Social Networking and Security / Privacy

As I’m sure some of my (two!) regular readers will remember, I have previously blogged about the security (or lack thereof) when it comes to using Social Networking websites – and specifically when you make use of any of the applications on them (here's looking at you Facebook).

What’s more disturbing is that I came across this article today, which is equally concerned about it. It does actually increase my concern about Facebook – I hadn’t realised that when a friend takes a quiz, or makes use of an application, they can actually provide access to MY data through them. Interestingly there ARE some controls on Facebook to limit this, but I have yet to find them through a route in settings – but instead you have to use a direct URL:

Maybe you should all check to see what is accessible (take the quiz mentioned in the article, you might be surprised) and adjust your settings …

I’m all for Social Networking, but please, can we at least have some accountability?

Cloud Camp Scotland

I attended Cloud Camp last night in Edinburgh at The Appleton Tower @ Edinburgh University and it certainly delivered a few insights.

As you probably are aware if you read my blog, I work fairly heavily with the Microsoft Azure cloud at present, although this isn’t to say that I have not investigated the other possibilities such as the Amazon Elastic Compute (EC2) offering.

Why did we choose Azure? Quite simply it is a good way to ensure that we are using the same tech stack from top to bottom, which for us allows us to greatly improves our maintainability of our toolset.

There were a couple of product vendors there that did spark my interest: aicache and rightscale. It’s a pity that the management vendors do not support Private Clouds based around the Microsoft Hyper-V arrangement, or we would have seriously taken a look – as it is, they only support VMWare. Shame. Seems a hole in the market!

Another thing mentioned is that it is time to nominate for the Scottish Open Source Developers Award! It’s actually the first time I’ve heard of the award, but it seems a good idea. Unfortunately it seems that their website is down.

You can get an idea of the action by having a look at the #CCScotland tweets from last night:


There is one thing that I realised while sitting outside watching the world go by … I need to go back to University :)

Some more Microsoft Dynamics CRM 4.0 gotchas

Hit another Gotcha with CRM 4.0 today when enabling the Outlook integration – when you install it under 64-bit, the odds on it will insist that you do not have Outlook installed, or it is not your default mail client.

To get round this, you need to tweak the registry a little:

Change the default value in both these keys to “Microsoft Outlook”


And restart setup.

Problem solved :)

Installing Microsoft Dynamics CRM 4.0 Gotcha

I wish installers patched round things like this, especially when they interface with standard mechanisms.

We have decided to have a look at Microsoft Dynamics CRM at work, and carrying out the installation seems fairly painless – until right at the end of the wizard I got an error.

“Action Microsoft.Crm.Setup.Server.MsiInstallServerAction failed. This update package could not be opened. Verify that the update package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Install update package”

It seems that the installer uses the Internet Explorer cache, which defaults to 50Mb. And guess what – the update is more than this, so it happily deletes it after downloading.

Fail! Simple increase the cache size and start again.

More Annoying Errors - MS Azure Related (again)

Argh – trying to debug an application locally with the Azure Dev Framework, and got this:


Yet another really helpful error message guys. Surely in dev stuff (and CTP’s) it’s worth actually giving lots of error data – at least we might understand it and be able to submit more detailed reports back :)

First steps to personal e-security

So you are wanting to be more secure in your day to day activities on the web …

Well, the first thing you need to learn is checking up on where you have BEEN (yes that right, not where you are going, but where you have been!).

Maybe that doesn’t make sense, but let me give you an example.

You, like most people, probably use an online (free) webmail service, or perhaps the webmail service that your Internet Service Provider gives you when you sign up.

Have you had a look to see if it actually tells you something simple such as when you last logged in? Or even where (as in the IP Address)? This simple piece of information is usually enough of a red light should someone gain access to your account from a location that you do not normally use – or a time that you are usually at work, in bed, whatever.

But hold up. Who actually understands what an IP Address is, let alone read one (ok, outside of this circle eh?)?

