Binary Blogger

Could The Cyber War Destroy "The World"?

2012-05-29T12:23:00.000-05:00

Digital Nukes

Flame virus the latest weapon in the growing, unacknowledged cyber war. Iran is getting bombarded by another round of devastating attacks, ravaging infrastructure, destroying the country from the inside out. No, this isn't a plot from a book this is reality. A cyber reality where new and powerful viruses are doing the attacks.

No one is sure where these viruses, Flame and Stuxnet, originated. Speculation is that the United States and/or Israel is behind their creation but no one is for sure. What they do know is that these vicious programs are specifically designed to carry out espionage, data collection, and destruction in specific types of systems. Purposefully designed with a mission or not these are software packages that are meant to be spread. Unlike bombs or missiles, these weapons do not destroy themselves. How can the designers ensure these weapons stay on course?

The more powerful the viruses get the more risk we are of these getting loose into the wild. In a more dire scenario these could be reverse engineered, cracked open and turned back against us. Depending on how they are released, the cyber war could bring down the whole Internet infrastructure. A rogue virus meant for a Middle East power substation instead hits the Intercontinental back bones and consumes so much bandwidth everything grinds to a halt.

Reading on how these viruses are used in the first place tells us that they are simply delivered over the Internet. The wide expanse of connectivity, the blurred lines between the Cloud and private networks, everything connected at some level. A silent cyber war with a fragile Internet infrastructure, and it is fragile, is a recipe for disaster.

The World has a new meaning, the world is a continuation of data, break that and large portions of businesses and society will not to function if the Internet is gone. It's part of all of us now and there is a dangerous war being waged behind the scenes. A nuclear attack would take out chunks of infrastructure, buildings, relatively isolated damage. An Internet war could spread across the globe at the speed of light and take out the world without a single bullet, bomb or missile.

Let's hope the creators know how to control their creations.

End of Line.

Facebook Is No Longer About Socializing

2012-05-16T09:46:00.002-05:00

The Internet itself was built on a social networking foundation. Email, Usenet, BBS were created for users to share information, socialize, exchange tips and stories, and very limited photos. Technological advancements in transmission and PC power just made the text based social sites obsolete to web based today. Internet users are still socializing.

The fierce competition between Facebook and Google+ in addition to all the new social network sites coming online in hopes to be the next one to take the crown is not unifying people but dividing them. Facebook appears to be a the central place for socializing but Facebook's usage is not as interactive as everyone believes. Now, days before the IPO, Facebook's shell is beginning to show some cracks and rust.

I personally have been on Facebook for years. Just looking at my personal use, a person who is plugged in and more active on the Internet than the average person, I can tell my social network use has shifted significantly. When Facebook was more dynamic, the Wall could be customized to your preferences, the front page could be ordered how you wanted, apps/widgets were out there to install or not install. Facebook was a great fun place to be. I would spend hours out there. Today I am on Facebook less than 10 min a day and the only thing I do is scan through the statues, once in the morning and once at night. That's it.

The old Facebook was about socializing. Personalization. My favorite Wall widget was the buttons. That widget was almost Pinterest like, being able to post buttons that reflect an idea, position, photo, political candidate, anything unique about you. The comments and conversations that spun off of that was great, interactive, social. Then Facebook changed to be more focused on informational statuses and less on uniqueness. That's when Facebook started to lose me. The biggest social networking site started their shift of becoming less about socializing. Posting a short status update is not socializing.

But Binary, Facebook has 900 million users?
So what? Once you get to a point of that many people you get members just from a "Everyone else is, me too" influx. "All my friends and family are planning the parties on Facebook, I am not on there but I guess I will have to." So what? How are the users using it?

Zygna games, a huge usage on Facebook. So what? The games are individual activities, not multiplayer in a social aspect but turn based. Check your status or text messages to see when its your turn on Words With Friends, play, wait... I have 6 or 7 games in flight in Words With Friends and Scramble With Friends, you know how much social interactions I have in any of them, zero. Play the turn and hit continue. That's not socializing.

The Like Button, share button on websites, and the other ways to post to Facebook is not socializing. Remote interaction just turns each person into their own personal news hub on what they feel is worthy. When your users are using Facebook like that, sure your user activity is going to remain high, but if no one is going to Facebook to read what others post what's the point? If someone makes a comment they are usually as bland as cardboard, "Nice article.". Like counts, who cares?

Facebook needs to stop worrying about Timelines and historical postings and get back to personalization, uniqueness, individuality of the users. Look hard on why users get so upset not on the evolutionary changes to the look and feel but on what's taken away. Why is that? Users loved it, that's why. Take a look at the Facebook name and remember what that should mean. A face is unique, the person behind a face is more unique, yet Facebook looks about the same no matter who you are looking at.

I understand you can 'customize' your own profile with witty photo, so what? I don't remember the last time I left my status feed to look at someone's main profile page.

We are all wearing the same blue jumpsuits in the sea of faces, not unique enough for people to keep caring.

End of line.

Facebook Testing New Paid Feature For Timeline Placement - God Help Us

2012-05-14T08:49:00.001-05:00

Every single day Facebook finds another way to not be a social networking site. I stumbled across an article, which has not been mainstream yet, that will allow users to pay to get their posts at the top of the time lines and stay there. God help us.

Here's why this is probably the worst idea and will backfire for those who actually use this feature. First off, depending on how many friends are in your network, you don't want to keep filtering past updates you already read. This is a quick consume and move on world. Having Jenny's birth announcement stuck at the top of your timeline for days is not going to make you remember it any more. As a user this would be the first major annoyance. As a side effect for a personal perception for any user that would pay to have their status remain on top is that everyone will think you are a pretentious, ego-maniac to require that level of attention.

An everyday user may use this pay to promote feature once as a joke, for a $1 who cares. It's the real users of this feature that will annoy everyone and their mother... the semi-pro bloggers. These are the people you follow that have a blog or two under their real names. These are the people that will get unfriended, unfollowed and ignored if they use this. It's bad enough that most of these bloggers, website owners, business owners use Facebook with their personal names and primarily post self-promoting updates. This is not why I have them on my Facebook friends list, if they want to promote their side projects, create a Facebook page. Now, if they are able to pay to get their posts to stick around, I'll drop them like a wood tick.

