One hundred years from now, people will talk about Steve Jobs the same way we do of Alexander Graham Bell, Thomas Edison, Henry Ford and the Wright brothers. Perhaps, as my friend Chris helped pointed out, he was a mix of Edison and John Lennon. Maybe he was a bit like Walt Disney, or Jim Hensen, a man who was personally tied to the brand he created.

Regardless, he was an an inventor, a visionary, a man full of ideas. He was more than just any businessman, CEO to Apple, he personally held patents for many of the technologies used in their products. He was the perfect mix of creative genius and salesman. In the tech world, Steve Jobs was elevated to near deity-like status, but as cancer proved, he was still just a man.

Every CEO of every company on the planet should pay attention to this right now and ask themselves, “why won’t this happen when I die?” (@jayfanelli)

I tried to sit down and put together my thoughts on his passing last night, but couldn’t. I was too overcome with the emotions pouring out from people across the world on Twitter. I shared some of my own but it was interesting to watch the wake for a man happen in real time from people all across the world. People who loved and hated him all had emotions to share.

Even President Obama had something to say:

The world has lost a visionary. And there may be no greater tribute to Steve’s success than the fact that much of the world learned of his passing on a device he invented. Michelle and I send our thoughts and prayers to Steve’s wife Laurene, his family, and all those who loved him.

But I’m not sure those outside of the technology community could really feel the impact the way we all did. My wife didn’t understand last night why I was grieving for a man I’d never met, the founder of a company that now rivals ExxonMobil as the world’s largest. Without meeting him, Steve Jobs had a profound impact on my life. I credit him (and Bill Gates) for sparking my interest in technology… for making me what I am today.

The first computer I ever used was an Apple II when I was in kindergarden. Later, I learned how to do amazing things on some of the first Macintosh systems. I used to skip recess to go down to the elementary school library so that I could learn on devices that he helped create. And while my family can attest to later holding Apple and their products in contempt through much of the mid-90s, while pounding the drum of Microsoft, I later came back to the “distortion field” as Steve brought real innovation back to the industry.

The Apple II, the Macintosh, Pixar (who doesn’t love Toy Story), iPod, iPhone, iPad, iTunes. Disruptions to the status-quo. Disruptions that are all because of the leadership and creative mind of Steve Jobs. I don’t remember much about what computers were like before the Apple II or the Mac, but I know what movies were like before Pixar. I know what buying music was like before iTunes and the iPod. I know what phones were like before the iPhone, and I love my iPad. I wouldn’t want to go back to a world before the things Steve created, existed. Even if you’re a hardened Android fan, you have to remember what smartphones were like before the iPhone and thank Apple and Steve Jobs for setting a new trend. Even if you’re a Microsoft fanatic, you have to thank him for keeping Bill on his toes for all those years, and forcing each other to continue to innovate.

In my article last week, prior to the announcement of the iPhone 4S, I said this:

I still maintain that Steve Jobs will be present at the announcement, even after his recent retirement as Apple CEO. I think he will be there to hand it off to Tim Cook in some way, or perhaps participate in some FaceTime chat to highlight a new iOS 5 feature. At the very least, his presence will be felt.

There was an empty chair, in the front row of the hall, with a cloth wrapped around it marked Reserved. That was no doubt a chair for Steve, one he wouldn’t be in because of what we all now know. I think Apple knew this was coming soon, and probably played the announcement a bit low-key as to not attempt to overshadow what could have probably happened any day. That said, I have no doubt that Steve wanted to see one last keynote, one last product launch, before he passed on. His presence was felt. His presence will continue to be felt with every future Apple product.

At 56, Steve Jobs did more than most people do in 90 years. He was the original Apple genius, a master showman, and the original tech virtuoso. He will be missed.

For the record, I make no serious attempt to back these predictions up with any hard facts. Take it all with a grain of salt.

Prediction #1 — Steve Jobs Will Introduce the iPhone 5

Unless his cancer reaches a point which seriously prohibits him from doing so, I believe that he will do everything in his power to be the one on stage to show off the new iPhone. Rumors of his impending doom are being greatly exaggerated

I still maintain that Steve Jobs will be present at the announcement, even after his recent retirement as Apple CEO. I think he will be there to hand it off to Tim Cook in some way, or perhaps participate in some FaceTime chat to highlight a new iOS 5 feature. At the very least, his presence will be felt.

Prediction #2 — Hardware Updates

I’m going to go on record by saying that the iPhone 5 isn’t going to look drastically different than the iPhone 4. While the antenna design my be altered slightly, the dimensions are going to be the same. In my opinion the market isn’t ready for something drastically different, yet. That will probably come with next years version. Aside from the well documented attenuation problems, the design of the iPhone 4 is solid. My best guess is, Apple won’t alter it much except to correct that flaw.

