For the past 5-or-so years, Macs have been increasingly made to be more business-friendly. That is to say, more Microsoft-friendly, since Microsoft Windows Server software is such a dominant force in the user-facing server space (e-mail, remote access, file sharing, etc.).
The iPhone has been a challenge for us to get to work nicely with either of Microsoft's e-mail server juggernauts, Exchange 2003 or Exchange 2007. From synchronization issues to certificate complications, there just have not been a lot of full Exchange-on-iPhone integration projects that I would call "challenge free."
After the first generation of iPhone basically offered no support for synchronizing with Exchange, I welcomed the news that the second generation of iPhones would gain Exchange synch capability as a feature. It still wasn't perfect, but movement in the right direction nonetheless.
Today, I'm simply speechless at the news that iPhone OS 3.1 has gone the other way - it is less Exchange-friendly than before. Specifically, it no longer supports encryption that the default Exchange 2007 setup - and most corporate IT departments - require of mobile devices.
So, let me get this straight. Apple releases a "bug fix" 3.0-to-3.1 update to roll out an AppStore and ringtones enhancement, and breaks the corporate functionality of the software? Interesting priorities . . . some things don't change, I guess.
Tuesday, September 15, 2009
Monday, September 07, 2009
When Open Source is Less-open
As a guy who's all for more competition in the marketplace, the creative free-marketeering presented by the open source movement is a welcome one. Small businesses need to really be careful, though. When a company adopts an open source solution, what are they really getting themselves into? On the face of it, it seems like a win-win situation. It's a platform that is low- or no-cost, it can be enhanced and upgraded without copyright infringement worries, the company has a competent architect (presumably) to put it all in place and there is usually a fairly robust support community behind the technology. What could go wrong?
I've seen a few situations lately where companies have been talked into an open source solution whose upkeep and administration is a complete mystery to anyone other than the original implementation team (typically just one person). You can see where this goes: the implementer and the company part ways, and now the company's actually got a system that's more proprietary than if they'd just plunked down the money and bought a retail package.
Yes, there's a support community, but it's usually online-only . . . so the company still needs to find a specific resource willing to take on the task and unravel the Gordian Knot of their open source mess.
Money spent on mainstream solutions not only buys the software. It also usually buys the assurance that there is a healthy supply of actual human beings ready to work on the solution (not just an "online community"), and/or a company willing to step in and assist (for a fee, of course) with any need a company might have with their software.
Example 1: a company had been talked into converting one of their old file servers into an advanced Linux software firewall. It worked OK even when the Linux consultant left, but when they needed some more advanced VPN functionality they failed to find anyone who could make it do what they needed. The solution was to buy a $1,500 Juniper firewall and pay Foxtrot for a half-day of configuration time.
Example 2: a company had a Linux-based file server which was installed by a former employee. Nobody knew how or why it worked, and when it failed they had no idea what to do. They have a few people who are tech savvy enough to take care of some issues, but because none of their people are familiar with Linux, this problem was unsolvable for them. They asked us to come in and install a Windows Small Business Server, and now their people can at least have the familiar Windows desktop to deal with . . . and they've got Foxtrot and the rest of the Microsoft consultant community ready to fall back on.
I've seen a few situations lately where companies have been talked into an open source solution whose upkeep and administration is a complete mystery to anyone other than the original implementation team (typically just one person). You can see where this goes: the implementer and the company part ways, and now the company's actually got a system that's more proprietary than if they'd just plunked down the money and bought a retail package.
Yes, there's a support community, but it's usually online-only . . . so the company still needs to find a specific resource willing to take on the task and unravel the Gordian Knot of their open source mess.
Money spent on mainstream solutions not only buys the software. It also usually buys the assurance that there is a healthy supply of actual human beings ready to work on the solution (not just an "online community"), and/or a company willing to step in and assist (for a fee, of course) with any need a company might have with their software.
Example 1: a company had been talked into converting one of their old file servers into an advanced Linux software firewall. It worked OK even when the Linux consultant left, but when they needed some more advanced VPN functionality they failed to find anyone who could make it do what they needed. The solution was to buy a $1,500 Juniper firewall and pay Foxtrot for a half-day of configuration time.
Example 2: a company had a Linux-based file server which was installed by a former employee. Nobody knew how or why it worked, and when it failed they had no idea what to do. They have a few people who are tech savvy enough to take care of some issues, but because none of their people are familiar with Linux, this problem was unsolvable for them. They asked us to come in and install a Windows Small Business Server, and now their people can at least have the familiar Windows desktop to deal with . . . and they've got Foxtrot and the rest of the Microsoft consultant community ready to fall back on.
Thursday, June 04, 2009
FTC delivers major blow to spam facilitator ISP
A company, most prominently operating as Triple Fiber Networks (3fn.net), got a rude awakening from the FTC last Tuesday. http://www.ftc.gov/opa/2009/06/3fn.shtm. The data center was not shut down; their bandwidth providers were petitioned to turn off the "internet spigot," effectively leaving the servers running with no way to get to the rest of the digital world.