Facebook has lost sight on what it is and hung up on maintaining that $90 billion value and the only way they can do that is by nickel and dime the users for every little feature. This is not socializing. Some people will love it, but over time the only people that will be seeing these paid posts are other people who pay to have their posts featured. The rest of the user's will go off to someplace else to share intimate social details.

Google+ is looking very, very good right now.

End of line.

Facebook's Downward Spiral Begins

2012-05-09T11:04:00.000-05:00

As Facebook prepares itself for one of the largest, if not the largest, IT IPO in history it's users are starting to sour on the social site. Over the years Facebook has tried to adapt to the evolution of the social landscape and position itself as the leader. However, they have reached a point where their advances, changes, and new features are at the expense of the regular users. When your entire business is dependent on the users, Facebook may be beginning to dig it's own MySpace grave.

As a user of Facebook for many year, I have grown tired of the changes and the shift away from what Facebook was to where it's going. Zuckerberg and company wants to control your information and remove social groups. Read between the lines and all of the security features, the new timeline, and the expanding web of ways your photos can be seen outside your network is making it clear Facebook doesn't want anyone to have any secrets, social circles, or self controlled privacy. This is not what social networking is about. Since the dawn of time humans socialize in small groups. Most people, not all, but most people who use Facebook are 'Friends' with people that specifically choose to share semi-private thoughts, photos, ideas, posts that reflect one side of themselves. Much like going to a bar to have a few beers with some buddies, the jokes, profanity, and behavior is not how you are around your family, boss, or even other types of friends. Until Google+ came along, Facebook didn't even let your group your friends. All or none mentality of who can see your posts. This is wrong and I think the users are ultimately going to get sick of it.

My use of Facebook has significantly diminished from posting family photos, off color posts, and liking things because I don't know who else has their security open and will see that indirectly. So I don't. I use it to keep tabs of distant friends and have automatic services posts updated to my timeline like GetGlue, FourSquare, Shazam and other benign posts. Facebook is no longer a place where I socialize like I used to. Why? Facebook has screwed it up to the point of not trusting it. Coming from an IT Security guru, that should say a lot.

So as Mark trots around the country getting ready to suck in billions, the users usage patterns are slowing down, Facebook loses more and more of its identity as it tries to be more and more of the Internet social police and controller of content viewing... and Twitter will continue to expand.

People like simple. I jumped to Facebook because it was far more simple and clean than MySpace turned into. Now Facebook is beginning to remind me of how MySpace was simple then got too full of themselves as they tried to cram every cool feature to the users and missed the point.

Time will tell but the industry experts are all saying that Facebook's reign will be short lived and they will go the way of MySpace, AOL, Yahoo... and soon Facebook will be on that list.

End of Line.

Online Storage Options, Use Them All

2012-04-30T15:43:00.000-05:00

Recently Google announced and offered their much anticipated Google Drive cloud storage to the masses. For free an individual user can get 5 GB of online storage that can be easily shared across multiple devices with mobile access coming soon. This has added an additional choice to the growing number of cloud storage offerings for users, all of whom are scrambling for your money to buy more storage. Like any service the consumers are deciding on which one to go all in with. However, there is an alternative - use them all.

Cloud services are simple, convenient and relatively cheap additions to your home computing. As part of your backup strategy for your business or at home, cloud storage should not be your primary method. For the cost a home backup drive with 2 TB of space to save all your precious memories and data is still the best way to go. A home drive is under your control, safe and accessible. However, big clunky external hard drives do not make mobility or sharing an easy task for the parties involved. This is where cloud storage comes in.

With all the options that are now out there, Dropbox, Google Drive, Box, Microsoft SkyDrive, etc... they all offer anywhere from 2GB to 7GB each of free storage. If you use all 4 services mentioned you would get 19GB of online storage space. More if you go through the advertising and invitation perks with DropBox to get more free space.

Why would you go through the hassle to manage multiple sites? First is cost. This method there is no cost. Second is redundancy. Cloud services are only as reliable as the hosting and you want to be able to access your files right now. It hasn't happened yet, but there is a distinct possibility that a cloud service one day could lose data, your data. Third is space. If you are just storing documents then one service would be enough to support that. If you are storing photos and videos, those a space hogs and having multiple options for storing those helps you. Lastly is diversification, use each storage service for different reasons. Keep your documents on one service and only use it as a back up and another for sharing/collaboration. Don't let your personal and business files inter-mix intentionally or by accident.

There is no rule to say that a user can use only one cloud service. When you are being cost aware in this economy it is beneficial to use them all. Unless you absolutely need to have all your data in one location, there is no reason not to maximize what is offered.

End of line.

Apple Needs To Make The iOS More Parent Friendly

2012-04-24T08:38:00.002-05:00

The iPad is the hottest, fastest growing IT device on the planet right now. Students, business workers, and parents are using the iPad in a wide range of ways. As the software gets better and better, people are using the iPads as teaching tools for youngsters, some as young as 1. Personally I have been using my iPad(s) with my son for reading, counting, overall education and even entertainment since he was about 1 year old. Now as he is approaching 4 and can navigate the entire device, a large gap in the iOS methodology is beginning to be exposed and Apple needs to address it.

As Apple's approach to the iPad's marketing is everyone can use it. The whole family, there is an app for everyone. However, the iOS doesn't take this usage into consideration when it comes to security. The iPad wants to be used by everyone but Apple wants each person to have their own, not share a single device. This is not practical in an average household. If you are a parent, you need to have close supervision to watch a child make sure they are only using apps that are intended for them and not open your financial management apps, an adult rated game, Netflix to watch that R rated movie in your queue. The iOS has nothing in it to block individual use, its a all for one, one for all mentality and this is the gap and the biggest complaint I get from family users on how to fix it. Unfortunately I cannot.

This is the greatest leap that Apple can make to accommodate how iPads are being used. I am not recommending implementing a login feature and turn the iPad into a laptop, but expand the password blocks farther out into the iOS itself. Today the apps can prompt you for your iTunes password if you are going to make a purchase, but this is after you are in the app. Apple needs the ability to set a code for individual apps and/or app folders. This way parents, roommates, spouses, can place their apps into locked folders to prevent others from accessing those apps. As a parent I no longer have to worry about 3 year old quitting out of Elmo's ABC and opening Infinity Blade 2 or the sniper because he wants to see the big scary monsters and shoot the gun. As an iPad owners I am not going to spend another $700 for a 3 year old to have his own iPad and I shouldn't have to delete apps I don't want the child to see.

