Mary Jo Foley debunks some recent stories that claim Windows XP Service Pack 2 has been delayed until September:

If you read the transcript of Security VP Rich Kaplan’s remarks, you won’t see anything about XP Service Pack 2 being delayed until September. It’s still a Q3 deliverable (at least for now). But last week, Microsoft execs said it’s still looking like late July for RTM.

Precisely. The trouble with the Web is that it sometimes acts like a giant echo chamber. One influential source hears something and gets it wrong, and the incorrect story gets picked up by a dozen other sites within a few hours. Because the story has appeared in so many places, it’s easy to assume that at least some of those stories are independent, rather than reaching the correct conclusion that they’re all based on a single error.

I’ve seen many Microsoft releases. After code is released to manufacturing (RTM), it typically takes weeks, to manufacture and distribute CDs and to get the final bits into the hands of computer makers.

Don’t forget, too, that August is historically a slow time for computer buyers. September is when business really begins in earnest. A late July RTM of the code should mean that existing customers will be able to download it almost immediately, while those who want to receive it on a CD or with a new computer will have to wait until September.

Oh, and it will absolutely be worth waiting for.

An excellent AP story describes the dilemma most people encounter with passwords today:

Scandinavian countries are among the leaders as many online businesses abandon static passwords in favor of so-called two-factor authentication [which uses a combination of a simple PIN and a complex code that’s randomly generated for eacg transaction].

“A password is a construct of the past that has run out of steam,” said Joseph Atick, chief executive of Identix Inc. (IDNX), a Minnesota designer of fingerprint-based authentication. “The human mind-set is not used to dealing with so many different passwords and so many different PINs.”

When a static password alone is required, security experts recommend that users combine letters and numbers and avoid easy-to-guess passwords like “1234” or a nickname.

Stevan Hoffacker follows those rules but commits a different faux pas: He uses the same password everywhere, including access to multiple e-mail accounts, Amazon.com, The New York Times’ Web site and E-ZPass electronic toll statements.

In such cases, should hackers or scammers compromise one account, they potentially have one’s entire online life.

“This is one of these things that if I stop and think about it, it is not good, but I do my best not to stop and think about it,” said Hoffacker, an information technology manager in New York.

I once used a handful of passwords for all Web sites. Now I use randomly generated passwords for everything, and I use RoboForm to keep track of them. I can carry the password collection around, in encrypted form, on a USB flash drive.

I no longer know my password for many sites, but that’s OK. The risk that someone who stumbles across one password could then go and try it at every site I visit is too great for me to tolerate.

Raymond Chen, who wrote the original Windows Tweak UI power toy, posted an excellent explanation that every Windows power user should read: What is the difference between Minimize All and Show Desktop?

The keyboard shortcut for “Minimize All” is [Windows logo] + M and the keyboard shortcut for “Show Desktop” is [Windows logo] + D. How are they different?

“Minimize All” is easier to describe. It minimizes all the windows that support the “Minimize” command. You can minimize a window by selecting “Minimize” from its System menu, or by clicking the [Minimize] button in the title bar. So “Minimize All” is effectively the same as going to each window that is open and clicking the Minimize button. If there is a window that doesn’t have a Minimize button, then it is left alone.

“Show Desktop” takes “Minimize All” one step further. After minimizing all the windows that can be minimized, it then takes the desktop and “raises” it to the top of the window stack so that no other windows cover it. (Well, okay, topmost windows continue to cover it.)

So “Show Desktop” manages to get a few more windows out of your way than “Minimize All”.

Note, however, that when you return the desktop to its normal state (either by selecting “Show Open Windows” or just by switching to another window), all the un-minimizeable windows come back because the desktop has “lowered” itself back to the bottom of the window stack.

Raymond left out the other half of the equation — restoring the minimized windows. [Windows logo] + D is a toggle. Press it once to show the desktop; press it again to put all open windows back in their previous places.

[Windows logo] + M is not a toggle. After minimizing all windows with this keyboard shortcut, you can bring them back by pressing [Windows logo] + Shift + M.

The much-discussed Microsoft Support Lifecycle has been overhauled:

Microsoft has announced an expanded and enhanced product support lifecycle policy, which will go into effect on June 1, 2004. The updated policy will provide customers with a minimum total of 10 years of support (5 years Mainstream and 5 years Extended) for Business and Developer products.

In the footnotes, Microsoft explains that Extended support includes security-related hotfixes, which are provided at no charge. That means that business users can expect free security patches for 10 years after a product is introduced.

These policies do not apply to consumer products, where Mainstream Support ends after five years and there is no Extended Support option.

In practice, I predict that Microsoft will override this policy regularly. For instance, the Mainstream Support phase for Windows 98 should have ended on January 16, 2004. But Microsoft extended its support commitment (including a commitment to provide critical security updates via Windows Update) through June 30, 2006. Because Windows XP is both a consumer and a business product, it’s highly unlikely that consumers will be left without support when Windows XP reaches its five-year anniversary in September 2006.

Xbox users, however, are on their own.

Steve Ballmer pointed out the main reason I stayed home from the TechEd 2004 conference in his keynote remarks at Tech·Ed 2004 yesterday:

It is an honor and a privilege for me to have a chance to kick this session off today, and to see so many, and I do mean many, folks here in San Diego for what I hope will absolutely be an informative, educational and perhaps most importantly, a lot of fun few days here in this beautiful California sun.

