I put Spottt up on my blog last Friday because I’ve seen it on a few other blogs and thought it might be a good idea to try. If it worked half as well as Entrecard for pulling in people to read then it would be worth the space. I read that I would have to wait up to 24 hours for my blog to be approved, so I waited patiently, but when Sunday afternoon rolled around I decided to start looking into the service a little more.
Since I was now looking for the banner, I noticed where most other sites had their Spottt advertisement displayed. Spottt “requires” that the banner be placed above the fold. Their specific definition is no more than 850px from the top of the page. I placed the banner within that limit but then started noticing that most sites with the Spottt banner were not displaying it within the top 850px. Right off the bat I’m disadvantaged because the way it is supposed to work is that you receive advertising on other people’s sites based on how much you in turn advertise locally. People are much more likely to look at or click on an advertisement that is placed above the fold.
On Monday they finally approved my site and started running advertisements. I was clicking through my site to get to the admin page this evening and noticed that there was a scantily clad woman on the ad. I refreshed the screen and up popped a second scantily clad woman. Now TechByPC is not specifically family oriented, but it isn’t anti-family either, and I have no intention of offending any of my guests by displaying a picture of a woman that might offend some. I went over to my wife’s blog and checked it out there as well since I had requested hers be added at the same time. Similar advertising was being shown. Well, they just lost me.
Wired has a description (warning: language) up about how the guy hacked into Palin’s email account at Yahoo. I am not sure that hack is the right word since this was more of an exercise in social engineering and search engines. What bothers me most about this article is how it describes the “hacker.” Some poor kid in his dorm room at college has enough foresight to get behind a proxy (even if it is just one). Not only that, but his own description of his activities demonstrates forethought.
The hacker said that he read all of the e-mails in the Palin account and found “nothing incriminating, nothing that would derail her campaign as I had hoped. All I saw was personal stuff, some clerical stuff from when she was governor…. And pictures of her family.”
His story is of someone who was more worried that he would get caught than worried that he was doing something wrong. This is someone who is morally stunted and needs crash remedial training before he ends up in jail for a crime that may actually hurt someone. He will probably end up with some jail time for this, or at least some community service, because the only thing he really did was to violate someone’s privacy. I am assuming that he didn’t make copies of the data or post that data on the Internet and that someone subsequent did that. His second stupid move was posting the password on a forum which instead of making him seem more anonymous is just going to increase the charges against him and the interest of the authorities to catch him.
He tried to derail her campaign. That’s should be wrong no matter what your political viewpoint is.
Here to ask why has a post about this with some good tips. I have another few -
Use a different password for every website. Here’s how I do it: I use Roboform to generate and save passwords. Most passwords are 12 characters or more and randomly generated. There are relatively few passwords that I need while away from my computer, so it isn’t a problem. For those I use something with slightly lower number of random characters and numbers, but it is still complex.
Change your birth date and other personal information slightly when registering on sites. Most sites that ask for your birthday just want to know that you are over 13 or 18 or whatnot. This means you will have to remember your fake birthday just in case you need to reset your password. Here’s a tip: Use the birthday of someone you know.
Randomize security questions and answers. I back up my passwords in many different places, all encrypted, so I’m not going to lose them. When a website allows me to randomize questions and answers I use my random character generator within Roboform to generate the answers and then save them in a notecard. The name of your first pet can be a4lzioE0lPJY, and the name of your high school was 58PiZgotJD1A.
Watch your account for strange activity. Google has a newish feature that shows where login activity has or is occurring and allows you to sign out sessions if you accidentally left your GMail account active on another computer, for example. I use Fastmail which has had the loging feature for a long time. Most banks and places where privacy is important will also display your last logged in time and IP. If they don’t, ask them to start.
Change your password if you have the slightest doubt that something is going wrong. With Roboform this is easy, and I can sync up my USB Roboform2Go and backups quickly enough.
I really thought Microsoft had some clue where they were going with those Seinfeld advertisements, but it appears that they were just as clueless as the rest of us. It is sad really. I was hoping for some of those “Oh, I get it!” moments as the advertisements continued. Instead we get a failed advertisement campaign similar to the failed Vista launch. What is Microsoft doing correctly these days?