Maybe we need to come up with a good way of identifying the “norm” for a particular user from a list of previous addresses, and flagging anything unexpected up for them. Maybe at that point you could  carry out additional authentication before allowing access to data.

Either way, I can not help but feel that in this digital age, something has to happen to improve digital identity security.

Quick and Simple list paging in WCF

I had to come up with a quick way to do paging of a List of objects today as we have been hitting the packet limit on WCF – we could have easily increased the limit, but in my opinion this just masks the error and doesn’t actually fix it.

Anyway, the quick solution that I implemented is roughly as follows:

Change the interface definition on the WCF to allow you to pass in a page number

In your Data Access Layer code, take the page number and do something like:

int skipCount = (pageNumber - 1) * pageSize;

foreach (Signup alpha in webDal.Signups.Skip(skipCount).Take(pageSize))
// Do something else where

As you can see – very simple, no fuss and uses Linq. And in theory it shouldn’t load SQL either thanks to the Skip function.

I believe the RIA Services toolkit is going to have paging in there, but I don’t want to switch everything over right now ;)

SmartStamp: Royal Mail missing a trick?

Almost three years ago I wrote a piece about the fact that Royal Mail did not provide any means of integrating with their “business class” SmartStamp postage printing software.

In three years nothing has changed.

But, something has.

More people are now using CRM solutions, such as Sales Force, or even self hosted solutions such as Microsoft Dynamics.

Even more are running SugarCRM or any of the other million open source offerings.

Ebay / Paypal have a deal to allow you to print off shipping labels, with postage, via Royal Mail (through their online service, a bit like SmartStamp).

Hey, but you have guessed it. Still no SDK for SmartStamp.
Personally, I find it slightly nuts that a team of developers can write something like this, and not consider the fact that third parties will want to integrate. I’m even more amazed that the architects, managers, and so forth have not realised there is probably an untapped fund stream there!

Facebook Applications - Should we be concerned about privacy?

With the proliferation of Facebook applications, and people starting to install (even if they don’t use!) them, should we be getting concerned about them?

I mean, would we install a desktop application that promised to give us 30 seconds of entertainment if it wanted access to all our personal details – such as name, address, phone number, list of friends, etc?

I don’t about everyone else, but I have a habit of allowing applications that friends are using – experimenting with them for a bit, then removing them when I get bored. The key thing being, I remove them. How many other people do the same thing, but don’t remove them – leaving the application with access to your details?

Thankfully the data handling engine (and storage) is all on the Facebook system, but from what I can see there is nothing stopping the developer from adding offsite calls to push the information out of Facebooks system into their own – and would we really know? I’ve checked a couple of games quickly with the Web Developer Helper tool for Internet Explorer, and noted that some do appear to push information out – although the majority only download static content from external servers.

Perhaps we need to reconsider what information that we allow these applications to access? Might be nice if Facebook allowed you to see a summary of the information that is being exposed to the third party applications, and perhaps allowed us to anonymise some of the data?

What I would also like to know is what happens when we remove an application? There doesn’t appear to be a nice obvious indication that any data the application has collected while you have been using it has been purged (which SHOULD happen)…

Some of you will probably have noticed that over the past few months I’ve become rather interested in privacy on the net, in applications and of course with social networking (what better target – everyone has it in their life these days in one way or another). The reason behind this is that at my day job (plug … Money Dashboard Ltd … /plug) we are working on some pretty nifty software, and one of the aspects we are taking exceptionally seriously is data access and privacy. After exploring the required steps internally, I am amazed at how much information we divulge in our day to day lives, which could be construed as sensitive, to unknown third parties.

Maybe it’s time we started questioning it.

Virus infecting Delphi apps

Sophos have announced a virus has been found (that has potentially been lurking for some time) which is able to infect Delphi apps by changing a key (Delphi installed) source file for the VCL.

If you are a Delphi shop, it might be worth checking into this and making sure you are running AV, and are not hit.

Details: and