I remember getting what I thought had to be a snail-mail phishing attempt: a poorly-worded letter from my (major) credit card company, printed badly on something resembling toilet paper with a dot-matrix printer, saying they wanted to check an unspecific transaction with me so I should call some phone number with my card details handy. Needless to say, it was actually genuine: phishers would probably have used a better printer...

There's certainly room for improvement - but even moving from Windows Update to Microsoft Update took them a while, and that was just a case of extending support to another of their own products! I never cease to be amazed by just how resource-intensive the update check is, either: check for updates on a machine with "only" half a gigabyte of RAM and be prepared for many minutes of disk thrashing as the process responsible blasts through the hundred Mb barrier; at one point last year, I tried a little race, Debian 'apt-get update/apt-get dist-upgrade' against MS Update. In the time it took the Microsoft offering to download and display the list of applicable updates, apt-get had checked and updated not one but three separate machines, all less powerful than the Windows machine - even though the Debian tool covered every application installed.

I'm not sure the current Microsoft Update could realistically be extended much further - it struggles badly enough under the current limited workload. I agree about the InstallShield abomination, too: my heart sinks whenever I find myself having to install and support an application which has been mangled that way.

Rather than extend the existing MS system, though, I think the best route might be an open third-party update mechanism, preferably with central administration facilities and policy support. Having helped support labs totalling a few hundred PCs in the past, I'd love to be able to see that Firefox, Thunderbird, AutoCAD and Virusscan are all patched up to date, or indeed to be told that those three PCs in the corner are behind on patches and need investigation. As it stands, half our applications will tell users (who don't have the necessary account privileges to update anything) that they need updating, irritating users and making us look out of date - the other half silenty wait for an admin user to run them, which may not happen for weeks.

Sure, I could try to shoe-horn every application into some third-party application management setup - but that's a whole new world of pain, expense and overhead. Why can't I just approve and install Firefox, then have a privileged service automatically update to new versions without needing local intervention? I can't go round 200 machines, logging on locally just to update the web browser every other week!

I did this for a while with a free subdomain (my last name .ath.cx); unfortunately, I did this when I registered a domain with Verio. The domain itself has long since expired, I haven't had any dealings with Verio for years - but verio@mylastname.ath.cx still gets spammed regularly, because it was automatically listed as the domain contact address in Whois.

There is a Mac application I use a lot now called 1Password, which keeps track of passwords and other details - it has a built in facility for entering your contact information and a secure random password on registration forms which works very well, so making it generate and use a one-time email address should be easy enough, addressing issue 2 quite well at least: Chase wouldn't object to 72d48f27@... - the first four octets of the MD5 hash of 'Chase' in hex - in the way it might to chase@... Similarly, your mail client could be programmed to send to each recipient using their own personal address for you, perhaps entering it only as a Reply-To (with no email address in the From field, just a name). Not as useful for personal contacts, business cards etc, but that's 2 and 3 dealt with at least.

I had that last summer; I got the impression this was a transitional thing, though, and that once the airlines get the system working properly it will just take your ESTA number instead. Mind you, I had to switch browsers just to get Continental's site to complete the process (otherwise, it hung just after entering passport numbers), so it could be a while before they get that far...

Those prices can be insane, although I do wonder how many people actually pay the full price for those premium fares, as opposed to upgrading through frequent flyer miles or similar systems. Also, I seem to remember from the days when I did LON-IAH several times a year that BA had an option below Club class, something like "World Traveller" - a hundred pound premium for some extra legroom, a better seat and better food. Nothing like the extra luxury of the wallet-destroying classes, but a significant improvement from what I saw. (Not that I ever flew in it: I tended to avoid BA because EDI/GLA-LON-IAH was much less pleasant for me than GLA-ORD-IAH. Almost anything beats CDG, of course!)