On this I will 100% totally double down.

The iPhone X will be what most are calling the iPhone 4S. An upgraded version of the current device. There will be only one device announced, but it will not be a revolutionary new device. The larger, thinner version will come in 2012. What you will see next Tuesday will be an evolutionary upgrade, along the lines of the iPhone 3G to 3GS. Same form factor, better guts.

Expect the A5 dual-core processor, upgraded camera, more memory, and possibly NFC integration, reworked antenna. Don’t expect a lot more than that.

Prediction #3 – Networks

1. No LTE. It’s not needed, the chips that are out to support it are not mature, and suck a lot of battery life. Besides that, cellular networks around the world are not deploying it at the level where it’s even going to be utilized except by a few lucky few.
2. Support for fake-4G also known as “HSPA+” — although I really hope that Apple doesn’t ever call it 4G. Enhanced 3G is all it is.

Prediction #4 – Software

Obviously with the release of a new iPhone comes updates to iOS, in this case bringing us to version 5.0.

I’ve had AT&T’s U-verse service since October 2009, the day we moved into our house. At it’s heart, it’s really a fantastic service offering… IPTV, whole home DVR, advanced DSL, all wrapped up into a nice package. But for the last 6 months I’ve been struggling with a lot of different issues ranging from broken DVRs, freezing TV signal to Internet connections that go away at random. While the issues have not been persistent enough to track down an exact cause, they’ve been frustrating.

The other day, after watching Face Off on HBO (for the first time, I know) and getting right to the climax of the movie, the whole TV signal froze and wouldn’t come back. It was 1AM and my wife was already sleeping, so I muted by frustration and went to be deciding to look into alternatives the next day.

Monday, I called up the two traditional cable providers in the area looking for pricing. Then, I hit Twitter with my plan:

Thinking of dumping AT&T U-verse for Surewest, anyone in KC area have any experience with them?

I actually didn’t get any responses from Surewest customers. What I did get was a little more surprising.

1. A reply from Ron, a Surewest social media manager saying hi. Fairly standard stuff. (see here)
2. A reply from an AT&T social media manager, asking for my phone number. This was a little more interesting. (see here)

I decided to DM my number to the AT&T manager, figuring what could it hurt? A little while later I get a call from a Jessica. She asks me what my issues are, and then vows to take care of them if I can wait a couple days while she follows up on them. I said sure, halfway thinking nothing was going to come from it.

Today I get a call from Diane in the “office of the President” of AT&T. Diane has obviously been talking to Jessica, knows what my issues are, and asks if I’ll stay on the line while they get one of their engineers on the line. Right before Diane hands me off to him (I neglected to write down his name) she gives me her direct phone number to contact her to follow up, and then the engineer runs some tests to see whats going on with my service. He schedules a tech to come up the same day and tonight that tech comes out and tests every line and piece of their equipment in my house.

Rick the technician ends up re-terminating some connections, and replacing my “Residential Gateway” (modem/router) with a model that within seconds proves it’s light years ahead of the previous version.  We have a nice chat about networking, technology, etc. He leaves.

Where is this all going?

I’m consistently amazed with the level of customer service that a monolithic company like AT&T manages to provide for U-verse. Truth be told, this is not my first positive experience with them. Every time I’ve called their technical support for any type of issue, either with my setup or family who has the service, the people have always been friendly and helpful. They’re well trained, and for the most part seem to know what they’re talking about. Granted, they could invest in some better equipment, but I have yet to have an experience with one of their employees that put a bad taste in my mouth.

The fact that one of America’s largest corporations is monitoring their Twitter feed and pro-actively trying to correct issues that customers have, is really pretty awesome.

Customer service in America, on the whole, has gone to crap in the last 10 years. Ironically, it’s companies like AT&T with their advanced networks that can put an army of poorly trained and poorly paid people in call centers all around the world, that corporate America have used to reduce their bottom line. But thankfully AT&T themselves don’t seem to be following the trend they’ve helped create.

I need to call Diane back tomorrow and thank her. Now, hopefully the service will be stable enough that I don’ t need to even call for support again. If not, I know who to talk to.

Late winter, early spring… it’s that time of year where the entire technology world begins to wonder about what Apple has planned for the next version of the iPhone, which, come late June will be the device that sets the trend for mobile technology into the next year. Like it or hate it, the iPhone is the standard that all Android, WebOS, BlackBerry and Windows Phones must either match or surpass to be taken seriously.

So what will this phone feature? It’s impossible to tell until Steve Jobs takes the stage to tell us, and even then there will still be many unanswered questions until it gets into the hands of the consumer. Even though the release of the next generation iPhone happens like clock work, I’m still constantly asked questions like “when will the next iPhone be out” or “should I wait to buy it?” — This article serves to help anwser those questions right now.