A simple solution to the iOS would make a massive difference on how the iPad's are consumed and perhaps would encourage parents to let their kids use them if they could be reassured they could only access the children apps.

Why Apple has not made a mention on this I do not know, but I do know that there are many people out there, myself included, who would applaud Apple if they put this in place.

Sometimes the easiest things make the biggest differences. Apple has always been about easy, simple, smooth. That's the main reason I dumped my PCs and started to replace them with iMacs at home. Apple gets it, I just hope they see and hear this request and get this too.

End of Line.

Minnesota Severe Weather Photography - 4-15-12

2012-04-16T09:12:00.000-05:00

April 15, 2012 southern Minnesota got it's first widespread outbreak of severe weather. Although the forecast thought the storms would be more widespread and powerful, there were still enough rollers to make it look ominous outside. I think at the end of the night there was one storm that dropped a tornado in an open field and one or two thunderstorm warnings. Nothing like what happened to the south the day before.

With almost every thunderstorm that rolls through I try to get out and photograph it. I find storms extremely fascinating and powerful. Last night I was not able to get out but the sky rumbled enough over head to get something. All you need is 1 photo right no matter how many you take and you never know when or where a shot will present itself. These I took from my bathroom.

I used a Nikon D300, bracket shot, 1 step apart, 3 exposures, F3.5, ISO200. No tripod, just continuous shot on the shutter release and holding very still. I ran them through an HDR program then did a DeNoise pass in Photoshop, no color adjustmentsn saturation adjustments, or content tweaks. The scene is as it was. I do the HDR process for two reasons, the first is to get the shadows of the clouds to pop, the second is that an HDR shot brings out the small details far better. The rain band in the background is hardly noticeable in the single shots but becomes clear when they are put together.

In between storm cells the sunset broke through and was beaming orange.

End of Line.

Instagram And Facebook - What!?

2012-04-10T08:56:00.000-05:00

Facebook bought the photo sharing app Instagram for a cool $1 Billion. $1 Billion dollars for a company that has now business plan, has not made one penny and run by a bunch of hippies that built Instagram in less than 2 months. Instagram says it's a photo sharing app but its not. You can only upload your photos but you can't share anything, like other people's photos to your friends. Where's the sharing aspect? When is the last time you opened Instagram and spent hours flipping through other people's photos? Pinterest does more photo sharing in the social world than Instagram does and yet Instagram got the $1 Billion check.

Mark Zuckerberg may have been drinking something quite magical to think this was a good idea. Then again this purchase was not about making money, it's all about information. Instagram is the #1 photo sharing site (for now) and Facebook is about people. The more people the better. It's that simple, there is no other explanation than that. I wonder the percentage of photos uploaded to Facebook from Instagram compared to the Facebook native camera uploader or other mobile means. That's probably what pushed them to buy them. How do you think Facebook would like it if the primary photo uploader to Facebook was owned by Google or Microsoft? I do find it very interesting that this was announced shortly after the Android version of Instagram was released, take a shot at Google while you are at it.

Now that it's done here is the possible fate of Instagram and how it will change. Facebook says Instagram will stay the same and won't change. Which part of Instagram, the logo? Integration of Instagram into Facebook is where its headed. Here's what I see happening to Instagram.

Instagram will become the mobile photo loaded you Facebook. Every photo you upload will be shared on Instagram. Zuckerberg doesn't like social classes or privacy, he has deep social issues that he doesn't want anything private between two parties. So what a better way to open the world to everyone than take a global photo sharing app and make everyone use it. Instagram has no ability to block your photos to your just your circles. It's visible to everyone. This is Facebook's M.O.

The next big shift I see is that Instagram will expand their filters to becoming a photo editing app.

Third I see Instagram losing users by the truck load, like me. Already Instagram has lost its charm and is over saturated with crap users. After being a victim of plagiarists by these Russian frauds posting photos lifted from the Internet and posing them as their own, Instagram is not what it used to be. The point is lost, for a photographer it's not a place for promotion or exposure, it's just a blurred niche thing. Now that Facebook has taken it Instagram will fade away.

Time to take a look at Hipster or any of the other 500 photo sharing apps out there that will step up and fill the hole that Instagram has left.

Don't get me wrong, for $1 Billion I would hand over any project I have without question, no matter how attached I am to it. Money talks.

End of line.

Google Glasses Are A Horrible Idea

2012-04-06T20:39:00.000-05:00

The Google Glasses also known as Google Glass made its debut this week to much geeky fanfare. I was not one of those cheering this technological marvel, I feared the destruction that is going to come with it. I love technology gadgets and can get excited about many cool things, this isn't one of them.

Google Glass is basically eyeglasses that has a small screen that projects/distracts to your eye tidbits of information. From the demo videos out there we can see you can get the weather, calendar updates for meetings, even chat messages. The device has a microphone so you can interact with it using your voice and it even has a camera. All neat cool things tucked into a device that is the ultimate distraction machine.

Just from the physical logistics and how the human eye's lenses work, you need to refocus your eye away from what's infront of you to have your brain process whatever the glasses are projecting. People have a hard enough time looking up from their phones, can you imagine in their eyesight is now partially blocked? There are some people that will use this new toy to the max and use it well, responsibly, and respectfully. The majority of the living world are not respectful, responsible and continually prove that they can't multitask. Now this comes along. Handsfree, voice controlled, with vision impairment. I pray that this thing is not made 4G ready and sticking to Wi-Fi only, it would defeat the purpose of the true mobility if you had to wear these things in a Wi-Fi hotspot, but you know that if people can't stop texting they would wear this thing and you might as well drive with a hood over your head.

Technologically this is an amazing project and shows what an awesome company Google is. However, there needs to be restraint on how this is applied to the normal world. All this information flow is making for an amazing time to be alive. I believe there is a limit to how much convenience we can add to our world. Adding too much will continue to remove the need for people to think logically, critically, creatively, organizationally, structurally... why would they, the gadget will do it for me and I will follow it, even if that means driving my car into a lake because the GPS said to go that way but didn't have the new road updated to it's map set yet.

