IT Infrastructure & Operations Professionals is looking for a research panel to find out what fellow IT companies are doing to keep their IT budgets in check. To join the research panel visit: http://itpanel.forrester.com/.

The Cloud Computing Monopoly debate continues. O’Reilly Media founder Tim O’Reilly and technology writer Nicholas Carr (of “IT Doesn’t Matter” fame/infamy) have been discussing the ‘potential for a single company to achieve monopoly control of the world of cloud computing.’ But what’s even more interesting is the “who will make a lot of money” in cloud computing question.

I'm not complaining about the fact that I can't see what I'm typing. I understand and laud that feature, because I don't want someone looking over my shoulder at the password I'm typing, and this even applies when I'm at home. I love my children, but I certainly don't want them knowing the password to my bank account!

No, what I'm bothered by is how a typical password text box behaves on a form that may incur multiple post-backs before it's finally submitted. If you use the built in ASP.NET TextBox control, it purposely does not repopulate the password text, which means if you press a button on the form that performs a post-back, or if you have a multi-page form that posts back on every step, that password disappears, and the user typically has to re-enter it. You could solve this with liberal use of ASP.NET Ajax UpdatePanels, but that adds its own complexities. I wanted a simpler solution.

So I did a little research to see what others had discovered about this problem, and I ended up deriving my own custom control from TextBox to make a much more user-friendly (and developer-friendly) TextBox control. I called it PasswordTextBox, and it acts just like a TextBox in password mode, but it retains the password while still giving the user the same level of protection the standard TextBox supplies.

My PasswordTextBox operates very simply: it stores the password in control state, and renders a series of fixed characters (with the same length as the actual password) into the text box so that it "looks" like the user's password has been rendered. Since control state is part of view state, and since view state is stored in a hidden field on the form, I encrypt the password before putting it into control state.

The result is quite nice - the user can post your form back as many times as she needs to, perhaps moving back and forth across wizard steps or tabs, and when she finally presses the "Finish" button (or whatever you call the last step of your input form), your code will be able to read the password by simply accessing the Text property on the PasswordTextBox. The user will believe that her password is sitting there on the form while she's working, as the same number of obfuscated characters will show up in the field as she typed in originally (what she doesn't know is that those characters aren't her real password anymore, but what she doesn't know won't hurt her!)

Note that to keep this simple, I used DPAPI to encrypt the password, which suited my purposes. But if you have a web farm, that won't work well at all if you don't know which machine the user's going to post back to, so you'll want to replace that with something more robust. I could see looking up the <machineKey> for entropy, as that tends to be sync'd already across the farm, but I've not yet spent the cycles to go down that road, since unfortunately all of the code for generating keys based on that config section are off limits in ASP.NET (most of the useful stuff is marked internal). I don't think it'd be that hard to do though.

Anyway, without further ado, here's the code, which you'll see is quite simple. I'd love feedback, especially if you see any glaring problems with the idea or the implementation!

public class PasswordTextBox : TextBox
{
    // unlikely that a string of these would be used for a password
    const char PasswordPlaceholderChar = '}';

    string password; // stored encrypted in control state

    protected override void OnInit(EventArgs e)
    {
        base.OnInit(e);
        Page.RegisterRequiresControlState(this);
    }

    protected override object SaveControlState()
    {
        byte[] encryptedPassword = ProtectPassword(password);

        object baseControlState = base.SaveControlState();
        if (null == baseControlState)
            return encryptedPassword;
        else return new Pair(baseControlState, encryptedPassword);
    }

    protected override void LoadControlState(object savedState)
    {
        byte[] encryptedPassword;

        Pair pair = savedState as Pair;
        if (null != pair)
        {
            base.LoadControlState(pair.First);
            encryptedPassword = pair.Second as byte[];
        }
        else encryptedPassword = savedState as byte[];

        password = UnprotectPassword(encryptedPassword);
    }

    /// <summary>
    /// This control always uses TextMode=Password
    /// </summary>
    public override TextBoxMode TextMode
    {
        get
        {
            return TextBoxMode.Password;
        }
        set { }
    }

    /// <summary>
    /// TextBox doesn't render value attribute for TextMode=Password
    /// So we add code that renders a placeholder text instead
    /// </summary>
    /// <param name="writer"></param>
    protected override void AddAttributesToRender(HtmlTextWriter writer)
    {
        base.AddAttributesToRender(writer);

        string text = Text;
        if (text.Length > 0)
            writer.AddAttribute(HtmlTextWriterAttribute.Value,
                GetPlaceholderPassword(text));
    }

