URL shorteners are becoming extraordinarily popular, thanks mostly to Twitter. The need to cram a full URL into 140 characters has spawned services like bit.ly, is.gd, and Twitter’s new t.co. URL shorteners convert the real URL to one that takes up fewer characters. So http://www.zdnet.com/blog/bott/office-starter-2010-drops-the-crapware-adds-ads/2220 becomes http://is.gd/cQkSS. (Both links lead to the same page.) And there are lots of shortening services, which means my original link could also be (and certainly is) translated into links from bit.ly and tinyurl.com and goo.gl and even ZDNet’s official domain, zd.net.

The problem is, the shortening process is also destructive, removing some key data points that you need to make an informed trust decision about whether to click that link. What domain is it from? Is it one I am confident will not be compromised? Does the name of the link provide any clues about its content?

With short URLs, you lose those data points. My original very long URL gives me all sorts of clues that allow me to set my expectations with confidence. I know it’s at a domain I trust, zdnet.com, and I can even divine the title of the article. The shortened URL tells me nothing.

The consequences of following a bad link can be unfortunate. After I got a couple of very suspicious links from a couple of unrecognized Twitter accounts yesterday, I passed them along to Chris Boyd (@paperghost on Twitter) who wrote about the phenomenon on The Sunbelt Blog (see "PDF exploit spam run on Twitter") and also pointed to a technical article at the Trend Micro blog: "New malicious Twitter spam."

Here’s how it works: A hostile Twitter account churns out messages that say, “Wow, a marvelous product” or "I Just Cant Believe This," accompanied by a handful of user names to make sure they get seen.

Click the link, and you might be redirected to some sort of paid movie service. […]

If you’re unlucky, however, you’ll end up at a URL such as fqsmydkvsffz(dot)com/tre/vena(dot)html, where PDF exploits await.

So how do you protect yourself? One way is to be suspicious of short URL services and check the link before you visit the page. One feature I like about TweetDeck is it shows a preview of the URL when you click a shortened URL.

I like the fact that Bit.ly has an API that allows third parties to customize their domain for short links. When I see a short URL from the zd.net domain, I am very confident that it is safe to click on and in fact I know that I am going to go to the ZDNet site.

If you’re suspicious about a short link, you can often preview its contents by pasting the link into a browser and then tacking a suffix onto it. For a link from is.gd, for example, you can add a minus sign (hyphen) to the end of the URL to visit a preview page hosted on the is.gd servers. You can preview a bit.ly link by tacking a plus sign onto the end. If you’re suspicious of a link, copy it to the Clipboard, paste it into the address bar, and add the appropriate suffix.

The URL shortening services are also reacting to complaints fairly swiftly. The hostile links I saw yesterday were disabled within 24 hours. Here’s what I saw when I visited one of those links a few minutes ago:

Bit.ly has an excellent statement of how it handles security:

bit.ly uses data from a number of independent sources in addition to its own internal classifiers to determine whether or not destination sites propogate [sic] spam, viruses, or other malware. The third party sources include Sophos, Websense, VeriSign, PhishTank, and Google Safe Browsing. For Firefox and Chrome browser users, we also have a Preview Plugin that allows you to view link details before clicking. If you are a Twitter user, similar preview features are available from Tweetdeck (see a write-up of how it works here)

The goal of the bad guys is to get you to click on their link, and they’re good enough at it  to warrant some respect. Ultimately, there are a lot of links I simply don’t click, especially those that ostensibly lead to shocking or amusing videos and articles. The reward isn’t worth the risk. Links from strangers are always suspicious, but a link that appears to be from a friend might actually be from a hacked Facebook or Twitter account. And you have no idea of where it really goes.

So, seriously: Be careful what you click.

If you’re interested in this topic, it’s worth reading DeWitt Clinton’s recent "More thoughts on URL shorteners," which covers this topic in much more depth than I can do here. Highly recommended reading.

Today’s the official release date for Office 2010 to retail customers. If you’ve been waiting to buy, your wait is over. Amazon has the disc version of Office 2010 Home and Student (Word, Excel, PowerPoint, and OneNote) for $130, and the similar Office 2010 Home and Business package (which adds Outlook) for $240.

If you’re buying a new PC, you might find one that includes Office Starter 2010. In a new post at ZDNet today, I explain exactly what’s in that surprisingly full-featured, ad-supported package.