As a technology lover I hope this gadget remains an experiment and doesn't make it to the mass market. There are far too many social, safety, and personal issues I can see with this focus sucking approach. For a screen that small, put it on a watch, a flexible OLED screen you can strap to your arm, a film to put on your TV, anything but projecting images to your primary visual focus area. The mass market world are just not knowledgeable or disciplined enough to handle something like this.

End of Line.

Employers Asking For Facebook Passwords - What!?

2012-03-22T09:00:00.000-05:00

SEATTLE (AP) -- In their efforts to screen job applicants, some employers are going beyond the usual questions about experience and references and asking for something else: Facebook usernames and passwords.

The practice seems to be more common among public agencies, especially those seeking to fill law enforcement positions such as police officers or 911 dispatchers. But it's happening in both the public and private sectors, and some job candidates cannot afford to say no.

Orin Kerr is a George Washington University law professor and former federal prosecutor. He says the practice is like "requiring someone's house keys."

Companies that don't ask for passwords have taken other steps -- such as asking applicants to friend human resource managers or to log in to a company computer during an interview.

==============================

I have posted many things around Facebook privacy and public versus private sharing. I read this today and fell off my chair in disbelief. Employers not only asking for your social profiles but asking for the keys to your account!!! What the heck! This is absurd. This shows that employers are not screening an applicants ability to do their job but also screening/discriminating an applicants full personality. This is absolutely unacceptable and a breach of everything about privacy you can imagine.

First off a person has multiple personalities in life. We wear multiple hats depending on the situation. Life is one big performance. That's the beauty of the human element, uniqueness and adjustment to our surroundings. Everyone acts, speaks, and thinks differently in different situations. At church, a home, at work, with your friends, with your parents or with your spouse each one of those is a different character you play. Facebook and the social networks is an extension of that and companies have no business snooping around those in detail if you choose to block it from public view.

If you have your Facebook and other social networks open for the world to see is one thing. But if you carefully locked it down to only be visible and shared by your close circle of social contacts then no one has the right to ask to look at that if you don't want them to. You social 'hat' has nothing to do with your professional 'hat' and your ability to do a job. As long as a person you can keep the two separate then who cares. People at work are in no way the person they are at home. Ever. Your CEO may be in a weird bondage cult that wear diapers. Who cares? That's his social 'hat' which has nothing to do with his ability to run a company as long as the two world don't conflict with each other.

Your social life is your social life. If you want to share it to all then do so. If you want to keep it private then do so. If a company asks to get into that circle to see your social side then decline. For decades companies have been hiring successful people to do work for them without knowing who they are outside of work and they have gotten along just fine. Just because it's easier now for people to get a glimpse into that once veiled world doesn't mean they have a right to do so.

This practice is disturbing and ridiculous. Help stop this before Big Brother is not just the government.

End of Line.

Pinterest And Sharing The Internet

2012-03-21T10:47:00.001-05:00

If you use the Internet at any level chances are you have heard of Pinterest. The latest social boom site. The idea behind Pinterest is sharing items, mostly pictures and videos, of things you like. You can create boards of wish lists, likes, lists, whatever and 'pin' things to those boards for sharing.

Now that the popularity of Pinterest is skyrocketing, the lawyers pay more attention to it and are coming in force to ruin the fun. The swords they wield are the every so popular copyright infringement arguments. Big name sites are pushing back on the Pinterest wave and even going as far to force Pinterest to have an 'opt-out' meta tag you can add to a website to prevent it from being pinned.

There are two sides of it that I want to talk about. The first side is Pinterest's Terms of Use of the site and the second is the growing social aspect of the Internet and the legal challenges that are starting to grow.

If you read Pinterest's Terms carefully they contradict themselves and Pinterest attempts to wash their hands completely of any liability of an infringement. In my opinion the terms are clearly immature for a young company and is just a CYA move. That being said here are the two big things that Pinterest says you cannot do.

- Pinterest apparently is not intended for your own personal marketing. Be social but not social about yourself but only post what you own.
- Pinterest says you can't post anything that doesn't belong to you. That applies to everything on the Internet that is not yours.

If everyone followed those rules then Pinterest would be a blank page.

If you read the terms further Pinterest says that they are not liable for any infringements if you pin a copyrighted item. This will never stick since Pinterest provided the means to violate the copyright in the first place and didn't have anything in place to block it. Like the early days of YouTube and users posting everything under the sun, YouTube was responsible to fix it. Pinterest is facing the same push back to control the methods.

Regardless of the obscure Terms of Service Pinterest is going to be squished to nothingness until the lawyers realize the Internet is a social world and things are shared. Whether it's on Facebook, Twitter, Pinterest, Tumblr, Posterous, Instagram, etc... everything now is about sharing. Copyright infringement is not and has never been about sharing outside a realm. Copyright is about protecting the integrity of the material and preventing others to take credit for and profit from said material. Sharing cannot be part of this anymore. It can't be and even if they wanted it to be it's now unenforceable.

It's just not Pinterest, Instagram is a horrible place for violations as well. Just look through the 'winners' of all these Instagram contests and look at their collections. Do you think there are so many people who are professional photographers who are world travelers? Absolutely not. They are image bots and image thieves that re-post other people's work. I know because my work has been shared by multiple people all over the Internet that I found by using TinEye.com. But Instagram has a very limited enforcement for those kind of things. I don't care if my stuff is re-shared as long as my name and website is credited. When others say they took the shot that's when I get pissed.

The solution is quite simple, too simple for a lawyer to come up with it. Make a mandatory link back to the source. If you post something that does not link back to the original source then it's a violation, just posting the link to the photo isn't enough. Pinterest can start the new wave by introducing the link back to everything pinned and from there it can spread. Then if the pin came from a random blog that posted a picture from Reuters without crediting Reuters, it's the blog's problem not the Pinterest pinner. EXIF information can be scanned to get the watermarks, websites, etc... and automatically tag it for the back link.

My point is sharing a photo or video is the Internet now. Sharing content. If you follow the lawyers into the darkness, sending an email with the same photo to your friends is a violation. In fact making a mix tape (for those who remember cassette tapes) by recording songs off CDs and records is also a copyright violation yet that was a billion dollar business for tapes.