Actually, you missed that part. I would apologize on that normally, but what we have here is the first extension of our DSI initiative, Dreary Skies Initiative, Microsoft can now span out dreary skies from Seattle absolutely anyplace. It’s all under centralized management control.

As a transplanted Southern Californian, I would gladly have told Ballmer and Co. about the dreaded marine layer (aka May Gray and June Gloom), which covers the California coast in thick fog from May through at least the end of June and often well into July.

The good news is most folks at TechEd don’t have to worry about losing that trademark pasty look that comes from sitting in front of a computer monitor all day and all night.

And Ballmer was kidding about the “centralized management of dreary skies” thing, right? Right?

Microsoft’s geek blogger, Robert Scoble has been bugging folks at Microsoft to publish their content as RSS feeds for a while. He’s had some noteworthy successes, and I tip my hat to him for that.

Except that someone in Redmond needs to go kick whoever is in charge of actually, you know, updating those feeds. Cases in point:

• The Windows XP Expert Zone Community. I write for this site occasionally, and I enjoy reading the articles there. It’s a great source of information with something for just about any Windows XP user, from rank beginners to experts. But I haven’t received anything new in NewsGator since April 27th, nearly a month ago, which is the last time the XML feed was updated. It looks like no new columns have been published there in May. But there have been plenty of online chats, new downloads, and other additions to the page. Those should be showing up in my aggregator.
• Microsoft Security Bulletins. Is there a better use for RSS than this? If so, I can’t think of it. I want all security bulletins to show up in my news reader, but the Security Bulletins XML feed hasn’t been updated since April 13. There’s not a word about the May 11 update. Is that because it wasn’t listed as Critical but rather as Important? Hey, I’d like to know about the Important ones too. I might even want to decide to receive bulletins with Moderate and Low severity ratings. No reason the Security Bulletins site can’t have two or more feeds, right?
• The Microsoft Download Center is another ideal candidate for an RSS feed. New stuff appears here all the time, and it’s of extreme interest to people who either obsess over this stuff or write about it for a living. But there’s no RSS feed to let me know when new stuff is posted. How wrong is that? (Well, actually, there is an RSS feed, but it’s an unofficial one. I have no idea how I discovered this, and I’m sure it gets a fraction of the traffic it should get.)

Hey Robert, if you can provide personal support for Infoworld readers, surely you can help me out with this one!

Most people who run Windows XP should rely on Windows Update and be done with it. But if you support multiple computers in a small office, or if you build computers for fun or profit, you might benefit from this expert-level article: Microsoft Windows XP Hotfix Installation and Deployment Guide.

Sensitive Light Wallpaper has some drop-dead-gorgeous images, all free and all sized for use at common desktop resolutions.

The prolific and perspicacious Marc Orchant has moved to The Office Weblog. Marc’s posts on his old blog have been consistently excellent — he’s turned me on to more interesting Office add-ons than anyone in the past six months. He now has the backing of Weblogs Inc., and I wish him the best of luck. Add this one to your list of must-read feeds!

In his remarks at Microsoft’s CEO Summit 2004, Bill Gates made it clear that he thinks blogging is cool. And he actually took a shot at explaining RSS.

Another new phenomenon … is one that started outside of the business space, more in the corporate or technical enthusiast space, a thing called blogging. And a standard around that that notifies you that something has changed called RSS.

This is a very interesting thing, because whenever you want to send e-mail you always have to sit there and think who do I copy on this. There might be people who might be interested in it or might feel like if it gets forwarded to them they’ll wonder why I didn’t put their name on it. But, then again, I don’t want to interrupt them or make them think this is some deeply profound thing that I’m saying, but they might want to know. And so, you have a tough time deciding how broadly to send it out.

Then again, if you just put information on a Web site, then people don’t know to come visit that Web site, and it’s very painful to keep visiting somebody’s Web site and it never changes. It’s very typical that a lot of the Web sites you go to that are personal in nature just eventually go completely stale and you waste time looking at it.

And so, what blogging and these notifications are about is that you make it very easy to write something that you can think of, like an e-mail, , but it goes up onto a Web site. And then people who care about that get a little notification. And so, for example, if you care about dozens of people whenever they write about a certain topic, you can have that notification come into your Inbox and it will be in a different folder and so only when you’re interested in browsing about that topic do you go in and follow those, and it doesn’t interfere with your normal Inbox.

This site has an RSS feed. Judging by my referrer logs, quite a few people are using RSS readers to stay current with this site. If you’re not using an RSS reader, and instead you visit this site in your Web browser, I’d be interested in knowing why. Leave a comment here, or send me a note.

Personally, I think e-mail newsletters are almost useless anymore. Thanks to spam and the countermeasures we’re forced to use to block unsolicited material, it’s impossible for any publisher or marketer to reliably deliver a product via e-mail. Can you imagine how long a daily newspaper would survive if 30% of all copies never arrived?

RSS is exciting. I think within two years you will see people turning blogs and RSS feeds into legitimate, profit-making, fast-growing businesses. Meanwhile, the popularity of e-mail newsletters is going to shrink. They won’t disappear, but they’ll become far less important.

Oh, and based on what Bill G. said, I would certainly expect Longhorn to have some serious RSS reading and authoring capabilities built into it.