October 10, 2006, 9:02 PM PDT
Google Docs and Spreadsheets: Not quite Google Office, but closer
Posted by: Rafe Needleman

Google just launched the feature I was kvetching about yesterday when I covered Zoho: an integrated file system for its productivity applications. Until now, documents created in Writely and in Google Spreadsheets lived separately. But in the new, publicly available Google Docs and Spreadsheets, at docs.google.com, all the documents you create in either Docs (no more "Writely") or Spreadsheets are displayed in one interface, where you can tag your files and sort them however you want. It's a big improvement.

Google is also bringing the user interfaces and the feature sets of the two applications closer together. Both look very similar, and both have similar common functions, such as import and export. But it's clear that the Google apps were built by separate teams. Little differences give it away: The collaboration function is a separate page in Docs, but a right-hand panel in Spreadsheets. Spreadsheets also has a built-in chat feature to complement its real-time group editing capability. Docs has no chat (although it does have group editing). On the other hand, Docs lets you see a list of all the revisions other users have made; Spreadsheets does not.

Most importantly, although you can see all your files in one place, the two applications aren't really integrated. You cannot embed a spreadsheet into a document, for example. That's lame.

Today's release of Google Docs and Spreadsheets is a step forward, and I trust that Google will continue to improve the feature set, usability, and integration of these two products. At a preview for bloggers earlier today, we heard about some future plans such as integration with Gmail (when you get a word processing file or a spreadsheet as an attachment, you'll have the option to open the file in Docs and Spreadsheets). The team is also working on APIs, so other programmers can access the functionality of the applications. Also, Google is going to "take a shot" at a disconnected version, for users who want to access files when they are offline. And they're working on other applications, too.

I like Google's online applications despite their early-stage flaws and omissions. They're easy to use, and their collaboration features, while basic, set them apart from standard office applications. People looking for clean and simple online applications will find Google Docs and Spreadsheets useful. Those who need a more fully developed online suite right now should check out Zoho and ThinkFree. This market is moving fast; it's being reported on TechCrunch that Zoho will launch a more complete and very tightly integrated online productivity suite, Zoho Virtual Office, at the Office 2.0 Conference.

Screenshots courtesy of Google. We'll have a hands-on review soon.

Permalink | 1 comment

• Read also: Web 2.0, Office 2.0
• Email to a friend | Print this post

October 10, 2006, 4:23 PM PDT
Inside Toyota's magic kingdom
Posted by: Kevin Massy

Toyota's über-efficient manufacturing practices have attracted a lot of interest over the past few years. Concepts such as 'just in time' supply-chain management and bottom-up innovation, together with the success of the Prius hybrid have helped the Japanese automaker maintain consistent growth at a time when many of its rivals are struggling with decreasing sales.

CNET's Michael Kanellos recently visited one of Toyota's 10 factories in its eponymous Toyota City to see how it all works in practice: what he found was a stranger-than-fiction high-tech industrial utopia, complete with motorized tool trays that follow workers around, ceiling-mounted people-movers, and a trumpet-playing robot. He also got a close-up look at some of the weird and wonderful concept vehicles that Toyota is working on. Check out his article and slide show here.

Permalink | Post a comment

• Read also: car tech
• Email to a friend | Print this post

October 10, 2006, 12:00 PM PDT
Microsoft fixes 26 flaws with 10 patches
Posted by: Robert Vamosi

Microsoft has released its October 2006 security bulletin, which includes 10 updates: 6 are listed as Critical, 1 Important, 2 Moderate, and 1 Low. Four critical updates this month are specific to Microsoft Office. Users of Windows 98 and Windows Me will notice that Microsoft no longer offers technical support for these two operating systems, nor does Microsoft continue to provide technical support for users of Windows XP SP1. To keep your Windows 98 and Me systems secure, see our roundup of compatible third-party security applications. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS06-056: Moderate

Entitled "Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)," this bulletin affects users of Microsoft .Net Framework 2.0 for the following operating system versions: Microsoft Windows 2000 (SP4), Microsoft Windows XP (SP1 or 2, x64 edition, Tablet PC, Media Center), and Microsoft Windows Server 2003 (SP1, Itanium-based Systems, and x64 edition), and addresses the vulnerability detailed in CVE-2006-3436. Successful exploitation could lead to information disclosure.