I am for adding tags into the EXIF to block social sharing, not specifically to Pinterest but social sharing as a whole. I'm for flagging websites to protect the content. I'd go as far as to change the standards to include this social block. There needs to be an industry acceptance and legal change to realize that things are shared, the old copyright rules no longer apply to this world. New approaches need to be created to protect content if they want to curb it. They can't stop it they can only hope to contain it.

Pinterest will change over the next year. The Terms of Service will be tweaked and the site's functionality will be altered. I'd say if you like Pinterest now, enjoy it while you can, because the direction they are getting forced down will make it un-social and they will lose their original purpose and we will have the lawyers and fear of getting sued in ruining it.

End of Line.

My Move To The Mac - OSX Lion

2012-03-19T11:12:00.001-05:00

A few weeks ago I took 20 years of Windows PC loyalty and bought my first Mac. The iMac 21.5" model is what I went to and I don't think I will go back to buying a Windows based PC again. I am not saying I am done with Windows, just PCs in the hardware sense.

In the three weeks I have had my Mac I have done more productive things on it than I could on my Windows box without additional software, hardware and pains to getting it all setup. Dusting off my Unix skills and hitting the forums I have begun to make the Mac perform at the full geek level I require. That was the biggest deterrent all these years from getting a mac before was the unknown of the full flexibility of the OS. I know I could get Windows to do everything I wanted from programming scripts to manipulating the registry. With tender love and care my Windows PC is about 6 years old, home built running Windows Vista. I never understood why so many people had issues with Vista, I never did and I ran everything.

The Mac OS, I am running Lion, is something else altogether. The OS just works. It's so easy to work with, there is minimal guessing to where things are and the usability is fantastic. It's almost too easy to work with, after spending two decades with Windows, I almost miss the work sometimes. If you are a geek like me you still have the full ability to make the Mac however you need it to be.

Right now I have Time Machine doing my backups, upgraded to 12GB of RAM, moved most of my Windows files over to the Mac, hooked up my Yamaha DGX-640 to be a MIDI keyboard in GarageBand, VMWare running Windows 7, and a few other little toys up and going.

The Mac is not without it's faults. The hardware is tight and enclosed. Other than memory the hardware is not designed for home user's upgrades. That is a negative in my eyes, I will miss the ability to swap out the video card, upgrade the fans, slap in another hard drive when I need it. But for $200 the Apple Care is the trade off I guess.

The other big complaint that I have with the Mac is the recovery approach for the OS. Recently with Lion and the new Mac models Apple stopped shipping physical recovery DVDs. Most PCs now do not ship with DVDs to save money, but at least on the Windows there is an option to create boot discs at home. Lion you cannot easily do this. The recovery is fully online. This approach might be fine but this seriously limits the recovery and diagnostic tools if the boot disc and recovery is on the same drive. Right now I'd like to run diagnostic scans of my hard drive but in order to do that I need to boot to another drive or DVD. I can't make a Lion boot disc to do this. Out on the forums this is the biggest gripe I see from the techies out there that Apple changed this.

As for Mac being the center of my home PC world going forward I don't think there is any doubt. I am already starting to lineup getting a Mac Book pro for the Mrs. Macs just work. For anything that I need that is Windows, I am running Windows 7 64-bit on VMWare Fusion 4 and will be loading Windows 8 beta in a few days to play around with.

As the months move on I will get away from .Net programming and move to playing around with XCode and build an iPad app maybe.

End of Line

What's On Binary's iPad - Weather

2012-03-15T10:12:00.002-05:00

I am a weather nut. Had the college curriculum been one semester different I would have pursued a career in meteorology. Instead I am a super computer freak. Anyway, the iPad is my mobile weather station. I have many more weather apps at my disposal than I will list here, but these are my top 5 favorites.

AccuWeather - This app has a free and paid version. I use the free one because I don't care about the ads and I use AccuWeather primarily for the temp forecasts. It's a clean, slick app, loads fast, smooth interface and it's easy to use. The radar is just ok, it will tell you is precipitation is on the way but not much else. The video forecasts for the country are a nice feature but I don't use that much at all. I find the forecasts for temps are pretty accurate out to about two days, but their long term forecast past that changes dramatically daily. Aside from those flaws, I like this app for a quick and easy basic weather info.

MyRadar is one of the best radar apps out there. It's no frills, to the point, weather radar. Easy to read, animated and concise. The free version has ads the run along the bottom in a non-obtrusive way. The pro version removes the add and there is a weather warning add on to show warnings in your area and push alerts out as they come up. I don't use this feature as I am signed up for mobile alerts through the weather channel. If you need a simple to read, high detail weather radar MyRadar is it. I haven't found one better that is built for the average user.

RadarScope is the next level weather radar. This is a $9.99 app but if you are a weather nut, it's worth it. This is a full fledged Doppler radar app. You can pull up many different kinds of radar scans. It has real Level 3 data from any US NEXRAD station including the velocity data. MyRadar will show you there is a storm over your head, RadarScope will tell you the velocity of the storm and over lay warning boxes to give you the most accurate radar information I can find outside of the NOAA offices. If you watch Storm Chasers I have seen RadarScope on their phones as they chase tornadoes.

Weather Channel app is the staple of the weather apps. This is an app you just have to have. It has all the features of the other apps, but it's from the weather channel. I use this in conjunction with the others for basic forecasts and occasional videos, but it's not one of my primary tools. I have it on here because when it comes to weather you almost have to.

KMSP Fox9 Weather This is the weather app from the local news team. I love this app because it has everything. The radar is great, good forecasts and temperature trends by the hour. Very detailed locally, as I would expect from a local app, and the 10 day forecast has a short verbal description where most apps are just temps. Whatever company makes this app for them has also done so for other markets, check your area and I bet you'd find one close. If not, use this one, you can put any national city in and it will give you the same details. Great app!

There you go. If you are a weather nut here are some great apps when you are being sky aware.

End of line.

Social Networks As The Identity Store?

2012-03-09T08:41:00.003-06:00

I was at a dinner with other Identity and Access Management experts in the Twin Cities area the other night. As what techies do when they all get into the same room is we pick a topic and analyze the heck out of it. That night we got into a very interesting discussion around using social networks as an authentication source for business applications and what are the implications from that approach. Ignoring the technical challenges of federation and managing the identity, we were focusing on the broader issues of using social media as a trusting source of identity.