The one thing that I hope was a good move was partnering with Packet 8. As Vonage tanks due to overwhelming debt, Packet 8 continues to rise as the VoIP leader. I hope the Vonage folks take a lesson from the Sunrocket debacle and start thinking about options to change their phones to another service NOW so that if it does happen you are prepared as much as you can be. When Sunrocket disappeared I was in the process of evaluating a free month of Packet 8 and so I got a jump start, but I know many people were burned pretty badly.
One day just suddenly, Sunrocket’s dissolution was reported all over the news. We didn’t get any warning from them at all. My reaction was this: My service was through Sunrocket and currently incoming phone calls are receiving a fast busy. We are still able to call out, but if you are trying to reach me you’ll need to know my cell phone number. I will get this switched soon. My primary choices are Packet8, or ViaTalk. ViaTalk has the most comprehensive feature package and has responded quickly to the news http://vtinside.com/blog.html but I am partial to Packet 8 because of it’s long-time existence and numerous VoIP patents.
My decision was made quickly: It is a tough decision to pick which provider to go with. Vonage is expensive and in trouble with Verizon so I’ve left them out. ViaTalk has the best feature set and great prices, but they say it will be 5-7 business days even with expedited processing and overnight shipping before I’ll see a device. Then I’ll still have to wait for the number to be ported. Packet 8 says they can port the number in 2-4 weeks, but this is their standard answer, and I have a feeling that it will be faster. ViaTalk is completely overwhelmed with people signing up for their service. Since this is likely to better than double their business, I am unsure if they are equipped to handle the onslaught, and expect that they can’t be far behind SunRocket in the going out of business club. Packet 8 on the other hand is a 20-year old communications company with dozens of patents regarding VoIP technology. I think they have the longest staying power of any VoIP provider out there besides cable companies and landline phone companies who also provide VoIP. I’m going with Packet 8. Call me on my cell phone until my number ports.
The 911 issue has always been a concern with VoIP – if the power goes out so does your 911 service. Well, I use a UPS, but that doesn’t protect me from ISP outages or VoIP company outages. I feel secure with Packet 8 knowing that their company is making a profit.
Full Disclosure: I do own a few shares of Packet 8 common stock.
In my previous post on Cellular One I mentioned that they have handed off the local towers to AT&T. Fellow blogger Dan Brantley mentioned his experience with such a transition. Well, I can report that some of that is coming true here. In addition to running down the battery on my Blackberry, my wife’s phone (which has already transitioned to AT&T) lost its SIM card today. I pulled it out and put it back in and all is well for the moment, but that kind of stuff just never happened before.
I understand that management finally got wind about the roaming. I passed the information up earlier, but I write so many emails I’m sure it got lost. I understand that we have worked out the new contract, but have no idea what kind of terms they worked out. My guess is that it was a two year contract, but at the rate we add phones that’s probably not a problem.
I did some more looking at phones and the one I’m interested in is not out yet. I want something that looks like the Blackberry Curve, with a full keyboard, but in a flip model. At least I haven’t seen it yet. Going by what Blackberry says is available for AT&T I’ll probably go with the 8820 if I’m given a choice. If I get one of those without a full keyboard I’ll have to yank the SIM and put it in my old phone because I can’t stand that predictive typing stuff.
I noticed over on Mobile Tech News that they say the 8220 has a full QWERTY keyboard. If it does, then I’m interested, but I can’t tell from the pictures that Blackberry has whether or not this is true. I did a google image search and everything is small, but it seems to me that there is no full QWERTY keyboard there. Someone correct me or confirm this?
I live in a region that AT&T recently took over from Cellular One. All my household phones were switched over rather easily months ago. We don’t talk much except to eachother, so the prepaid phones have been the cheapest route to go there. My work phone is a Blackberry 8300 and so far has not been converted to AT&T’s network. I noticed late last week that the roaming triangle started appearing on my phone even while at home and work which have always been prime locations for signal. The phone must have started searching for a non-roaming tower because I can’t run more than a day without a battery charge now. It is quite frustrating. I never had this problem in non-ATT areas before. I asked around a bit at work and everyone’s phone is doing the same thing now.