MS06-057: Critical

Entitled "Vulnerability in Windows Explorer Could Allow Remote Execution (923191)," this bulletin affects users of Microsoft Windows 2000 (SP4), Microsoft Windows XP (SP1, SP2, and x64 edition) and Microsoft Windows Server 2003 (SP1, for Itanium-based Systems, and x64 Edition), and addresses the vulnerability detailed in CVE-2006-3730. Successful exploitation could lead to remote exploitation.

MS06-058: Critical

Entitled "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)," this bulletin affects users of Microsoft Office 2000 (SP3), Microsoft PowerPoint 2000, Microsoft Office XP (SP3), Microsoft PowerPoint 2000, Microsoft Office 2003 (SP1 or SP2), Microsoft Office PowerPoint 2003, Microsoft Office 2004 for Mac, Microsoft PowerPoint 2004 for Mac, Microsoft Office v. X for Mac, Microsoft PowerPoint v. X for Mac, and addresses the vulnerabilities detailed in CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. Successful exploitation could lead to remote code execution.

MS06-059: Critical

Entitled " Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Excel 2000, Microsoft Office XP Service Pack 3, Microsoft Excel 2002, Microsoft Office 2003 (SP1 or 2), Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office 2004 for Mac, Microsoft Excel 2004 for Mac, Microsoft Office X for Mac, Microsoft Excel X for Mac, Microsoft Works Suite 2004, Microsoft Works Suite 2005, and Microsoft Works Suite 2006, and addresses the vulnerabilities detailed in CVE-2006-2387, CVE-2006-3431, CVE-2006-3867, and CVE-2006-3875. Successful exploitation could lead to remote code execution.

MS06-060: Critical

Entitled "Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)," this bulletin affects users of Microsoft Office 2000 (SP3), Microsoft Word 2000, Microsoft Office XP (SP3), Microsoft Word 2002, Microsoft Office 2003 (SP1 or SP2), Microsoft Office Word 2003, Microsoft Office Word 2003 Viewer, Microsoft Works Suite 2004, Microsoft Works Suite 2005, Microsoft Works Suite 2006, Microsoft Office 2004 for Mac, and Microsoft Office X for Mac, and addresses the vulnerabilities detailed in CVE-2006-3647, CVE-2006-3651, CVE-2006-4534, and CVE-2006-4693. Successful exploitation could lead to remote code execution.

MS06-061: Critical

Entitled "Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)," this bulletin affects users of Microsoft XML Parser 2.6 and Office 2003, and does not affect users of Windows 2000 (SP4) running Microsoft XML Core Services 2.5, Microsoft Windows XP (SP1 or SP2) running Microsoft XML Core Services 2.5, Microsoft Windows Server 2003 running Microsoft XML Core Services 2.5, and Microsoft Windows Server 2003 Service Pack 1 running Microsoft XML Core Services 2.5, and addresses the vulnerabilities detailed in CVE-2006-4685 and CVE-2006-4686. Successful exploitation could lead to remote code execution.

MS06-062: Critical

Entitled "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)," this bulletin affects users of Microsoft Office 2000 SP3, Microsoft Access 2000, Microsoft Excel 2000, Microsoft FrontPage 2000, Microsoft Outlook 2000, Microsoft PowerPoint 2000, Microsoft Publisher 2000, Microsoft Word 2000, Microsoft Office XP (SP3) Microsoft Access 2002, Microsoft Excel 2002, Microsoft FrontPage 2002, Microsoft Outlook 2002, Microsoft PowerPoint 2002, Microsoft Publisher 2002, Microsoft Visio 2002, Microsoft Word 2002, Microsoft Office 2003 (SP1 or SP2), Microsoft Access 2003, Microsoft Excel 2003, Microsoft Excel 2003 Viewer, Microsoft FrontPage 2003, Microsoft InfoPath 2003, Microsoft OneNote 2003, Microsoft Outlook 2003, Microsoft PowerPoint 2003, Microsoft Project 2003, Microsoft Publisher 2003, Microsoft Visio 2003, Microsoft Word 2003, Microsoft Word 2003 Viewer, Microsoft Project 2000 (SP1), Microsoft Project 2002 (SP1), Microsoft Visio 2002 (SP2), Microsoft Office 2004 for Mac, and Microsoft Office X for Mac; it does not affect Microsoft PowerPoint 2003 Viewer, Microsoft Works Suites, Microsoft Works Suite 2004, Microsoft Works Suite 2005, and Microsoft Works Suite 2006, and addresses the vulnerabilities detailed in CVE-2006-3434, CVE-2006-3650, CVE-2006-3864, and CVE-2006-3868. Successful exploitation could lead to remote code execution.