    /// <summary>
    /// TextBox doesn't save the "Text" viewstate in
    /// TextMode=Password and we don't want our behavior to break
    /// if ViewState is turned off so we store the password in
    /// Control State, encrypted with MachineKey
    /// </summary>
    public override string Text
    {
        get
        {
            return password ?? string.Empty;
        }
        set
        {
            // this prevents us overwriting the actual
            // password with a placeholder
            if (!string.IsNullOrEmpty(password) &&
                value.Equals(GetPlaceholderPassword(password)))
                return;

            password = value;
        }
    }

    private string GetPlaceholderPassword(string realPassword)
    {
        int length = 12;
        if (!string.IsNullOrEmpty(realPassword))
            length = realPassword.Length;

        StringBuilder sb = new StringBuilder();
        sb.Append(PasswordPlaceholderChar, length);

        return sb.ToString();
    }

    public byte[] ProtectPassword(string password)
    {
        if (string.IsNullOrEmpty(password))
            return null;
        byte[] cleartext = Encoding.UTF8.GetBytes(password);
        return ProtectedData.Protect(cleartext, null,
            DataProtectionScope.LocalMachine);
    }

    public string UnprotectPassword(byte[] ciphertext)
    {
        if (null == ciphertext)
            return null;
        byte[] cleartext = ProtectedData.Unprotect(ciphertext, null,
            DataProtectionScope.LocalMachine);
        return Encoding.UTF8.GetString(cleartext);
    }
}

Is it supposed to make me feel better about getting my problem fixed if I’m talking to someone in the Midwest versus someone in Bangalore? (Please no hate mail – I’m from the Midwest.) Honestly, I just want my computer to stop showing me a blue screen of death.

But apparently, I might be in the minority. According to the Black Book of Outsourcing (yes, outsourcing has a black book), reverse outsourcing is on the rise with “India’s leading service providers opening offices on Main Street, USA” to be closer to customers (mainly North American) and draw from the “local talent pools”.

The one area of outsourcing bucking this trend – infrastructure management. Co-writer Scott Wilson says that infrastructure management is largely automated, low touch and does not involve a lot of interaction.

Speaking as a vendor of infrastructure management tools, that’s a bunch of malarkey. Perhaps at a very low level this is true (i.e., is the device responding), but that’s just the tip of the iceberg when it comes to monitoring performance, availability and SLAs for today’s networks, systems and applications.

Certainly as vendors, we try to put as much automation as possible into our toolsets – helping our customers to simplify IT management wherever possible, enabling them to be proactive by setting up “intelligent” alarms and thresholds that warn of problems before they become showstoppers and reacting at a speed in this increasingly virtual world that simply is not possible for human manual interaction.

But infrastructure management doesn’t happen in a vacuum and you can bet when something goes wrong which affects some mission-critical app state-side, that there is a LOT of communication and interaction. And it takes a lot of work and setup to get to a level of automation where the alerting is proactive and intelligent and customized for each business.

One of the main points of tools like ours is to automate where possible in order to free up the valuable time of the sysadmins, network engineers, IT managers, etc to do the higher order work – which is how they’ll get to the next level of infrastructure management. Beyond “is it up”, infrastructure management should be providing answers to questions like: “is it always up”, “is it doing what I expected it to do” and “will it still be working as expected as my company grows”.

One of the main problems in counterterrorism today is that there are so many people and vehicles, and so much data and material, moving through globalization's myriad networks that it seems virtually impossible to track it all effectively. Nowhere has this problem been more acute than on the high seas.

In 2006, Adm. Harry Ulrich, then U.S. commander of NATO Naval Forces Europe, decided to do something about it. Despite having virtually no resources, his dream was to transpose the global air-traffic control system onto sea traffic.

Worldwide, aircraft are transparent, because they're all required to carry an identification beacon that allows them to be tracked leaving and entering airports, and monitored between airports, by a global network of sensors. Act suspiciously and somebody's fighter aircraft will soon be on your tail.

No such pervasive system currently exists globally for maritime traffic. While bigger ships carry an ID beacon similar to aircraft, without a shared monitoring network, that's like tracking only selected commercial jets and giving everyone else a pass.
So Ulrich, upon taking command, asked a simple question: "If we can do that in the air, why can't we do it on the sea?" He made a point of pioneering his sea-traffic-control effort first inside the Mediterranean, where NATO's southern naval forces have historically been concentrated, but his real target was waters off Africa -- the most ungoverned maritime space in the world.