By the way, if you thought I mistaken when I said Steve Jobs will take the stage, let me clarify:

Prediction #1 — Steve Jobs Will Introduce the iPhone 5

Unless his cancer reaches a point which seriously prohibits him from doing so, I believe that he will do everything in his power to be the one on stage to show off the new iPhone. Rumors of his impending doom are being greatly exaggerated, and unlike what the tabloids have said he’s well enough to have dinner at the White House (which I believe he’s doing as I’m writing this) so pending something that physically prohibits him from doing so, he’s going to introduce this device.

Why? Because the reality distortion field doesn’t function without him.

Do I think it’s a coincidence that the Verizon iPhone hasn’t taken off like crazy and that Steve Jobs was not the one to announce it? While there are many factors, some of which I’ve outlined in the past, that have led to the Verizon iPhone not being as exciting as what some in the tech press thought it would be, the fact that Steve wasn’t there to hock the wares didn’t help. Now don’t get me wrong, Apple’s chief operating officer Tim Cook, who is taking Steve’s place running the daily operations in Cupertino is a very capable person and did a fine job at the Verizon iPhone launch. You also have the very engaging Jonathan Ive, who I’m sure would give a fantastic intoduction, or Bob Mansfield who I’m sure could also take the stage.

But none of them are Steve Jobs. None of them really have the magic, none of them have the power to convince millions of people that the device Apple is selling is the best product on the market, even if it lacks some features that competitors have, or operates within Apple’s closed system. Regardless of your loyalties, at the end of the presentation Steve makes you want to go at least try his new device… if not stand in line for hours on end to please him.

Prediction #2 — Hardware Updates

I’m going to go on record by saying that the iPhone 5 isn’t going to look drastically different than the iPhone 4. While the antenna design my be altered slightly, the dimensions are going to be the same. In my opinion the market isn’t ready for something drastically different, yet. That will probably come with next years version. Aside from the well documented attenuation problems, the design of the iPhone 4 is solid. My best guess is, Apple won’t alter it much except to correct that flaw.

I don’t buy into the 4″ screen rumor that is going around the blogs. I also don’t give any credence to the prediction of an “iPhone Nano” — I just don’t think it’s going to happen this year, if ever.

Inside though, you’re probably going to see updates similar to that of the transition from the iPhone 3G to the iPhone 3GS. What does that mean this go round?

1. Dual-core processor, perhaps in the 1GHz range. Can’t you just see Steve on stage saying “it’s twice as fast!” If they don’ t get this, they’re going to be left behind in the power plant by almost any serious Android phone in 2011 who will all be sporting dual processor/graphics cores. NVIDIA is working on a Tegra 3 chip that has a quad-core ARM processor powerful enough rival an Intel Core 2 Duo, and with far better power efficiencies. This is one area I don’t think Apple cannot afford to let us down in, and I don’t think they will.
2. Improved rear camera, perhaps in the 8MP area, and with support for 1080p video recording. Honestly, as good as the camera on the iPhone 4 already is, rather than simply bumping up the megapixels I’d like to see them give the sensor increased sensitivity, faster focus speed, and better ISO/low light performance… and maybe they will.
3. 1GB of RAM. It’s cheap, and it’s going to be needed as mobile computing becomes more powerful to background more and more applications. I can see Apple sticking with 512MB here just as much as I can see them update, so I’ll give this one a 50/50 shot.
4. NFC, or near field communications. If you don’t know what this is, I’d suggest some research is in order. It’s too much to explain here, but it basically means using your phone for mobile payment and communication with other devices. I’ll be shocked if they don’t have this feature.

Prediction #3 – Networks

1. No LTE. It’s not needed, the chips that are out to support it are not mature, and suck a lot of battery life. Besides that, cellular networks around the world are not deploying it at the level where it’s even going to be utilized except by a few lucky few. This is an area where if you can get LTE now (or soon) and really feel like you need it, you’re going to be better off with Android anyway.
2. Support for fake-4G also known as “HSPA+” — although I really hope that Apple doesn’t ever call it 4G. Enhanced 3G is all it is.

The reason why I think Apple will support HSPA+ in the next version is the same reason why I think the iPhone 5 will be a unified GSM/CDMA device. I think it’s going to be launched at the same time on AT&T and Verizon in the USA, in addition to all the GSM providers around the world. The current iPhone 4 model on AT&T is a GSM-only radio made by a company now owned by Intel. The Verizon iPhone uses a radio that is both CDMA and GSM capable made by Qualcomm. If I could bet on it, I’d put big money on this same exact chip being in the iPhone 5. This chip currently supports HSPA+ but it’s not in the iOS firmware, nor does Verizon utilize this technology on their EVDO data network.