MS06-063: Important

Entitled "Vulnerability in Server Service Could Allow Denial of Service (923414)," this bulletin affects users of Microsoft Windows 2000 (SP4), Microsoft Windows XP (SP1, SP2, and x64 Edition), Microsoft Windows Server 2003 (SP1, for Itanium-based Systems and x64 Edition), and addresses the vulnerabilities detailed in CVE-2006-3942 and CVE-2006-4696. Successful exploitation could lead to denial of service.

MS06-064: Low

Entitled "Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)," this bulletin affects users of Microsoft Windows XP (SP1, SP2, x64), Microsoft Windows Server 2003 (SP1, for Itanium-based Systems and x64 Edition), does not affect Microsoft Windows 2000 (SP4), and addresses the vulnerabilities detailed in CVE-2006-0790, CVE-2006-0230, and CVE-2006-0688. Succesful exploitation could lead to denial of service.

MS06-065: Moderate

Entitled "Vulnerability in Windows Object Packager Could Allow Remote Execution (924496))," this bulletin affects users of Microsoft Windows XP (SP1, SP2, and x64), Microsoft Windows Server 2003 (SP1, for Itanium-based Systems and x64 Edition), does not affect Microsoft Windows 2000 (SP4), and addresses the vulnerability detailed in CVE-2006-4692. Successful exploitation could lead to remote code execution.

Permalink | 3 comments

• Read also: software, security
• Email to a friend | Print this post

October 10, 2006, 11:37 AM PDT
Approver helps you corral document approvals
Posted by: Rafe Needleman

At the Office 2.0 Conference that starts tomorrow, we're going to see several new Web-based business tools, from big and ambitious office suites to smaller, focused problem solvers, such as Approver. This little service was built to address the typical office frustration of collecting comments and approvals on documents.

Approver sends e-mail messages to the people you need to review your documents and points them to a Web page for each document. Documents can be attached to the online Approver record if you wish, or you can send your recipients URLs pointing to files, or create text in Approver itself. The service will then track who has approved your document by the deadline you set, and it will send reminders to the laggards.

The tool attempts to make simple what is actually a complex social interaction, and some nuance gets left behind--on purpose, it turns out. For example, you can leave as many comments on documents as you want, without actually approving a file, but there's no actual reject option. Approver creator Jeffrey McManus told me he's trying to do a little bit of social engineering and encourage dialogue. That's really swell, but I bet he'll have to add the big red stamp of rejection to the product as more people start asking for it.

I also think the dashboard view of documents pending approval could convey more information. Again, McManus is working on it; he showed me a prototype that looks pretty good (I approved it).

The real thing McManus needs to do, and which he is actively working on, is to make Approver into a platform that works within existing document creation systems, such as Microsoft Office, or Writely, or Zoho. The Approver concept will work best when it's integrated into workflow, not separate from it.

But even today, in its very early stage, Approver is a clear-headed and cost-effective solution to a nagging workflow issue. It's certainly a better tool for tracking the document approval cycle than e-mail, and it's worth trying. The service is free for the first document, $40 a year thereafter.

CNET is a sponsor of the Office 2.0 Conference.

Permalink | Post a comment

• Read also: Web 2.0, Office 2.0, work
• Email to a friend | Print this post

October 10, 2006, 10:49 AM PDT
Canon Elph turns 10
Posted by: Philip Ryan

It's always fun to watch your children grow up--even if your initial expectations for what they might become changes along the way. Canon took just such a trip down memory lane today in celebration of the 10th anniversary of its Elph brand of tiny, stylish cameras. What began as a simple concept (which designer Yasushi Shiotani refers to as a box and a circle) for a film camera that used Advanced Photo System (APS) film, later morphed into the pocket-size digital cameras we see in stores today.