Turns out, the company is not only allowing/tolerating spam bots, child porn hosts and online scammers to operate from its datacenter, 3FN has been actively positioning and advertising themselves as a premium solution for such dirtbags. Their ads have been spotted on several identity theft and other community sites where "high-risk hosting" services may be sought. These guys were pretty seriously nasty, and it's nice to have them out of the game.
Here's the government filing PDF. Actually, not too heavy reading, and some very interesting little tidbits of information collected to get the court order to shut down. http://www.ftc.gov/os/caselist/0923148/0906043fncmpt.pdf
The other side of the coin is that this move seems to have shut down many legitimate sites. One example I can cite is: http://www.freesoftwaremagazine.com/columns/free_software_magazine_caught_3fn_shutdown_crossfire. Thankfully, it looks like they landed on their feet OK. I know of other companies, and indeed entire web hosting companies (legit ones - yes) whose sites were hosted through 3FN. Some of these legit business sites have been dark since Tuesday, as their owners seek to retrieve their data and quickly move the sites over to another host.
I'm not sure what the alternative was, and certainly "the perps" needed to be taken down suddenly and without detection, but I must wonder whether another substitute/temporary host could have been arranged beforehand to avoid the downtime for legit operators. The ingenuity and creative thinking involved in web sites these days always amazes me; seems like it could have been employed to help alleviate some of the pain.
The ne'er-do-wells will of course also move their sites, but if this move sends a message about what the US will tolerate to happen on our turf, this is a victory for the good guys. Overall, I think we've done more good than harm here.
Turns out, the company is not only allowing/tolerating spam bots, child porn hosts and online scammers to operate from its datacenter, 3FN has been actively positioning and advertising themselves as a premium solution for such dirtbags. Their ads have been spotted on several identity theft and other community sites where "high-risk hosting" services may be sought. These guys were pretty seriously nasty, and it's nice to have them out of the game.
Here's the government filing PDF. Actually, not too heavy reading, and some very interesting little tidbits of information collected to get the court order to shut down. http://www.ftc.gov/os/caselist/0923148/0906043fncmpt.pdf
The other side of the coin is that this move seems to have shut down many legitimate sites. One example I can cite is: http://www.freesoftwaremagazine.com/columns/free_software_magazine_caught_3fn_shutdown_crossfire. Thankfully, it looks like they landed on their feet OK. I know of other companies, and indeed entire web hosting companies (legit ones - yes) whose sites were hosted through 3FN. Some of these legit business sites have been dark since Tuesday, as their owners seek to retrieve their data and quickly move the sites over to another host.
I'm not sure what the alternative was, and certainly "the perps" needed to be taken down suddenly and without detection, but I must wonder whether another substitute/temporary host could have been arranged beforehand to avoid the downtime for legit operators. The ingenuity and creative thinking involved in web sites these days always amazes me; seems like it could have been employed to help alleviate some of the pain.
The ne'er-do-wells will of course also move their sites, but if this move sends a message about what the US will tolerate to happen on our turf, this is a victory for the good guys. Overall, I think we've done more good than harm here.
Wednesday, June 03, 2009
9 Tips for running a better webinar
I'm on so many technical and business webinars, I thought I'd give my little Top 9 list of do's and don'ts for delivering one.
- Callers muted!! I cannot tell you how many times some goofball talking in the background, combined with the host's inability to isolate and/or remove that line has led to a completely ruined webinar.
- No phone bridge if you don't need one. If you don't need to have people talking, don't force them to call a phone number - deliver the audio online with the video and don't make people take that extra step. Some webinars I've been on will offer the phone bridge, but it's only for people who want to comment - fine. People can give themselves the option of calling in if they think they might need to chat, versus people like me who are always listeners-only with questions afterward offline. Unnecessarily requiring a phone bridge will lose some participants.
- Communicate beforehand. Remind them at least twice (one of which being within 2-4 hours of the start of the webinar). Can't tell you how many webinars I've casually signed up for and then never attended because I forgot and was never reminded, or only reminded once, days in advance and forgot the day-of.
- Communicate during. A good alternative to phone bridges is to just allow viewers to comment-and-question in a little chat box right in the viewer. The talker needs to have someone monitor this while they're speaking, otherwise they will miss questions.
- Communicate afterward. Webinars also *must* publish a replay. Basic stuff, but some do not. I missed the webinar, and now I get no info? We're all losers in that equation. Publish the replay, and make it easy to get to (no convoluted logins, please!).
- Keep the thread going. Either on the replay page (via a comments section), or in an actual billboard/forum-type posting area, allow people to anonymously (again - without &$%^#%# login requirements) comment on the webinar and discuss the topics. This gives the moderators the ability to easily publish answers to "I'll have to check on that" questions, and for offline-question-askers like me to ask and get answered.
- Slides work and applications transfer nicely. It's awkward having to divert our eyes from someone's half-naked son on their desktop background as they close their PowerPoint deck so they can move over to the video player. It's called a hyperlink - embed it in your PowerPoint slide, test it and use it. *Click* and you're playing video. Video finishes, and you're back on the slide deck. No half-naked sons.