One chip both simplifies Apple’s SKUs and allows them to use the same device around the world.

I also think Apple is going to announce support for other CDMA providers around the world, including Canada and most of all… China. Although I wouldn’t be surprised if that doesn’t happy until after the initial launch.

Prediction #4 – Software

Obviously with the release of a new iPhone comes updates to iOS, in this case bringing us to version 5.0.

This is the area where my predictions are somewhat fuzzy. Because we’re still in the process of evaluating the soon to drop (like, within the next month, possibly with the iPad 2) version of iOS 4.3, that’s all many are focused on.

But I will say that I think Apple finally is going to get serious about the cloud, and wireless. While I don’t think that Apple will be switching to over the air updates from carriers (nor should they), I think they’re going to finally open up wireless sync for iTunes. The time is right, and their track record recently with things like Apple TV streaming, Air Play, etc, is leading them in that direction.

It would be fantastic if Apple would let you sync your device with iTunes from anywhere, but I have mixed emotions about if this will happen. Carriers are not going to want to allow them to do it, especially AT&T, so it’s possible it will be a Wifi only feature, which honestly wouldn’t be a horrible thing. I’m not sure I’d want to be syncing back over 3G, even at HSPA+ speeds and especially not on regular 3G or worse yet, Verizon’s slower broadband network. Syncing back to my home computer, or even better, Apple’s North Carolina datacenters, would be fantastic.

What I hope to see, but don’t think we will, is a better notification system in iOS. Despite Android, WebOS, BlackBerry and even Windows Phone having a superior notification system for new events, I think this is one of those areas where Apple doesn’t see major issues. Those that do, are going to continue jailbreaking and installing things like Lockinfo, Notifier, etc.

It’s my hope that some of the built in applications will finally get some love in iOS 5. I’m looking at you Calculator, but especially you Weather and Stocks… which have hardly changed at all since iOS 1.0. Most of all though, I think Apple is going to have to invest heavily in revamping their Maps application, which hasn’t changed much since the original version. Google Maps on Android is absolutely crushing iOS in this area.

Last, voice commands are going to be improved, hopefully to the point where it reaches the ability to run much of the phone without touch. If Apple could duplicate the text-to-voice functionality of Android, it’s be all over.

Prediction #5 – Most of this will be wrong

In all five of these areas, I’m probably going to be wrong more than I’m right. Predicting what Apple will do is like predicting the weather in Kansas on the day they announce the iPhone 5. It could be sunny, we could get a dual-core, or it could be stormy and we get only minor improvements. Hell, it could snow in June and we get nothing. The world honestly won’t know until later this summer.

I will say this. After the end of February, if you are reaching the point where your iPhone 3GS contract is about to expire, and you’re not considering a switch to Android or Windows Mobile (which you should, there are some great alternatives out there) then don’t buy an iPhone 4 right now. Not on AT&T, Verizon, or any other network. We’re quickly reaching the point of no return where you’re going to be kicking yourself for investing $200/$300 and two years of your life in a contract for a device that is soon to be last generation.

But, perhaps my #6 prediction is that many will not see or heed this warning, and do so anyway.

It’s been somewhat disgusting to watch tech blogs and Twitter today discuss Steve Jobs’ health based off rumors and unconfirmed photographs. Let the guy get better and give him some privacy. I’m not going to lend more space to this because aside from what the shareholders and consumers need to know about the absence in his role as CEO of Apple, what happens in his personal health is his business.

Why give credence to grocery store check out stand trash?

Can we all agree to leave the rumors to the release of the products, and the facts to the health of a human being?

Today was an interesting day in the tablet world. We learned that what was left of Palm has now officially been smashed into HP, and that HP is serious about really building on the momentum that Palm had started to build with webOS. HP announced a plethora of new things today (which you can read more about over at Engadget, who I stole/borrowed the wonderful chart above from) but the most interesting today was their new tablet, the HP TouchPad.

I have been getting a lot of crap from people for talking a lot about Apple on this site recently. If you’re bothered by this, feel free to stop reading now, or write your own articles. Fact of the matter is, they’re key to a lot of the technology I’m interested in right now and they execute it better than anyone else.

Apple created a new market last year when they unveiled the iPad. Now I know that Microsoft had been doing tablet PC’ long before that, but they sucked. It should be obvious by now, that even if you hate Apple, you have to pay attention to what they’re doing because they will set the trend for consumer technology in the next year.

That said, you now have three competing platforms that are looking to take a notch out of Apple’s belt. HP and their webOS platform, RIM and their new PlayBook and all new BlackBerry Tablet OS, and Google with Android 3.

