Social Privacy - So who is connect.me?

Over the last 24 hrs I’ve been watching the growing debate around a new website that has appeared called connect.me.  It has very little information on it, and had even less on it yesterday (no privacy policy).

Sophos’ security blog, Naked Security, picked up on it here – and highlighted the madness of some people who are registering with a service that does not say what it actually does. Especially when you need to hand over the keys to your LinkedIn, Twitter or Facebook account to them to get in. Surely these people have seen what can happen when any of these accounts get compromised?

I’m pleased that Sophos actually had a response from the people behind connect.me, but it still doesn’t exactly fill me with confidence. This feels decidedly dodgy to me. Anything that doesn’t explain exactly what they are offering before I have to register, or give me a way to register with some other details is a big no-no for me.

What really shocks me a little is actually the people that are registering for this service. I have seen a number of exceptionally technical people fire off the automated tweet saying they have “reserved their username” on connect.me. And some of these people should really know better than to trust an unknown entity with their identity. (Hey, that rhymes!)

Needless to say, I’ll be keeping well clear until their intentions are well known.

UPDATE: I’ve just come across this article on Mashable. To me, it feels like they are trying to justify the approach connect.me has taken, by arguing that they are in “Startup Stealth Mode”. Well, if that is the case, why would they post it on Facebook in the first place, and why on earth would you have a viral hook in there to hit twitter etc when people signed up? Does not seem terribly stealthy to me. I have to say, I’m still not comfortable with their approach – it’s one thing to collect email addresses, its another to collect social media details.

The Internet, Social Networks, and Privacy

I’ve said it before, and I’m saying it again. Nothing on the internet is temporary, and nothing is private.

And yet people really do seem to expect things that they say on social networks, such as Facebook, to remain private. There have been articles after articles on people complaining that they have been skipped over for promotions, not been offered a new job or even lost their jobs due to things they have said online. And yet they wonder why?

Facebook is a great example. Back in the day, when they obviously had not thought about any privacy concerns, everything was open. Things improved after complaints, and the media spotlight was brought to bear, and information became restricted to friends of friends only. Now you can actively control where your information goes (well, more or less) – and there are warnings when you add applications that it will have access to your information. And yet people still add them, and even the rogue data collection spam ones too. Why? Is it the social network’s fault? Or is it user education? Or is it both? Or even, something else entirely?

I get tired of trying to tell people that what they post on the internet will not disappear (for example, my very first company died out a long time ago … and yet the Way Back machine can STILL dig up the website cache for you to view!). You delete things on Facebook, and you think they are gone. Then just go and try their “download user data” option and check it out. Nope, your information is still there. All those messages that you thought were deleted … are there. Hope you didn’t say anything incriminating!

I’m not advocating a police state style managed internet, but I’m advocating user education – and sensible web app construction. Privacy and Security should NOT be an after thought, but should be deeply ingrained in your design and architecture.

And people really do need to stand up and take any aftermath of things they say. Free speech is still alive yes, however, remember to put your brain into gear before you mouth. There are too many people out there that can probably read your social network page, blog or newsgroup posting to just rant off about something – especially if it’s something about a company or person that you would not want to say to their face!

And, please people, stop adding those damn rogue apps on Facebook. They drive me nuts.

If only users would actually read some of the articles on security blogs, such as Naked Security by Sophos, we might have a slightly safer digital world. But then again, that would assume that people actually understand their personal digital security …

There has to be a better solution to this. Maybe Apple have the right idea with their App Store after all – trying to prevent rogue app introduction by vetting every submission …

The road to IPV6..

What with all the news about IPV4 addresses running out on the public internet, it got me thinking about my internal setup.

Ok, first off, I really don’t need to run IPV6 internally at the office or at home – we don’t have that many devices lurking on our networks, but it would be an interesting test case for our network linked products.

However, we have been thwarted.

Our Cisco router happily will work on IPV6 after having latest IOS images loaded.

But our network printers will not. Bugger.

Ironically, both printers are HP and one isn’t even that old.