I understand that we’re supposed to be either getting new phones or new SIM cards for our existing phones. I’m wondering what the holdup is.
I’m really hoping for a new phone. It’s not that I don’t like my 8300, but so many advancements have happened since then. The GPS function is one of the most interesting, however I’ve also noticed that the newer models have a more responsive interface than mine. Of course there’s the storm/thunder too, but I’m not sure how I would like a keyboard that didn’t have a raised surface.
I signed up for Entrecard.com yesterday. See the link on the right. I’ve been looking around the site including many blogs that are part of the network and I have some interesting observations. Most notably, I see a lot of blogs that are poorly written – mainly just filling words like they were after some kind of quota and not saying anything. The craziest thing is their feedburner stats, most of which are over 200. Now I know that there aren’t 200 people interested in reading these blogs since I could hardly get through a single post on them. Is this a more sophisticated version of the spam blog?
I think Entrecard has a neat thing going that has the potential to do very well for itself. It naturally makes advertising on poor quality sites cheaper. Of course at the moment since I’m new my site appears to be low quality. It works by sharing advertising with other bloggers. Unless you want to there is never any cash that changes hands. I have noticed that many of the people I make a connection to will drop by and reciprocate. I’m wondering if that is how they all got their RSS subscriptions as well.
I’m not really into the profit blogging thing, although I wouldn’t mind making some money to help make ends meet here. It just seems like I have a very fine line to balance between trying to gain readership and maintaining the professional image that I want to have. This blogging thing is more complicated the more interested you are in doing things the right way rather than just making a quick buck.
I saw a very strange article today where someone tried to argue that SaaS (Software as a Service) changes the CIA (Confidentiality, Integrity, Availability) paradigm (Triad). I was confused and read on only to find that there was no argument within the text to back up that statement. In fact, Availability was used as an argument against itself. I started to write a comment, but then it got too long and I realized that I was probably just going to offend the guy because of something he wrote out too quickly without reading it over. I’m sure I’ve already written something like that myself, or if I haven’t yet I will.
First, here is an explanation of the CIA Triad in a nutshell. These are the core principles of information security:
Confidentiality refers to preventing disclosure of information to unauthorized systems or people. Integrity refers to the data remaining in the system the same way it was put in – that it can’t be modified without authorization. Availability means that the data is available when needed and that security controls and systems that house the data are functioning correctly.
I’ve heard many people argue against the need for the Availability piece as it doesn’t sound as interesting as the rest of it. Of course the data needs to be available, but what does that have to do with security? Joe Technician keeps the systems available. The problem is, if the system is not available, then it is not valuable, and if it is not valuable, then it is not worth using. Availability also refers to security controls being in place at all times. If the security controls for a system suddenly become unavailable, say a log file fills up and no mechanism for rotation or offloading that file is in place. Subsequent actions taken on the system may compromise Integrity, and in fact simply because the logging facility was not available we may have an Integrity or Confidentiality issue.
I understand what the article was trying to say about increasing exposure to Integrity and Confidentiality by going to a service based environment because you will be offloading sensitive information to a 3rd party, however SaaS also increases Availability issues as well. Instead of running Word on your desktop, which works whether or not you are connected to your LAN, the Internet, or anything else, now you are relying on Google (for example) to provide your word processor over the Internet. Your 3rd party still has to get you the service. In providing SaaS, both the provider and the buyer need to consider Availability just as much as Confidentiality and Integrity.
I’ll give you a simple example. I can run your company’s ERP system for you. I’ll design the system so well that after you put data into it no one will be able to get it out. I’ll make it so safe that no one can make unauthorized changes. Actually, we will take your ERP system, unplug it, and stick it in a double locked vault where I know one combination and you know the other. That satisfies Confidentiality and Integrity completely, but ignores Availability.