In commemoration of the event, Canon has created a special PowerShot SD900 Digital Elph Coach Edition gift set which will include the camera, along with a leather and fabric custom camera case and neck strap, packaged in a gift box complete with red ribbon, which will start selling in October for about $550.

In collaboration with NYC Peach, Canon is offering bejeweled SD900 cameras as part of the prize packages for a sweepstakes in which 10 winners will win a trip to New York City to see Z100's Jingle Ball 2006 at Madison Square Garden on December 15, 2006. Information about the contest will be available at powershot.com later this month.

Five more of the bejeweled cameras, will also be auctioned on January 9, in Las Vegas, to benefit the National Center for Missing and Exploited Children (NCMEC), with which Canon has worked in the past as part of its Canon4Kids campaign. The program urges parents to have up-to-date photos of their children to aid police, should they ever need to search for their child.

For those of you trying to keep track, there have been more than 50 different Canon Elphs over the course of the past decade, during which over 33 million of the small snappers have been sold. Since the Elph went digital in May 2000 with the PowerShot S100, 22 million digital Elphs have been sold, and with Canon's plan to raise its research and development spending from its current 8 percent of the company's spending to 10 percent, by 2010, there seems to be no end in sight for the sprightly sales figures of the Canon Elph.

Permalink | Post a comment

• Read also: Cameras, Digital cameras, Digital imaging, Digital photography, Camera accessories
• Email to a friend | Print this post

October 10, 2006, 10:46 AM PDT
Copy never: DRM 'glitch' keeps TiVo Series3, JVC A/V receivers from playing nice
Posted by: John P. Falcone

Connecting a TiVo Series3 to a JVC A/V receiver via HDMI seems to awaken an otherwise dormant copy-protection feature in the DVR. At least, that's what happened during testing in the CNET Labs.

We were working to verify that the TiVo delivered the full spectrum of video and audio features via its HDMI output. Video capabilities seemed fine: the Series3 includes a full panoply of user-selectable resolutions and a decent selection of aspect-ratio controls too; it also passed audio to several HDTVs when connected. But anyone who's invested in an $800 digital video recorder is likely to have an HDMI-switching A/V receiver as well, so that compatibility was high on the agenda. We used the JVC RX-D702--it's an older but still current HDMI receiver, and a CNET Editors' Choice for delivering a full range of HDMI features at a very reasonable price. Things seemed fine: we noted that the receiver passed HD video and Dolby Digital 5.1 audio without a problem. Our final test was to verify parallel video output--that the TiVo's standard-definition analog video outputs (composite, S-Video) remained up and running while the box was delivering a high-def picture via HDMI.

Why is that a big deal? Simple: The Series3 box ships with no TiVo To Go features, so you can't transfer your recorded programs to a PC or portable device as you can with earlier Series2 models. As usual, the culprit for this feature step-down is overzealous digital rights management (DRM). The underlying politics notwithstanding--and I recommend everybody check out the excellent Who killed TiVo To Go? feature at the Electronic Frontier Foundation's Web site for a complete overview of the issue--the fact remains that the only way to archive your TiVo Series3 recordings is the old-fashioned way: dump them to a video recorder in real time. Thus the importance of parallel video output. You want your VCR or DVD recorder to have access to a steady composite/S-Video source, regardless of what resolution you're watching over component or HDMI. The issue becomes doubly important if you're using a place-shifting device such as a Slingbox, a Hava, or a LocationFree TV to watch your DVR recordings from a remote location. (For instance, the older DirecTV HD TiVo switches off the composite and S-Video outputs when you watch video at HD resolutions--meaning you constantly have to throttle the resolutions down when archiving or place-shifting--a huge pain. Those outputs on current DirecTV HR20 and Dish ViP622, on the other hand, are always active.)