I’m aware that there are already Android tablets out on the market, but even Google will tell you they wished they didn’t exist, because they’re running versions of Android that Google has actually come out and said are not designed for a tablet. So I’ll give Google and the Android platform a pass on the lackluster Galaxy Tab or the Dell Streak, which are something short of giant phones you can’t make phone calls on.

There is a lot of excitement about the three major contenders to take Apple down a notch. However, here is why they won’t make a huge dent, at least not yet.

HP TouchPad

I’ll start off by saying that of the three contenders, this is the one I think has the best chance of success, but the hardest road ahead. It strikes me as the one that is most like the iPad, but as of yet we have no pricing or firm release date. Like Apple, they are in complete control of the operating system and all of the hardware. Palm has had years of experience building phones and other mobile devices, and HP is the leader in PC hardware, the combination gives HP a major leg up on their competition.

But for HP to be competitive they’re going to have to price this device at or below the retail cost of an iPad. Otherwise, consumers are going to go with what they know will work and what is going to give them the best bang for their buck.

It’s also not due out until summer, chances are at least a month after the release of the iPad 2, which should set the bar even higher than it already is. If HP wanted to really make a splash, they should have released this device soon after announcing it. Otherwise it’s still hard-vapor-ware.

What is also missing from this is a solid community of developers who will make applications for this device. There are already webOS developers, making apps for the Palm Pre, but it remains to be seen if they’ll rally around this device, especially if HP sinks it in advance by not pricing it right.

Motorola Xoom

Of the three, this is the one I’m the most disappointed with. It has awesome specs, and Android 3.0 looks incredible and really looks and feels like a solid tablet operating system. However, Motorola has priced their hardware starting at $799, almost $200 more than what you could buy an iPad equipped with a 3G radio. (or $300 more if you’re not interested in cellular data networks)

The second kick to the family jewels is that Verizon is holding the WiFi connection hostage on this platform. In order to use WiFi, you have to pay for at least one month of their EVDO service. If you’re interested in doing that, then it’s no big issue, but if you’re like me and want to use Wifi or already pay for a personal hotspot through Mifi or another phone, it’s just an added cost to an already inflated price tag.

(BTW, Motorola is already on my list for inflating the pricing of the Atrix laptop dock, $500 for a netbook without any guts is insane.)

Motorola, Google and Verizon should rethink their strategy with the pricing of this device before it’s too late. The Xoom is due out at the end of this month.

BlackBerry PlayBook

This is by far the most confusing of the three devices. It’s the smallest of the three (and the iPad) and has the lowest resolution. It also has the lowest battery size (although that can be made up for by more effeicent usage) and runs an operating system that no one has actually seen yet. According to RIM, it’s not based on their current BlackBerry OS 6, but a brand new platform.

It’s hard enough for me to use BlackBerry OS, or find good applications for it as it is. I just don’t see this device really taking off in the consumer space. While it has the same advantages that Apple and HP hold in terms of controlling the hardware and the software, I’m just not confident in RIM’s ability to deliver a solid product. The other three are building on years of already existing software and RIM is writing a new platform from scratch. Maybe it will work to their advantage, but it all depends on if they can really match the other three feature for feature and deliver regular updates.

And of course, developers have to embrace the platform to motivate consumers to buy into their platform.

Pricing is still just rumors, although I did read today that Office Depot is going to sell the 16GB WiFi only model for $499 (same as the iPad) — so maybe RIM won’t do as horribly as I expect them to.

Apple iPad 2

If I were a betting man, this would be the horse I’d be rooting for. As with any unannounced Apple product, it’s all up for rumor, but the ecosystem that Apple has already built combined with the technologies that are expected to make its way from the iPhone 4 into the next version as well as a faster processor and more memory, make this the one the three contenders really need to beat.

It’s not enough to play catch up to a product that is a year old. HP, RIM and Google need to beat the next thing Apple has up their sleeve. Not an easy task, especially when they will struggle to beat the year old product.

The boys who cried wolf (AKA The Wall Street Journal, et al) are all indicating that Tuesday will be the announcement of the long awaited iPhone 4 on Verizon. I hope they’re finally right.

Not because I’m going to switch, no, I’m actually pretty satisfied with my AT&T service, having been a customer for a long while before the launch of the first iPhone. I’ll just be glad when the noise makers and complainers can have another option. I hope that Verizon’s network works better for them than AT&T (although I kinda also hope it’s just as bad) so that they’ll shut up. I also look forward to another network getting some of the load so that my service will be even more reliable than it already is.

I can’t be alone in this thinking, if AT&T’s network is so god damn horrible across the entire country as the people in San Fransisco and New York make it out to be, no one would use it. Fact is, myself and millions of other subscribers made the choice to use it long before the iPhone. I even used to live down the street from the world headquarters of Sprint, and still used AT&T because I got better service.