Ulrich knew the U. S. Navy couldn't do it alone, much less bring Africa's meager coast-guard-like navies up to snuff so they could do it on their own. So he quickly created a network of assets -- both public and private -- to manage that space, modeling his monitoring system on international air-traffic control.

Ulrich began stitching together a network of shore-based sensors ringing the Mediterranean. His naval command then began initial monitoring by tapping into the International Maritime Organization's existing Automated Identification System, transforming NATO's ability to track ship traffic in the Med.

Almost overnight, NATO went from tracking dozens of ships on the Mediterranean to thousands, and instead of getting the data sometimes up to 72 hours late, now the contacts were being tracked in one to five minutes -- to an accuracy within 50 feet on the earth's surface.

When the classic big-firm systems integrators told Ulrich it would be too costly to pull it off, the admiral turned to the Volpe Center in Cambridge, Massachusetts, a U.S. Department of Transportation research center. Instead of hundreds of millions of dollars, Ulrich's initial network cost $900,000. The shore-based receivers are small, roughly the size of a radar dish you might find on a pleasure craft.

The strength of the system is a function of its reach: the more countries join, the larger the shared operational picture. By the time Ulrich retired at the end of 2007, he had enlisted 32 countries throughout the Mediterranean, the North Atlantic, along the west coast of Africa, around the Black Sea, and in the Pacific. Today, the network continues to spread around the planet.

With Ulrich's system in place, local police, coast guards, and border patrols catch most bad guys, obviating American military responses. As Harry told me for an article I wrote about his work in a fall 2007 issue of Esquire, "I don't do defense; I do security. When you talk defense, you talk containment and mutually assured destruction. When you talk security, you talk collaboration and networking. This is the future."

The admiral's legacy program, the Maritime Safety and Security Information System, earned the Volpe Center a prestigious "Innovations in American Government" award this month from Harvard University's Ash Institute for Democratic Governance and Innovation.

Espin references Joe Sharkey's excellent column on in-flight calling in Sunday's New York Times: Sharkey, a veteran travel writer, who survived a mid-air collision over the Brazilian Amazon a few years ago, looks at varying attitudes about calls made during flights. He quotes Aircell's Jack Blumenstein saying what I've telling folks for months: Aircell has a lot of techniques to block VoIP calls already, and "as we identify new ways that people are trying to do voice calls on the airplane, we just kind of zero in and knock those off." Many geeks have assumed Aircell is a bunch of unsavvy folks who wouldn't be able to figure out how to disrupt their clever workarounds for making VoIP. (I keep noting that introducing jitter for suspicious data connections wouldn't disrupt legitimate applications, but would destroy VoIP call quality.)

The New York Times rounds up using cell phones as hotspots: Though the reporter, Bob Tedeschi, mentions the issue of having to have an unlimited data plan to avoid unpleasant charges, and worries about bad drains and malicious users, he doesn't note that many carriers don't allow this kind of sharing or routing without a separate "tethering" plan, that can run $20 or more per month. Also, U.S. carriers have now all imposed a 5 GB per month reasonable use cap; some will cut you off, some charge you more, some cancel your service based on exceeding this use.

Gigabit Wi-Fi? Someday: TechWorld considers the IEEE's Very High Throughput (VHT) study group, which wants to start work on 1 Gbps or faster Wi-Fi standard for completion in 2012. With 802.11n offering raw symbol rates up to 600 Mbps--even though no devices have shipped with the radios and antennas to offer that optional high speed yet--there's interest in other frequencies that would allow faster encodings, as well as aggregating multiple links to achieve high speed rates. My experience in testing and using 2.4 GHz with Draft N would show that wide or aggregated channels doesn't work very well. The article's writer, Peter Judge, notes that ultrawideband had potential (over short distances) to approach the gigabit mark, but that UWB hasn't really reached the market in any substantive way years after it was promised to be a big technology.

Flight attendants express concerns about in-flight broadband porn: When I've spoken to airlines, industry experts, and service providers, I find that they all have stories about how porn is viewed on computers, through DVD players, and in convenient magazine form on planes today. Adding the Internet may provide new salacious imagery, but the problem predates Internet access, and filtering Internet service is never as good a solution as a social one. Someone idiotic enough to view porn on a plane over the Internet is also stupid enough to bring along inappropriate DVDs they watch while seated next to children. Flight attendants already have the power vested in them to take care of this. The flight attendants for American might be expressing this concern as part of a bargaining issue, where their responsibilities but not commensurate pay have increased.