When you sign up as a customer for a company, that company does everything it can to ensure you are who you say you are as a person. Your home address, phone number, SSN, credit card, and other pieces of issued information the industry generally accepts that you can trust, mostly, that a credit card in combination with home address and a birthdate validates you as a person. After that, you get a special username and password for that company. Speed ahead and that's why companies need Federation to maintain single sign on across the services, trying to bring uniformity to a disjointed world of identity and accounts. (username/password accounts is not your identity)

So naturally the discussion moved on to social networks and looking to use those as the 'source of truth' for identity. Facebook for example seems to the be leading the pack on this shift to something like that. If you notice around the Internet now most 'legitimate' news sites, forums, and other public sites are requiring you to use your Facebook account to authenticate and comment and they no longer allow anonymous accounts. Now, I am 100% against restriction of the anonymous profile. An idea is an idea and should be allowed to be expressed in any way it can. Most of the time the fear of suppression, backlash and potentially violence against that idea is why people use aliases. This concept of anonymity is not new. People have been editorializing anonymously for centuries through letters to the editor. Now it's a much bigger newspaper with no editor in between the public consumption. I am not going to get into the argument of allowing anonymous accounts on the Internet.

It is important that if the IT security world is moving toward the universal Identity, someone, somewhere needs to have control around how that's done.

A universal identity for the Internet which directly ties to you as a person is coming and I think it should asit would solve many security holes that exist today when it comes to idenities. Much like a Social Security Number, there needs to be a key for you digital life as well. Verified by Visa kind of does it, but it's only for Visa. Facebook has the authentication process down but for the central identity it cannot be trusted yet and shouldn't be the one that does it. The government absolutely should not control it. I would trust a corporation to manage the Universal Identity 10 times over before the government. Because if the government has it then after you control how people can post then you control how people think.

Right now the hangup on wide adoption of the social networks as the identity provider is there is no hard backbone to absolutely guarantee that I am who I say I am behind the Facebook account. Anyone can get a Facebook account and call themselves whatever they want. In IT security, trusting users doesn't exist and no one should ever trust their users. That's the next step. A company needs to be spawned up that creates that safe, secure, personally linked identity vault that can be used for company's authentication and authorization systems. Until then, the social linkages are a nice novelty but will always limit the full release of features. What that means for customers is that you will have to maintain a username/password relationship with each and every company you do business with. That in an of itself it not secure and expensive for companies to maintain.

The universal identity is coming and corporate America will be the creators for it. It won't be for suppressing thought but maximizing the security of their data which in turn protects bottom line.

End of Line.

Blogger Dynamic Views - Another Try

2012-03-06T22:35:00.002-06:00

From the blogging position I have slacked off a little bit. On a professional note I made a big transition out of a toxic environment into one that embraces success. That has consumed a large portion of my time as I get back into a new routine, new timetables, new way of thinking. I forgot what's it's like to work for someone that expects delivery and not just outlines and pretty roadmaps.

Anyway, as part of the revitalization efforts I am giving Dynamic Views for Blogger another try. I have played with it before and abandoned it for a couple reasons. First, no side bar widgets where you have to put tracking info for websites into like AdSense. You cannot edit the HTML core for the Dynamic Views so it's limiting in that way. Second they used to not have a clean way to subscribe and a few other minor annoyances that added up to something not worth while to keep. I may switch back to the old way. We'll see.

End of Line.

Siteminder R12 Performance with a Java Bug - Resolved

2012-02-20T13:48:00.000-06:00

This is my story about the most complex, deep Siteminder performance issues I have dealt with in my 10 years of working with the product. I'll detail this out and layout the solution.

We built a brand new Siteminder R12 environment on new hardware last year. 4 policy servers built, 2 separate environments, 2 servers running each environment.

Siteminder SP3 CR 2
Java JRE 1.6
Windows 2008 64-bit
Dual Hex Core processors, 32 GB RAM

This is not an under-powered environment. We also put in CA Wily to monitor the Siteminder environment.

Our approach was a parallel setup meaning the new R12 environment would be built along side the existing R6 environment and we would move applications over a few at a time instead of a throw the switch. This way we have far more quality control in case we can into something bad, we could revert back to the other environment very easily.

The R12 environment was running for 4 months perfectly, no issues, nothing. Then we put our biggest application on the environment and they migrated 100,000 users over. When that happened about every 7 to 8 days we would have an unexpected climb in Response Times on the policy server. We go from an average of 20ms to over 500ms in a matter of hours and usually when we were not at peak traffic. Odd. We would recycle the services and everything would return to normal. 7 to 8 days later it would happen again. When the application continued to add users the rate of the issue reoccurring would get more frequent. When the application hit their 100% migration mark, 1.5 million users, we would have to recycle about every 32 hours.

Because of the days between issues it took a very, very long time to figure out the logs we needed, changes to be made, and it was mostly a waiting game between tweaks to see if things worked. Since it appeared to be related to the high traffic, we were never able to recreate it in the lower environments because we were never able to get the load high enough and we were never able to run a test long enough.

We engaged CA and they stepped up to help us out. It took a while, due to the time between issues, but eventually CA was able to rebuild our unique environment in their lab and they were able to successfully recreate the issue. It took CA over 60 hours of stress testing to trigger it, but they did.

Between our logs and theirs they were seeing that the delays were coming from the Policy Server trying to connect to the JVM. In the example below, 7 second delay.

7 second delay connecting to the JVM

[01/12/2012][13:40:51.876][12116][6816][ Look up a cached object.][SmObjCache.cpp:918][][][][CSmObjCache::Lookup]

[01/12/2012][13:40:58.850][12116][6816][ SmJVMSupport, Successfully attached JVM to thread][SmJVMSupport.cpp:112][][][][GetJVMEnv]

CA and our team worked over the next couple weeks getting more log tuning, debug traces, garbage collection details, and config changes trying to figure out why the delay was happening. We tried to open a case with Oracle, the proud new owners of Java, and that was a miserable failure. 3 power house companies with hundreds of millions invested into Oracle technologies all received the same answer when we tried to open a case for Oracle to answer a question on Java. We didn't have a paid Java support contract and Oracle would not take the case. My company, CA and IBM all got the same response.