Come on HP. Wake up and smell IPV6.

Clicky Dashboard; a desktop window on your Clicky Web Analytics

On the first of February my company released a small, very simple, companion application for use alongside Clicky Web Analytics.  The app in question is called Clicky Dashboard (yeah, I know, its original Smile).

What does it do?

It simply pulls information down hourly and presents the pertinent parts of your Web Analytics on a desktop client – letting you keep working while still keeping an eye on your website performance.

At the moment, the application is extremely basic as it was never really intended to be released – it was built for internal use; however, we thought that there might be a need for the application by others.  Instead of pushing forward developing it in various directions that might not actually make sense, we though that we would open it up “as is” and get YOUR feedback. What would YOU want it to do. What statistics do YOU want it to display.

So why not download it, have a play (with the fully functional 30 day trial version) and give us your feedback?

For details on Clicky Dashboard, please click here

The ZZR Rebuild project!

I noticed this morning that the last posting I had on here was back when I fist got my ZZR; that is a while ago now! Since then I even bought a Honda Hornet (good fun), and sold the Hornet. I do, however, still have the ZZR but she has been laid up due to problems with the valve clearances.

Turns out that after doing some shim work on the ZZR, it showed up a problem of extreme coke build up which was preventing them from closing properly – and therefore, no compression. Ho hum. Anyway, cylinder head’s been sorted, and things are slowly getting there – trying to fund it all while starting a business is proving awkward, but thanks to a good friend of mine doing the work it’s a lot easier than it would have been! Kicker at the minute is that while pulling it all apart, we found that the cam chain has stretched and needs replaced. That and a full gasket kit, and the engine should be ready to put back together.

Oh, she was also resprayed to black too!

Here’s some pics to keep you amused for now.

54075_169748276370854_100000070486783_605110_3913151_o54075_169748279704187_100000070486783_605111_3794656_o

TFS 2010: Using a 'hard lock' approach to source control

Just in case anyone is a TFS 2010 user, and they don’t like the multiple checkout support that it has (i.e. more than one person can edit the same file, and they just have to resolve conflicts on check in) then you can change it to use the old-school approach of full locking on checkout – this means that only one person can edit a file, or even, hold a lock on it. If anyone else wants to edit that file, they are blocked until you check in your changes.

Why would you do this? Well, pretty much the only reason is if you have developers on your team who don’t understand “current” source control and you keep loosing changes when people check in.

So, how do you change this option? It’s easy enough, but you will need permissions on the Team Project to change it – if you are unsure, speak to your TFS Administrator.
To get to the option itself, first go into Visual Studio, to the Team Explorer and then right click on the project you want to change the option for. Then select Team Project Settings, then select Source Control.
In the dialog that appears, untick “Enable multiple check-out” and hit ok.

Job done.

Updating a Mitel 5340 IP Phone

Here's the steps that I usually use for upgrading the firmware on my Mitel 5340 IP Phone.

1. Download tftp (see below), and start
2. Open the phones browser interface, and in Network Config set the TFTP Server IP.
3. Save and reboot the phone
4. Copy the firmware files into a new directory, and change Current Directory option in tftp to this folder
5. Back in the phone browser interface, goto Firmware Update, down to Manual, select TFTP and hit Update. The phone will reboot and download all the updates.
6. Pray - do NOT power anything down, or cause any issues!


IMPORTANT: If you can, step through the upgrades one version at a time - do not JUMP to the latest version as this can corrupt the phone.

You may need to do a reset to defaults - to do this power up the phone while holding down the # key - this lets you into what would seem to be an engineering menu.

Note if you do a reset, remember to change the protocol back to SIP (if you are using SIP of course!).

Always backup your configuration before carrying out any upgrade.

Good TFTP Server for Windows: http://tftpd32.jounin.net

Final note: The latest v8 firmware does seem to a take a LONG time to initialise, but it does seem to get there eventually.

Small Software Vendor? Finding an e-commerce partner (Part 2)

A while ago (or, MORE than a while ago!) I started looking for an e-commerce vendor for my small, bespoke software company.