I’m not discounting that there are people with horrible AT&T service. I’ve been places where that is the case, I know people who have this problem on a regular basis. It sucks, but chances are no has one forced you to use an iPhone this whole time.

I’ll also be glad when this golden phone finally does arrive, so we can stop obsessing about it. The phone will come out, AT&T’s subscriber numbers will slightly decrease, Verizon will see an increase, Apple’s profits will go up. The sun will still rise in the east and set in the west. Choice is good, but the tech world needs to stop treating this like we’re awaiting the second coming of Christ, and treat this like what it is, like what happens all around the world with the iPhone on multiple carriers. The same phone, on another network.

(Image credit to Gizmodo, from back in 2005, proof people hated them before the iPhone)

This is part one of a multi-part article covering Dell OEM Day, an event for bloggers that Dell hosted on December 14th, 2010.

When you think Dell, what’s the first thing that comes to mind? For most people it’s desktops or laptops, and rightly so — it’s their core business model, after all.

What if I were to tell you that, inside Dell, there is a group of highly intelligent business people, engineers, researchers, and [name of group that builds computers] that work on systems that you and I take for granted every day? They exist, and they’re the Dell OEM Group.

A month ago I wasn’t even aware this group existed. When I was finally introduced to the fact that Dell has an OEM group, I pictured a department that built and shipped custom servers that fell outside of the normal system that you can assemble on Dell’s website. Well I was party right, but what I learned while visiting Dell gave me a whole new perspective on the company.

First, a little history: Around 1999, Dell was approached by a company asking for a server that would connect a proprietary network to a point of sale system. They didn’t want to pick out all the parts for the server like you would do in a normal Dell build, they just wanted something that worked. Obviously this request fell outside of their normal build orders, as it would have to be a completely custom system tailored to their request and the requirements needed in order to connect the two systems the box was to be designed for. The job was done, and was likely the seed that would go on to spawn the “Industry Solutions” group, which Dell renamed to “Dell OEM” only a few short years ago.

From that first job back in 1999 spawned a department that now pulls in over a billion dollars yearly with a fairly small client base of around 1,500 customers — quite an impressive number for a group that isn’t known to the mass populace.

The motto at Dell OEM is “We’ll do anything you pay us to do.”, and they mean it quite literally with a strong passion behind their words. The proof, of course, is in the world around you. Did you visit Redbox today or does your house get its power from a nuclear reactor? There’s a pretty good chance Dell OEM was a part of that.

In the next article, I’ll be covering more on Dell OEM’s clients and how they create a truly custom experience for their clients and end users alike.

If the recent Gawker password breach (re)taught us anything, it’s the old and valued lesson of “don’t use the same password everywhere” — but as often as I repeat that phrase and cringe a little bit when I find out someone else did it, I’ve been just as guilty of this cardinal sin of network security myself… from time to time. It’s hard not to.

When you’re as active on the Internet as I am, it’s impossible to resist the urge to duplicate passwords, especially if you’re against writing them down. So you’re left to memorize them all, hope you don’t forget, and hope that you can later rely on the splendid password reset via email later on.

All of the Gawker fun also taught (or should have taught) website administrators like myself to take better care of their users. Gawker fouled up in a huge way (beyond simply exposing user data) by not taking proper steps to secure the information in their database once it was exposed. Gawker used an easily crackable cipher system (DES) which was depreciated by a new industry standard (AES) long ago.

Since the launch of this site, we’ve relied on third parties to act as the gatekeepers for user interaction. (First using JS-Kit/Echo and now Disqus) For you it has the benefit of not having to remember yet another password or create another account just to comment here. On the back end it allows us to focus on delivering content and less on keeping a database of user information secured. We’re relying on people with bigger and better security resources (Disqus, Open ID, Twitter or Facebook) to secure your presence on our site.

But what about every other site (or even the four mentioned above) … where you have to register a username, create a password, and keep it safe and secure. Remembering unique passwords for every site is impossible, using the same one is a no-no, writing them down and keeping them in your desk drawer isn’t practical or secure. What do you do with those passwords?

Password Management

Who hasn’t seen the Internet Explorer password prompt at least 10,000 times in their lives? Or the similar prompts from Firefox, Safari, Chrome, Opera, etc. Almost every browser created in this decade has included some sort of password manager, and almost anyone who has used them will tell you they’re all crap.

For one thing, they only work with one browser. For another, they’re almost as secure as the previously mentioned notebook of passwords. Last, they’re not really designed to keep you secure, they’re designed to be a convenient way to re-access commonly used websites.

Most of the time, I turned the feature off. The idea of using a password manager, until recently, seemed less secure than trying to just remember them all myself. That all changed recently.