So we had to do the next thing and hit Google to find the answer ourselves. Once again CA stepped up and figured out what the problem was.

In Java 1.6 there is a memory leak with Ljava.lang.ThreadGroup. From programming forums on the Internet this Java code does not exit properly and Garbage Collection never cleans it up. Over time the leak will slowly kill the processes and any program using it, i.e. Siteminder. This problem will exist in any R12 version you are running if you have the Option Pack installed and running JRE 1.6 (which is the required version anyway).

The solution on the Internet is that since Oracle says they will not fix this, you have to manually put in the Garbage Collection code yourself to clear it out if you touch this class. CA has informed us they will be adding this fix into a not-so-distant future CR. As of Feb 2012, it's not GA yet.

BUT, you don't have to wait for CA to release the CR that will fix this, you can fix this now in Siteminder yourself as long as you are not using the features below.

In Siteminder the two classes that are touching the leaky Java code are -

class com.netegrity.policyserver.requester.
FederationAttributeResolver$FederationAttributeVariableThreadGroup

class com.netegrity.scriptevaluation.scriptactiveexpression.
WebServiceVariableResolver$WebServiceVariableThreadGroup

These two classes are part of the Option Pack and would only be enabled if you are using Java code for any active expressions or outside processing. If you are not doing either then you should be OK. By default the 3 classes in the properties file are enabled. Even though we are not using the Web Service or Federation variables, the class initializes the leaky Java class on startup. In our case we were only using Static User Context variables and to resolve the leak, we just had to comment out the other two classes.

Here the file that should be changed in order to resolve this memory leak

C:\Program Files\CA\siteminder\config\properties\scriptActiveExpConfig.properties.

Comment out 2 resolvers

WebServiceVariableResolver

FederationAttributeResolver

As soon as we did that we noticed a huge change in the internal processing of the Policy Server through Wily. Response times got faster, traffic was more efficient, and it has been over 2 weeks and we haven't touched the servers since.

End to end I spent 6 1/2 months tracking this problem which turned out to be a Java Memory Leak. In the end my environment is far more tuned and streamlined than any I have worked with in the past. We ripped everything from the OS to Siteminder apart a dozen or more times.

I have worked with big vendors all my career and CA once again showed to me that they are the most customer focused, solution driven vendor out there. If it wasn't for them I would still have my daily service recycles and no clue to why my super charged systems couldn't handle the traffic.

I can assure you my use of Java in the future will be heavily pulled back.

Hopefully this solution will help others out there that may be chasing a Siteminder performance issue and have no idea where it's coming from.

End of Line.

UPDATE 2/23/12 -
Additional Information from the Java GC.

Just wanted to add the snippet from Garbage Collector log that shows the delays in GC that was halting all Java threads.

2012-01-29T22:05:28.419-0500: 159635.785: [Full GC [PSYoungGen: 32K->0K(58112K)] [PSOldGen: 268600K->233429K(262208K)] 268632K->233429K(320320K) [PSPermGen: 5608K->5595K(16384K)], 13.2658978 secs] [Times: user=13.03 sys=0.14, real=13.27 secs]
Total time for which application threads were stopped: 13.3080858 seconds
2012-01-29T23:34:23.029-0500: 164970.402: [GC [PSYoungGen: 57376K->96K(57472K)] 300602K->243330K(319680K), 1.2167912 secs] [Times: user=1.25 sys=0.08, real=1.22 secs]
Total time for which application threads were stopped: 1.2173181 seconds
2012-01-29T23:38:34.716-0500: 165222.090: [GC [PSYoungGen: 47056K->96K(56128K)] 290770K->243818K(318336K), 1.3679557 secs] [Times: user=1.44 sys=0.11, real=1.38 secs]
Total time for which application threads were stopped: 1.3849995 seconds
Application time: 27.9614079 seconds
2012-01-29T23:39:04.060-0500: 165251.428: [GC [PSYoungGen: 56096K->176K(56704K)] 299818K->243926K(318912K), 1.0524796 secs] [Times: user=1.00 sys=0.19, real=1.05 secs]
Total time for which application threads were stopped: 1.0549411 seconds
Application time: 22.8069970 seconds
…
2012-01-30T01:06:19.372-0500: 170486.746: [GC [PSYoungGen: 50224K->96K(55488K)] 303207K->253079K(317696K), 5.5103140 secs] [Times: user=3.91 sys=0.31, real=5.52 secs]
Total time for which application threads were stopped: 5.5591853 seconds
Application time: 28.1509650 seconds
2012-01-30T01:06:53.044-0500: 170520.417: [GC [PSYoungGen: 55456K->96K(55616K)] 308439K->253099K(317824K), 0.1145933 secs] [Times: user=0.08 sys=0.09, real=0.13 secs]
Total time for which application threads were stopped: 0.1189481 seconds
Application time: 24.6126854 seconds
2012-01-30T01:07:17.779-0500: 170545.144: [GC [PSYoungGen: 55456K->48K(57984K)] 308459K->253071K(320192K), 0.0745779 secs] [Times: user=0.08 sys=0.00, real=0.08 secs]
Total time for which application threads were stopped: 0.0750492 seconds
Application time: 90.4199492 seconds
2012-01-30T01:08:48.529-0500: 170635.903: [GC [PSYoungGen: 57776K->80K(57856K)] 310799K->253127K(320064K), 34.3953746 secs] [Times: user=16.61 sys=5.58, real=34.42 secs]
Total time for which application threads were stopped: 34.6831882 seconds
Application time: 84.4596699 seconds
2012-01-30T01:10:47.482-0500: 170754.841: [GC [PSYoungGen: 57808K->48K(57920K)] 310855K->253111K(320128K), 5.5792954 secs] [Times: user=2.63 sys=1.88, real=5.61 secs]
Total time for which application threads were stopped: 5.8194036 seconds
Application time: 89.5306510 seconds
2012-01-30T01:12:22.794-0500: 170850.161: [GC [PSYoungGen: 57776K->176K(57920K)] 310839K->253407K(320128K), 2.3820469 secs] [Times: user=1.97 sys=0.01, real=2.39 secs]
Total time for which application threads were stopped: 2.4228286 seconds
Application time: 22.0421249 seconds

2012-01-30T01:54:14.372-0500: 173361.732: [Full GC [PSYoungGen: 128K->0K(45760K)] [PSOldGen: 258100K->258215K(286656K)] 258228K->258215K(332416K) [PSPermGen: 5598K->5598K(16384K)], 74.6088031 secs] [Times: user=62.50 sys=1.83, real=74.61 secs]
Total time for which application threads were stopped: 74.6484953 seconds

People come and go, business roles do not

2012-02-07T13:47:00.000-06:00

Granting access in IT is such a simple process, so easy in fact that too much access is generally given and over time that access is never taken away as it should be. IT access should be granted and managed on a Need To Have basis only. But this is rarely the case, why? Because getting to that level of management and process is too complicated and costly plus I trust my people. The ever expanding regulations and compliance standards are going to make your world a very uncomfortable place when penalties start to line up for not being able to get control of your own access processes. This is where Role Based Access comes in.