I looked a number of potentials:

Cleverbridge
Avangate
FastSpring

Out of the three, I had worked with Cleverbridge and Avangate. And found both to be competent.

However, FastSpring as a new kid on the block – and I have to say, I was very taken with their nice user interface, and flexibility.

One provider, Cleverbridge, quickly ruled themselves out. Upon contacting them, enquiring about their services, I was quickly told that they “only deal with companies with a monthly turn over of more than $20’000”. But they could do me a deal of a 12% commission and a $5000 setup fee.

Hmm, so then there became two.

After much tooing and froing, I have to admit, it was pure aesthetics that won. I just like the FastSpring user interface, and their support was exceptional.

So, I’m now a FastSpring customer. The Wildfire Software online store will be launching the same time our first product is released – some time this month in fact.

2009, 2010 .. and the future

It’s been a couple of years since I did a rough round-up of the year gone by (I actually thought I posted one last year, but it seems not!), so I thought it was time that I did another one. That and my good friend beat me to it. However, I have to say, I think his year looks better than mine was!

Back at the end of 2009, I remember vowing to my close friends that were celebrating the end of the year with me that there was no way 2010 could be as bad as 2009. Oh how wrong was I.

In January 2009 I lost someone who had meant an awful lot to me when I was growing up – and, I have to say, someone who I hate to have lost contact with. It was, unfortunately, one of those “I must just” instances, always wanting to make time to get in contact, but never actually succeeding.

In January 2010 I lost my grandmother on my fathers side; someone who I spent a lot of time through my childhood. Needless to say, it hit hard.

For both years, I worked exceptionally hard, keeping myself busy and, to be honest, not really looking at much else except work. Except of course taking the motorbike out for the odd spin … but I didn’t really ACHIEVE anything. At least, that’s how it feels.

However, the biggest difference against 2010 and 2009 … I quit my job – and went self employed. Only time will tell if this has been a good idea or not, but this year, I have made the decision that I have to allow time for myself. Time to relax, and enjoy what I have and with the people in my life. Somehow I still have to find out how to fit this into being self employed …

Oh, that and complete my Avaya training, and time permitting, do some more Microsoft exams (got to keep things current you know!). Maybe even do a presentation at a technical event. Who knows.

Cisco 870's and upgrading Flash memory

I recently upgraded my Cisco 877’s with additional Flash memory modules to max them out, and let them take the newer (larger) IOS images.

And I have to say, I hit an unexpected issue when I was doing the upgrade.  It seems the config files (as well as however the flash listing is stored) persists – even if you change out the Flash module. This resulted in the router attempting to boot an image that was no longer present (although when I checked later, it appeared in a dir flash: listing, with a zero file size), and ended up at rommon. A little bit of work later and I copied an IOS image over from my tftp server to the router, and restarted it.

The rommon commands for loading and IOS image by the way are (all the following are essential):

IP_ADDRESS=<ip address for router>
IP_SUBNET_MASK=<subnet mask of your network>
DEFAULT_GATEWAY=<gateway for network>
TFTP_SERVER=<ip of your tftp server>
TFTP_FILE=<filename of IOS Image>

Then enter tftpdnld and hit enter - this actually starts the download.

One router recovered, one didn’t – it just complained about being out of memory, and crashed.

I dropped back into rommon, reset the configuration register to 0x2142 so that it would try loading with no configuration – incredibly it worked. After wiping the saved config (copy running-config startup-config, while booted with no config, and resetting the configuration register) the router worked happily – all I had to do was plug all the settings back in.

It took me a while (not helped by forgetting to save the first time around!), but I eventually got there. I really don’t understand why the router was complaining to start with – both are running near identical configurations, on the same hardware revision – and that even after reconfiguring everything back to how it was, it is now still behaving.

Most odd – one thing to bear in mind, it seems, when upgrading Cisco’s is that you might need to prune your config if it fails to boot your new IOS … that and, always keep your console cable handy!!!