LastPass

After previously being quite inefficient about password management for the past… well, ever… I decided it was time to get serious about securing my online life and in turn taking the burden of remembering all of the passwords myself. I started using LastPass a few months ago (before the Gawker breakdown) and had slowly begun the process of migrating my passwords into it. Originally I wanted to give it a chance to earn my trust before jumping feet first into the pool of letting someone else get all my passwords.

I selected LastPass after evaluating many alternatives. KeePass, 1Password, Roboform were among some of the ones I looked at. All great options, but not the one I went with in the end. Here’s why:

1. LastPass runs on anything, everything, and it syncs all of the resources together. Windows, Mac, Linux, Internet Explorer, Firefox, Safari, Chrome, iPhone, Android, Blackberry, Windows Mobile, Windows Phone (just announced), even Symbian. Basically anything I could touch, had to give me the ability to access my passwords. LastPass has their competition beat there. Noticeably absent is Opera from the supported list. I don’t use Opera myself, but my guess is now that they have true plugin support the LastPass crew will probably add them to the list shortly.
2. No password manager is perfect, but LastPass is close. It’s excellent about knowing what to fill in, what to save, what not to save, and when to step in and help.
3. It’s free, for 95% of the service. However, as I usually do, I suggest shelling out the ridiculous $12 a year to get the premium version. Why? Because you get my next two important points…
4. Mobile access. LastPass will work in any browser for free, but if you want to run it on your iPhone, Android, etc, you’re going to need the premium account. The app itself though, is free.
5. Multifactor authentication through YubiKey. The free version will allow you to build your own key for multifactor, but if you really want to get serious about security you’re going to want to do it through a YubiKey. (Of course that key will also set you back $25)

Browser Integration

Having tested LastPass in both Google Chrome (10) and Mozilla Firefox (4), I can say that the Firefox version is superior, but not by much. When I initially tested LastPass, I did so through Google Chrome. The installer rounded up all of the passwords stored in the default password managers of Internet Explorer, Firefox and Google Chrome that were installed on my system and put them into LastPass. This made the initial learning curve very easy as I didn’t have to go through and train it for every single one I was already allowing the browsers to remember.

After my desktop, when I setup LastPass on my laptop it also sucked up the local cache and avoided duplicates of already integrated passwords.

There are a few key benefits that LastPass does that none of the integrated password managers will do, to save you time.

1. When I create new accounts, LastPass will automatically detect it and offer to generate a random password for me based on my complexity requirements. It automatically fills in the data and saves it for future use. This works 99% of the time and normally requires little input or assistance from me.
2. When ever I change my password on a website, LastPass will not only know my old password, offer a new password, it automatically saves the change in it’s cache.
3. It syncs all the data across multiple browsers. It’s no longer a massive headache to test new browsers. Moving from Chrome to Firefox to IE and back again is painless (well, except for using Internet Explorer itself) — changes made in one browser migrate to all the other browsers.

Security

But putting all this data into the cloud must be insecure! And if may be… if you were using another provider.

LastPass, despite syncing all this information into the cloud, actually stores the password database itself on your local system. What LastPass has on its servers are one-way salted hashes, with all your real data stored locally in an AES-256 encrypted database. Your passwords are encrypted and decrypted on your local machine, not on their servers. What all this means is if someone were to hack LastPass and get your salted hashes, they’d be about as useful as a pile of salted meat. Without computing horsepower beyond what the top government security agencies of the world have, and a limitless amount of free time, it’s all worthless without your master password.

Which by the way, LastPass doesn’t have any idea what your master password is because they never have it. If you change it on your account, LastPass has to re-encrypt all the data and resend the hashes to their servers.

They also use SSL to further encrypt all of the already AES encrypted traffic between your system and their servers. However, the amount of data being sent back and forth is so small that there is little if any performance loss in your browser and your system hardly notices what’s going on.

Once the salted hashes of your password reaches their servers, when they go to back it up (which they do daily to Amazon’s S3 service) and store it offsite they further encrypt that data using GPG.

So make your master password strong, but something you can remember. A great website for coming up with new passwords is howsecureismypassword.net – it will literally tell you how long it would take someone with a desktop computer to brute force your master password. This is all assuming they gain access to your local database, etc. Want to know my master password? Too bad. I will tell you though, it would take you 564 billion years to crack it.

But, computing horsepower gets more powerful all the time. Brilliant programmers, hackers, and engineers come up with new ways to make them faster, string them together and take that 564 billion year number down a notch. Even with all this advanced encryption an enterprising hacker could still manage to get a key logger on your system and record your master password.

So what is a paranoid person like myself going to do to even the odds? Multifactor authentication.

YubiKey

Something you know, and something you have.