Office Starter 2010 drops the crapware, adds ads

If you want to read more about the main Office 2010 package, see my earlier post, “Office 2010: a deeper dive” for more details on what’s in each version and also clears up some confusion over pricing.

Any Office questions? Ask away.

I arrive in New Orleans Saturday night, have a day-long series of meetings on Sunday, Tech Ed keynotes on Monday morning, home Monday afternoon:

Then it’s off to Redmond for a few days of meetings:

Yes, that looks like a typical June in Redmond.

I was looking for an old post the other day and stumbled across some things I wrote in January 2008, after the editors of Gizmodo played a particularly mean-spirited and juvenile prank at CES, surreptitiously sabotaging a bunch of demos and display units with their own universal IR remotes.  What I said at the time was this: Gizmodo is about to learn the meaning of karma.

I thought maybe it had come to pass after the legal hassles that the Gizmodo gang has been subjected to since they "found" an iPhone 4G a couple months ago. But no, Karma had an even better plan. Apple, not surprisingly, has decided to ignore Gizmodo’s application for press passes to its Worldwide Developer’s Conference next week. As a result, Gizmodo is reduced to begging for help so that it can expand the definition of "liveblog" to include "events where we’re not actually present but are relying on people sending us stuff."

If you’re going to the keynote, and want to be a part of the exciting Apple coverage that so many of your fellow Gizmodo readers enjoy, here’s your chance.

We’ll be running our own liveblog with info from the event, supplemented from excellent liveblogs like those on GDGT, MacRumors, Ars Technica, Technologizer, Wired and Macworld.

What? No Engadget? I’m shocked.

Meanwhile, John Gruber at Daring Fireball says: "If Gizmodo’s editors were smart, they’d have purchased WWDC conference badges if they wanted to attend the keynote. But of course, that’s a big ‘if’."

A detail worth noting from Microsoft’s just-published June 2010 Security Bulletin Advance Notification

[W]e remind Windows 2000 and Windows XP SP2 customers once again that all support for these platforms will end after July 13, 2010 – that is, next month. Customers should upgrade to either a supported operating system or the latest service pack in order to keep receiving necessary security updates.

Ten years is long enough for an OS. Thank you, Windows 2000, and goodbye. As for XP, if you must keep using it, it’s time to upgrade to Service Pack 3. It was released more than two years ago.

I’m not sure why Microsoft is doing this drip-drip-drip unveiling of the stuff in the next Windows Live wave. When they previewed the new Hotmail a few weeks ago I was bombarded with questions from readers trying to find it and complaining that their number-one annoyance wasn’t fixed. (Right, because the new Hotmail still isn’t available to the general public.)

Anyway, the latest release of news about a product you won’t be able to use for a while is a preview of the new Windows Live Essentials. I’ve been using the (very) private beta for a while and have found a lot to like. I’ll have a more detailed look next week.

If you’re interested in learning more right now, visit The Windows Blog, which has a deeper look at Windows Live Photo Gallery. And then hop over to Paul Thurrott’s place, where he has a typically detailed look at each one of the pieces in the suite.

The one thing I haven’t seen much discussion about is the relationship between Windows and Windows Live. I’ll talk more about that next week as well.

Nice work by Rafael Rivera, who noticed that Microsoft was stacking the deck in its IE9 performance tests:

More specifically, Microsoft performed a comparison of its Internet Explorer 9 browser technology – currently in developmental stages – to stale builds of Mozilla’s Firefox, Apple’s Safari, Google’s Chrome, and … that browser no one cares about (sadly) – Opera.

[…]

Sounds like a valid argument to me. I decided to re-test using builds of Mozilla Firefox “Namoroka” (1.9.2.5pre), Google Chromium (6.0.397.0/46552), and Apple Safari w/ a newer WebKit engine (r58804) that matched release dates with Internet Explorer 9 (May 5, 2010). After clicking around the site a hundred or so times in each browser, the results… changed. Each browser made noticeable improvements in areas like CSS3 and DOM; Chrome proved to be the most volatile in its changes, while Firefox proved to be quite… glacial.

Here’s the revised performance chart for Chrome, which looks like the winner in the "most improved" category.

Note that the baseline for comparison is a solid green column with all 100% scores for the IE9 developer preview. So it’s still a fairly big win for Microsoft.