- Time wasting. People either with their decks out of order ("This is someone else's slide deck that I'm using, so I'll skip around a little") or otherwise not able to deliver succinctly are wasting that time *multiplied by* the number of viewers on the webinar. This kind of behavior tells me this is not very important to you to get right . . . so it's probably not worth my time either!
- Have I mentioned no logins? You will probably have to require some kind of login or authenticating link, but then everything else should be free to do whatever without having to jump through more security hoops. You're providing information and mainly filtering out bots, not guarding Fort Knox. If you're collecting info for marketing purposes, do it as non-invasively as possible.
Friday, April 24, 2009
What does a LOST laptop cost?
Much has been made in the past 3-5 years regarding the attractiveness of laptops, and dwindling purchase cost premium over desktops. Laptops are more popular than ever. What people often forget is that there are higher costs of ownership in laptops, and one of those is the "risk cost" associated with having company data out there in the world.
Laptops are more easily broken or lost/stolen, and we have certainly found that they are FAR more likely to contain data that has not been backed-up. Laptops are on the network with the server less often, and when they are the users usually want to be 100% productive (won't understand the performance hit while their data synchronizes).
This combination of fragility/lose-ability of the systems, plus the "untethered" nature of the data makes for a very dangerous combination.
Here's a great article about the cost of a lost laptop. Some of it's probably exaggerated/overblown, but the fact remains that data security and backup are the biggest challenges when dealing with a laptop-mobile workforce.
Laptops are more easily broken or lost/stolen, and we have certainly found that they are FAR more likely to contain data that has not been backed-up. Laptops are on the network with the server less often, and when they are the users usually want to be 100% productive (won't understand the performance hit while their data synchronizes).
This combination of fragility/lose-ability of the systems, plus the "untethered" nature of the data makes for a very dangerous combination.
Here's a great article about the cost of a lost laptop. Some of it's probably exaggerated/overblown, but the fact remains that data security and backup are the biggest challenges when dealing with a laptop-mobile workforce.
Friday, March 13, 2009
Anatomy of an IT Debacle: Norm Coleman Campaign
As many in MN know, the Norm Coleman campaign had a pretty serious security breach, to the tune of exposing 40,000+ e-mail addresses and 4,500+ credit card numbers to any anonymous person on the internet.
This was not a case of a web site being forced-entry hacked. Rather, as the Mpls-based consultant who discovered it explains, the database was actually published - without any security layer at all - to their web server. It may have been a database backup and not live data, but the fact remains that irresponsible action - backing up a sensitive database in public view - by someone who (presumably) did not know what they were doing has jeopardized the personal information of tens of thousands of people.
The vulnerability was secured fairly shortly after it happened back in January, but it was open long enough for ne'er-do-wells to acquire the database and it has now been posted for download (with credit card numbers strategically scrubbed) on a site which shall remain nameless (shameless?).
This opens debate on another issue altogether. It's certainly not legal to publish an e-mail list that you gather yourself; why should posting someone else's data breach be any different? It's going to make a very bad situation into a complete nightmare for thousands of people, and it's disappointing to me that (apparently) no legal action has/can be taken to stop this posting. It's surely serving as a nice little source for a whole array of scam artists. I can't for the life of me figure out how it could be that now, almost two full days after the list was posted on the internet, the ISP of the poster has not been petitioned to take it down. I'm not on the list, but for those who are . . .
This was not a case of a web site being forced-entry hacked. Rather, as the Mpls-based consultant who discovered it explains, the database was actually published - without any security layer at all - to their web server. It may have been a database backup and not live data, but the fact remains that irresponsible action - backing up a sensitive database in public view - by someone who (presumably) did not know what they were doing has jeopardized the personal information of tens of thousands of people.
The vulnerability was secured fairly shortly after it happened back in January, but it was open long enough for ne'er-do-wells to acquire the database and it has now been posted for download (with credit card numbers strategically scrubbed) on a site which shall remain nameless (shameless?).
This opens debate on another issue altogether. It's certainly not legal to publish an e-mail list that you gather yourself; why should posting someone else's data breach be any different? It's going to make a very bad situation into a complete nightmare for thousands of people, and it's disappointing to me that (apparently) no legal action has/can be taken to stop this posting. It's surely serving as a nice little source for a whole array of scam artists. I can't for the life of me figure out how it could be that now, almost two full days after the list was posted on the internet, the ISP of the poster has not been petitioned to take it down. I'm not on the list, but for those who are . . .
Monday, March 09, 2009
A place to park files online
In troubleshooting computer issues, I'm always looking for a place to quickly, simply "park" a file or two online.
A great service for this is found at www.drop.io. The things I like the best are that it's free (of course), and there is no login required. It just gives you a randomized URL when you drop your file on their site, and you just pull it up on the other end . . . and you're good to go. There are encryption and time-to-live settings as well, which is also cool.
A great service for this is found at www.drop.io. The things I like the best are that it's free (of course), and there is no login required. It just gives you a randomized URL when you drop your file on their site, and you just pull it up on the other end . . . and you're good to go. There are encryption and time-to-live settings as well, which is also cool.
Subscribe to:
Posts (Atom)