Our initial test was smooth: we got high-def HDMI output to the JVC receiver and the attached HDTV, and a simultaneous standard-def signal from the TiVo's S-Video and composite outputs (which we were watching on separate monitors). But when we moved onto another program--Revenge of the Sith, recorded off of HBO-HD--the screen suddenly went gray, with a TiVo warning emblazoned across the bottom: "Viewing is not permitted using the TiVo Digital Media Recorder. Try another TV input." Several other programs--Empire of the Sun (HDNet Movies), Simone (HBO-HD), and episodes of Battlestar Galactica (Universal HD) all yielded the same result. Further investigation revealed the culprit: hitting the Info button from the program listing page (TiVo's Now Playing screen) on these programs included a section called "restrictions": "Due to the policy set by the copyright holder, this recording: Cannot be transferred to VCR, DVD, or any other media device. To learn more, visit www.tivo.com/copyprotection."

Visiting that link will reveal apparent culprit: TiVo's Macrovision copy protection. Apparently, these programs were flagged as "copy never," so the box was dutifully following orders, and allowing video only via the copy-protected HDMI output (which is, to date, impossible to record). This isn't new: as far back as 2005, there were reports of TiVo boxes imposing restrictions on the viewing of certain TV shows. At the time, TiVo blamed the restrictions on "false positives"--saying the viewing restriction technology, ostensibly designed for pay-per-view and video-on-demand programming, was being turned on (by the cable companies) to cover a wider array of programming.

When we contacted TiVo about the issues we were having, a company engineer was stumped: he reiterated the same claim from last year, that the content flags should be appearing only on PPV and VOD programs. He suggested that the problem was twofold: our local cable company was "overflagging" its content, and/or the JVC receiver was not properly interpreting the copy-protection flag.

Indeed, when we took the JVC receiver out of the mix, things seemed fine: we couldn't get the gray screen to appear when using the Onkyo TX-SR674, the Belkin PureAV 3-in-1 HDMI Switch, or the Gefen 2:8 HDMI Distribution Amplifier (the only other HDMI-equipped switchers we had on hand), nor could we see it when running the TiVo directly to any of several HDTVs currently in our inventory. Likewise, returning to the JVC RX-D702B yielded the same problem. Perhaps more instructively, the newer JVC RX-D411S (which had just arrived in the CNET Labs) had the same problem when linked to the TiVo as well.

Bottom line: For whatever reason, the JVC receivers and the TiVo Series3 don't seem to be a perfect match. Otherwise, we've found the HDMI capabilities of the JVC receivers to perform admirably--the RX-D702 has been chugging away for months without any problems (and we'll have a full review of the RX-D411 soon). For that reason, we're not docking the JVC's rating (though we've added an Editors' Note explaining the apparent TiVo incompatibility). For its part, JVC wasn't aware of the TiVo incompatibility until we notified them; the company is actively investigating the issue, and we'll follow up when and if JVC issues a statement or a possible fix. In the meantime, if you own both products (and your cable company is flagging your shows), we'd recommend you opt for component video plus optical digital audio connections between the two, rather than deal with the dodgy HDMI issues.

Once again, though, overzealous copy protection has taken something simple and turned it into a Sisyphean ordeal. All we wanted to do was watch TV, and connect our gear with a minimum of cables and wires. Thanks to DRM, that simple task becomes more difficult all the time.

Permalink | 12 comments

• See product information for TiVo Series3 HD DVR
• Read also: home video, home audio, televisions
• Email to a friend | Print this post

October 10, 2006, 6:18 AM PDT
Microsoft ends technical support for Windows XP SP1
Posted by: Robert Vamosi

As of today, Microsoft has ended technical support for Windows XP SP1. While Microsoft provides mainstream support for its operating systems for at least five years (Windows XP is not older than five years), it only provides support for its Service Packs for one year. Anyone still running the original Windows XP, Windows XP SP1, and Windows XP SP1a must upgrade to Windows XP SP2 in order to continue to receive security updates. Simply visit Microsoft Update and download the service pack. When Windows XP SP2 was first available, people complained of long download times and inconsistent installation; those problems have since been fixed.

Permalink | 4 comments

• Read also: software, security
• Email to a friend | Print this post