Some businesses or systems within a business naturally emphasize parts of CIA over others. For example, there is a company that sells a USB key that has an internal self-destruction mechanism if an authentication is failed too many times. There are cases where availability of that data should suffer. If I am bringing a copy of proprietary company confidential information from one place to another, this might be the best means to transport it. If someone steals the USB key or I lose it in transport, I want to be assured that the data will not be available to whoever found it or be able to be modified by someone sneaking into my hotel room in the middle of the night. In this case I am willing to sacrifice some availability, for example if I forget my own passkey, for the sake of Confidentiality. This in no way negates the CIA triad or changes its paradigm. The USB key still must be available to me in order to be useful. I need to be able to put data on it, and it needs to be possible for me to bring it from one place to another. Once there, I need to be able to authenticate to it and decrypt the data that is there. In other words, the data must be available else I’d never buy such a device. The manufacturer still has other availability challenges such as how to decrypt and unlock the device on an alternative operating system (making it more available), or how to alert the user if someone was trying to guess the password since the last time it was successfully accessed (protection system availability).
In fact, each piece of the triad is intrinsically linked to each other piece in a delicate balancing act. As I said, it is easy to have a completely Confidential system if there is no Availability (try a pipe to /dev/null). When an end user asks for a network share behind the firewall to be available to a customer in another company, then we suddenly have much more need for security in the forms of Confidentiality and Integrity, but it was Availability that triggered the request. If we forget that Availability triggered the request, then we might as well not worry about the additional Confidentiality and Integrity needed to satisfy that unneeded Availability.
CIA is intrinsically linked and each piece must be considered in developing any system, including SaaS. There is no paradigm change. I know the author of the article knew this, because he argued points against his own thesis. It got me thinking about stuff though, and that’s always a good thing. I didn’t write this to offend or pick on anyone. If there is something I’ve overlooked or misread about the original article I’ll be glad to have it pointed out to me, because I just don’t understand it the way it was written.
JungleDisk is first because of its low cost and extreme versatility. Purchase the full version for $20 and use it on as many computers as you like. I have my same license running on at least 7 computers, Windows and Linux. This gives you a drive location that you can share between computers, and even archive information to. For my desktop and laptop I have a number of programs that use this as primary storage. I store software that I pay for online. I store my photos in it. I store a little bit of music in it.
JungleDisk uses Amazon’s S3 service to store information. This means that all your information is backed by a large corporation across multiple data centers. Businesses use S3 as their means of livelihood, for example Smugmug. I’ve never had a problem with availability. The JungleDisk client that runs on the desktop or server encrypts all your data before sending it to S3. You should choose to create your own key, print it out and save it in a safe place or two along with your JungleDisk registration information. This will ensure that in the event of a disaster that you can recover your data.
My Linux server used to back up every day automatically through JungleDisk to S3. I had a series of scripts that dump MySQL data, and rsync the web structure. I can browse these from my laptop at home to ensure backups are being kept. I also archive old log files. Unfortunately I decided to move to the next version of Jungledisk and it wasn’t compatible with the old Linux client. I have to jump through a lot of hoops to get my headless server to run Jungledisk, so I’m using SCP to home in the mean time.
I use Mozy on my primary computer, which happens to be a laptop. The advantage over JungleDisk isn’t great, except that the cost is fixed at $4.95/month. My current backup size is 15.3GB, but I am expanding the selection of files that it is saving, so eventually it will have my entire non-installed base of files that I would like to recover. Mozy’s backup engine seems to be a little more robust and hands-off. Again, I created my own encryption key and saved it in a safe place – JungleDisk, and hard copy.
Consumer level Voice over IP (VoIP) hasn’t taken off as much as it probably should in the United States. The most telling reason is that so many people don’t have a reliable high speed Internet connection. The other reason is that the technology is just not understood. A brief review of services that I have used is included below. For the techie we also worry about net neutrality. I’ll write about that later.
I recommend that anyone setting up home based VoIP invest in a good UPS as well so that the phone works during power outages.