Source: Browsers re-tested in the IE9 Testing Center, different results surface (WithinWindows.com)

My ZDNet colleague Mary Jo Foley and I filled in for Paul Thurrott on his Windows Weekly podcast last week, along with host (and old friend) Leo Laporte.

We had a fun time, it was a lively discussion, and you can listen or watch for yourself by going to the episode page.

The video is especially entertaining because Mary Jo was upside-down the whole time. Here’s what it looked like for me:

The problem turned out to be a garden-variety driver issue. At some point, someone had reinstalled Windows 7 on Mary Jo’s ASUS notebook, and instead of using the driver for that specific webcam model, it was using the generic driver. That works fine for most webcam-enabled programs but has a known side effect with Skype. It was an amusing 90 minutes or so.

Go listen to (or watch) the whole thing, and if you have any comments, feel free to leave ’em here.

Internet Explorer 8 has a nifty feature that allows you to track the load times for installed browser add-ins. It’s a useful troubleshooting tool when trying to figure out why new tabs take too long to load.

Today, I fired up an IE8 window in a virtual machine running Windows 7 Enterprise and was puzzled by how long it took for a new IE8 tab to load. We’re talking five seconds or more (sometimes much more) with the word "Connecting" appearing in the tab title and the browser essentially locked up.

What the hell was going on? First thing I noticed was a Google toolbar. I don’t remember installing it, although this machine is specifically for dogfooding software that I don’t trust to run on my regular PC, so I suppose I might have done it deliberately, or it might have piggybacked on when I installed something else (*cough*, Adobe Flash, *cough*). Anyway, when I disabled the Google Toolbar, page loads returned to times measured in fractions of a second, which is fine with me. I don’t care whether a tab loads in .32 sec or .73 sec, to be honest.

That inspired me to take a look at what other add-ons were loading. Click Tools, Manage Add-ons to open the dialog box shown here. Yikes! That total is about 10 seconds just for the first four items on the list.

The good news is that those numbers don’t represent everyday performance. Presumably they represent worst-case performance. Just to be on the safe side, though, I disabled everything using the IE8 Reset button, uninstalled Google Toolbar, and then started restoring add-ons one at a time. Minus the Google Toolbar, everything is just fine. New tabs load in roughly 0.6 sec (I say roughly because I can’t click the stopwatch buttons fast enough to be more precise than that).

And given that I never use the Google Toolbar, I won’t be reinstalling it—unless it’s by accident, when it comes along for the ride with something else.

Sysinternals has just released a new utility!

If that news doesn’t set your heart a-flutter, then you are not a Windows geek and you can just stop reading right now. But for us Windows geeks, today is a red-letter day, and you should go download RAMMap v1.0 right now. I’ll wait.

RAMMap is a memory analyzer, a lightweight tool (272KB) that gives you a very detailed look at exactly what is your system’s memory is up to right now. It presents its report in a tabbed dialog box whose opening page is a colorful, well-organized bar graph:

On succeeding tabs, you can get details about how memory is being used by individual processes, see which files are in use, and even look at individual memory pages for the kind of close-up examination only a developer would appreciate.

I’ve written about the challenges of measuring memory usage in Windows over at ZDNet, and I’ve had several conversations with Sysinternals co-founder Mark Russinovich (now a Microsoft fellow) about the subject. I know how frustrating it can be to use the built-in tools. I wish we had had this utility when we were doing our research for Windows 7 Inside Out.

I’ve been using Sysinternals utilities since before the turn of the century, back when the company was called Winternals. Microsoft bought the company and its products in 2006, and some people—myself included—feared that these excellent utilities would disappear or be abandoned. Thankfully, that didn’t happen. The Sysinternals utilities are currently hosted on Microsoft-run servers and are regularly updated by Russinovich and his Sysinternals partner Bryce Cogswell, also now a Microsoft employee.

The addition of a brand-new Sysinternals tool is cause for celebration.

Update: As several people have noted in the comments, this works on Windows Vista, Windows 7, and Windows Server 2008 and 2008 R2 only. It doesn’t work on XP, and for good reason. XP memory management is primitive. Most of what’s measured here doesn’t exist in XP. If you use Windows and memory management is important to you, dump XP and get a modern OS. Seriously. If you want to stick with XP, I understand, but you have plenty of tools available to you that were written five years ago that will help you, and you won’t find much of use at this blog anymore except in the archives.