Spokane ends free Wi-Fi: Remember Vivato? Boy, I sure do. A company with a reach far exceeding its grasp, Vivato initially powered Spokane's downtown network. The network has continued to run on some basis--I'm not sure using what equipment--and now will move from free to fee. OneEighty Networks will charge about $10 per month to cover the costs of the network, for which local businesses at one point chipped in.

Brazilian TAM airline signs up for in-flight calling, messaging: OnAir has signed up the Brazilian carrier TAM, which will deploy the service on its Airbus A320 craft. Brazil hasn't yet provided regulatory approval, so no launch date is noted. TAM is the largest domestic and international carrier for Brazil.

FP: And what about drilling? Republican presidential candidate Sen. John McCain, his running mate Gov. Sarah Palin, and President George W. Bush are implying that lifting environmental restrictions on drilling is the way to promote energy independence.

TF: Well, I think it’s patent nonsense. No one believes that somehow offshore, there’s enough oil in any near term and even the long term to provide us oil independence. It’s the wrong approach because in a world that’s hot, flat, and crowded, fossil fuels—and particularly crude oil—are going to be expensive and exhausting. Therefore the focus should be on the next great global industry: clean energy technology. When I hear McCain pounding the table for “drill, drill, drill,” it reminds me of someone pounding the table for IBM Selectric typewriters on the eve of the IT revolution.

I’m not against offshore drilling, by the way, because I believe the technology and the safety has improved far beyond where it was back in the 70s, 80s, and 90s, even. What I’m against is making it the centerpiece of our energy policy. If all McCain said was, “Let’s drill, but let’s also throw everything into innovating the next generation of clean-energy technologies,” I’d say, “You’ve got it exactly right, pal.”

This is a big day for Aircell, which spent tens of millions to acquire the exclusive spectrum license that allows them to shoot Mbps to and from planes. My big question will be whether coverage remains seamless across an entire flight--how often one has to reconnect their VPN would be a big issue. If Aircell has architected the network correctly, passengers should never be reassigned an IP address, and connections shouldn't be dropped even if there's a hiccup in air-to-ground communication.

I've covered in-flight broadband for several years, and I've been wondering lately whether we'd be waiting until 2009 to see real production service. American is calling this a 3-to-6 month pilot to see what their passengers think. Just yesterday, I wrote up veteran travel writer Joe Brancatelli's frustration with the lack of information and some misinformation about in-flight broadband.

You can read more background on American's plans and Aircell's technology in a post I wrote for BoingBoing on 24-June-2008.

He's not very positive about it, because his research shows a mismatch between claims and work. He writes that an unnamed American airline executive is frustrated by the delay in launching the 3-to-6 month pilot on their trans-continental fleet; that Aircell hasn't submitted paperwork for Virgin's Airbus models for certification; and that the FAA just received a request to certify Delta's MD-80 craft, which makes a launch with 75 planes this year on that airline less likely.

Competitor Row 44 doesn't fare better in his analysis, as they promised spring and summer 2008 tests that still haven't happened, with Southwest and Alaska Airlines.

I'm a little more positive about the future of in-flight broadband. There's no particular conspiracy. It's hard to make it work. Development and testing is tricky due to FAA limits, and getting in-flight handoffs to work for seamless service at 35,000 feet is far more difficult than, say, cellular handoffs in a moving car at 100 feet above sea level. My suspicion is that tuning the service to be entirely reliable at launch is what's taking so long.

Brancatelli blames the high price of Connexion on its failure, but I don't think the $27 fee for long-haul flights deterred users. Lufthansa, which deployed all its long-haul fleet, apparently had very good usage. Most other airlines had few craft equipped, which didn't allow business travelers, able to expense several hours of work for a $27 fee, the reliability of having on-board Internet when they needed it. Connexion also had many reports of spotty service in certain areas.

Connexion's failure came from deploying technology that was old when it was deployed, which weighed too much, and which was too expensive to install. Connexion's revenue and expenses were forecast based on having several hundred aircraft with Connexion service--recall that it was supposed to be a domestic U.S. service, too. In the end they had about 100, I believe.

Brancatelli is also modest when he says Boeing "lost" $300m. That's part of what they wrote down. My sources say they spent more than a billion in R&D, transponder leases, ground station operation, airline incentives, and payoffs at the end.