This is the company that everyone knows about. The advertisements on TV and plastered across the Internet have found their way into almost everyone’s home. Their service is solid and feature filled, however their financial situation is shaky. All that advertising has to come from somewhere, and right now it is the stockholders who paid for it. Many customers were given the opportunity to buy in when the company had their Initial Public Offering (IPO), however they were also disappointed when the stock price started falling. Those who invested purchased stock at $17 which is now worth less than $2. Most probably no longer hold it, however there may be a few die hards out there who do. In any case, Vonage has a lack of good will by its stockholders and by its customers. I recommend staying away. The Vonage device that I tested had a noticeable hiss in the background that never could be completely eliminated. What was suggested by the Vonage support people were using a DSL filter, a wireless signal transfer system, and/or placing a resistor on the 2nd phone line from the Vonage box. The resistor did end up mostly doing the trick, however how they could expect their customers to do this to make the product useful was beyond me.
The second most popular VoIP company. This company has not been doing so well on Wall Street, however their array of patents, solid service, and practical policies on advertising make this a much better buy than Vonage. Of all the companies tested, Packet8 sounds the most like a regular land line telephone. They also cost the most like them. Packet8 charges fees above and beyond their set rates for things like E911 service and number portability. These are usually combined into the bill by other VoIP companies. Expect to pay over $30/month for their $24.95 plan. My bill is $31/month even. This is still my top pick in spite of the cost, and in fact because of the cost I believe that this will be the company with the most staying power of any other standalone provider.
Lingo has a decent service comparable to Vonage, however their customer support is foreign and non responsive. My first experience with Lingo was pretty awful. I received their device and installed it and later that night, somewhere around 2am, I got a phone call from Lingo support demanding to know where I was located. There was no “hello” or anything, just “What country do you live in,” “Where do you live,” etc. I called the next day to complain about it and they said it is standard practice because some people were buying them for use in the USA and then shipping them overseas. Well, I can understand they want to check that, but do a reverse lookup on my IP and call me at a decent time for my EASTERN USA timezone. Not 2am! Lingo has a bad habit of having their service fail on a regular basis. Support tickets will go unanswered until they resolve the problem then they will claim that they couldn’t find a problem and close the ticket. This is the reason I finally moved on.
Bundled
The largest advantage with a bundled service is that many of them offer a quality of service guarantee that is nonexistent with other providers. When the same company owns the last mile as well as your telephone service, they can prefer your voice traffic over all else. If contention arises with any of the other providers, the Internet provider can easily drop you packets, or treat them exactly the same as any other traffic, and delay them. The net neutrality issue is not an issue with a bundled service.
The biggest disadvantage to bundled service is that you can’t take it with you. One of the nicest advantages with other VoIP is that you don’t have to change your phone number when you move or even when you go on vacation. When your VoIP service is tied with a local provider, then you have to find a new local provider when you get to your destination. Any of the other services can move around, be taken on vacation, etc and still work just fine. You should be able to port your number still, but not having to re-buy phone service is a plus.
I recommend staying away from this company. Their customer service is always backlogged, and their website makes promises they don’t intend to keep. For example, if you select overnight shipping it tells you that orders by a certain time will arrive the next day. This is not true as I confirmed personally with their support staff – they never ship the same day they receive an order. In spite of the customer service issues, it is still a good service according to many reviews. They have more features than any other provider, and once you get it installed you have a good chance of never needing to talk to their service department again. The price is roughly half that of anyone else if you get the 2-years for one deal and can afford the $200 up front. I can’t tell you how many times I have been tempted to try them again.
SunRocket
This provider went out of business almost a year ago. I list them here as a warning to consumers who are looking to get into VoIP. Many users who had this service when the company went out of business had pre-payed as much as a year in advance. Some users had their service instantly dropped the day the company went out of business. Some users were able to keep their service for a short while, allowing them to find another provider. I suspect that most of these customers ran back to traditional phone companies, however many of them found their way to other providers. As much as possible, research the company you intend to transfer your phone number to – you don’t want this to happen to you as a consumer or as a business. Publicly held companies are better because of their more open financial information and their duty to shareholders. Vonage and Packet8 are the two I know about and it shouldn’t be hard to figure out which one is likely to last the longest.
PC
Entries (RSS)