There are a lot of multifactor authentication methods out there. I won’t get into all of them, because in this case, LastPass really works best with only one. The YubiKey by Yubico.

The YubiKey is a small USB token about the size of a door key. It comes in any color you want as long as it’s black, or white, and there is just a one time cost of $25 for Yubico to send you the token. It’s tough, and easy to use. It’s crush proof and water proof, has no battery or moving parts. Just plug it into any USB slot on your computer and it’ll be recognized as a USB Input Device. Because of this there are no drivers required and it works on Windows, Mac or Linux automatically.

Once you receive your YubiKey the process of associating it with your LastPass account is straight forward and simple. When you load your browser, after entering your master password you get the prompt for your YubiKey. Touch the green button and away you go. It only adds a second to the authentication process and infinitely decreases your chances of having your account compromised.

But what about key loggers? Since this is just a fancy keyboard with only one key, can’t they log that? Sure. Here’s the problem.

YubiKey generates a random 44 character one time passcode that changes every time you generate it.

Each generated passcode is actually a AES-128 bit block containing an obfuscated unique secret ID for your YubiKey, a session counter, time stamp, session token, random values and a CRC-16 checksum. To sum it all up, a bunch of random stuff further encrypted into more random stuff.

What it amounts to, is that without both your master password and your YubiKey, no one is getting access to your accounts.

Strong Passwords per Site

But all this work is futile if you continue to use the same passwords as before, or allow the same passwords to be used on multiple websites or systems. Thankfully, LastPass provides an interesting tool called the Security Challenge that will locally decrypt and analyze your passwords, look for weak passwords and let you know what duplicates exist. I was shocked the first time I ran the analyzer, but now I work to squeak out every last bit to raise my score each week.

At this point I’m regularly generating 12-16 character random and complex passwords for every site I have accounts on. According to the latest score I’m among the top 1000 users of the tool ranking 942nd overall. Look out 941, I’m R*HaVn87V@aefzw@-ing for you.

The point is that I don’t know what any of my site passwords are, but each is unique and almost impossible to brute force in a reasonable amount of time (3 quadrillion years for the one mentioned above) — while it doesn’t make the chances of my Facebook account being compromised impossible, it significantly reduces the risk of such an event taking place. By the time someone tried it only a few times, Facebook would (should) lock them out and the chances they’ll guess correctly on the first try even knowing all the exact complexity requirements used is almost infinitesimal.

Conclusion

Is your LastPass master password truly the last password you’ll ever need? No. Your system password is still important to have and keep strong, I encourage people to encrypt their local disks (especially laptops) and use a unique and long passcode/PIN for decryption along with a TPM or USB key using something like BitLocker (which I’ll be covering in a future article) — this way to even get to your database the number of steps required are so many and complex I’d venture to say it’s bulletproof.

But if I can use LastPass to narrow down the number of passwords I’m required to recall on a daily basis down from the hundreds to around 5, and make the ones I don’t even want to remember anymore so complex that I couldn’t even if I tried, then I think it’s more than worth it.

Further Reading & Downloading

• LastPass
• YubiKey
• How Secure Is My Password
• AES – Advanced Encryption Standard (Wikipedia)
• DES – Data Encryption Standard (Wikipedia)
• GNU Privacy Guard (Wikipedia)
• Salted Hashes (Wikipedia)
• One Time Passwords (Wikipedia)

After Thought

Last night I stumbled on a deal where you can get a Yubikey and one year of LastPass for only $30, this normally would be $37. Nice little chunk of change. The even better deal is you can get two Yubikey and one year of LastPass for only $45. This is a $62 value. You can associate multiple Yubikeys with your account and then in the event your primary one is lost or stolen, you can dig your reserve key out of a safe location and remove the lost key, and then later replace the key.

Frank also pointed out to me last night something I neglected to mention. You can also deactivate the Yubikey requirement from a trusted computer such as your primary system that is in a secure location. A trusted system would obviously be one you’ve configured to bypass all of the security checks for your account. Right now I don’t have any systems where I bypass all of the checks, so I forgot to talk about it.

Something else I forgot to say, was that you can also disable the Yubikey through an email verification, but if your email password is protected by LastPass that may be harder to do. My LastPass account is on my iPhone as well so I could go that route to gain access to my passwords in the event of a failure. Again I forgot to mention it in the article but since you obviously can’t hook a LastPass USB token into an iPhone, you can setup pre-authenticated mobile devices to only require a passcode to unlock. Combined with a security lock on the phone, the phone itself becomes a sort of “token” you have to have to get in.

There are also other ways to perform multifactor against LastPass that don’t involve a YubiKey, including your own preconfigured key like what I mentioned, as well as a paper card you create that is unique to your account. I just think the YubiKey is the easiest and more secure way to go.