When I go into companies and talk about IAM, roles eventually come up but the conversation rarely gets beyond group management. Just because you have a good group management process does not mean you are doing role management. A group, whether it is an LDAP group or AD group, a group is just a container. That group may have a business definition like Accounts Receivable Group is the group for the Accounts Receivable Department. So what? Where is the role definition for those people in that group? A group should not determine who should be in it, a business role should be defined and managed to tell the user you need to be in that group.

Look at a VP's physical office. That office is a group. If you take the group management approach, all you need to do is be in that office to gain all the power of a VP. In the physical world that would never happen. In the physical world your Role within the company dictates your occupation in that VP office. You must have the VP title and all the business rights within to get into that office (group). I don't understand in IT why it's so difficult to apply the physical rules to the virtual assets.

The other problem most companies have is they are managing access too close to the individual. They are attaching a single person to what they need. What happens in that person leaves the company? That person may have accumulated all this special, unique access without proper tracking and the replacement now will have to figure out what they need. Roles eliminate this problem. Grant access based on the business role, then you don't have to worry about the person at the IT level. HR or the department worries about what people have what role which directly ties to a clearly defined matrix of access.

The other huge benefit that business roles get you is tremendous security and auditing improvements. With a role you know what access is granted and that rarely changes unless the business definition of that role changes. Also as a person moves around the company, their business role changes and along with that their access changes. In most companies the person who has been with the company the longest generally has the most access. Because in IT it is far easier to give than it is to take away. If you use Roles to grant access then you get closer to the Need to Have model. Get a promotion and you get new access and the access you had and don't need anymore goes away.

From a compliance standpoint there are already fundamental rules in place for roles and role conflict. The most obvious one is that a person who is in Accounts Receivables cannot have Accounts Payable too. If they did they could buy and receive on their own. Role management can help implement segregation of duty policies to ensure or at least audit if there are people that have conflicting access. Set the roles in contention with each other and enforce based on those policies, your access gets that much tighter.

As the world becomes more cloud enabled the need to get a grasp around identities and access across these wide ranging systems and applications is becoming more and more critical. From a virtual standpoint, creating a hard tack policy with the IT assets like companies already do with their brick and mortar assets will help significantly in getting to that coverage and visibility that will be demanded.

If you try to manage access for the people you will be chasing a constant moving target, managing with roles and you are defined, clear, concise, and manageable.

End of Line.

Without Compliance Your Technology Is Worthless

2012-01-30T08:10:00.000-06:00

Thousands of laptops and mobile devices, hundreds of servers, applications with various levels of access, databases that hold critical information, and people moving around doing things in those systems. What are they doing? Do you know? Are you sure the users are doing only the things that they should be doing and nothing more? Are you able to say that your critical business data is safe, not accessed by unauthorized people, and have a report showing that? Just because you throw technology into your business to do awesome, cool things on the latest iPhone app means your responsibility ends there. With great power comes great responsibility, that responsibility is being compliant to regulations and common sense practices.

The scary thing is most companies are not.

The compliance I am talking about is not just the federal or industry regulations (FFIEC, PCI, HIPAA, EMEA, SOX, etc...) it's any and all compliance rules you need to meet. Depending on the size of your company you probably have a department just for Audit and Compliance, you may even have a C level officer for compliance. If not, you should. Compliance are the IT laws you should work by and if you think you are too small or don't deal with enough people to put any time and money into it then here's exactly what you are saying.... "I value you as a customer, but not your data."

At the end of the day business interests and integrity MUST take precedence over an individual's inconvenience around compliance guidelines. All it takes one public breach and you won't have to worry about either any more.

The threat of severe damage to your company, the industry and potentially national security is what's at stake. Don't think it's not. Image what would happen to the country if Mastercard or Visa had their core databases compromised and every single card holder's debt, credit, and personal information was taken. Used in the right way it could cripple the national financial system. It may be an extreme case, but your company by itself can be shut down just by a viral Twitter run of your breach.

Compliance is there to help everyone. It may be a pain in the butt and expensive to implement but it's not anyone's fault but your own if you do not take that into account in your project or department's budget. This should not be an optional feature but a required line item.

Reporting, certifications, attestations, applied business rules directly into your access systems, real time log analytics, segregation of duties, encrypted communications, password expirations, multi-factor authentications, approval workflows, and so on. All things that seem like common sense but are passed over and not implemented time and time again and year after year companies big and small fail audits and never fix these.

I actually know a company that does not use encrypted communications behind their firewalls, LDAPS, HTTPS, etc... the answer I heard was this - "Too much processing overhead". True story. As ridiculous as that answer is, they are leaving themselves open to a world of hurt if their perimeters are compromised, or an employee gets disgruntled.

The business needs to have that complete picture of what's going on. Accounting has a record and knows where every penny is, why not the same focus on the bytes?

When it comes to tracking the people, the largest threat to your company, an full Identity and Access Management system is required. You may start small, but your end goal is the same. To allow the business that single user view of who they are, what they did, what they tried to do, when they did it, and who approved them to do those things. Making sure your IT infrastructure is protected and locked down will complete the primary requirements of most compliance requirements. It seems so simple, yet knowing who has access and where they are eludes so many companies it's scary.

Compliance can be ignored and half-assed only for so long. It would not surprise me that in the near future if a company of significant size has a massive, damaging breach that regulations would be changed that would shut down your business until you meet the requirements. No more extensions, increasing fines, years of second chances. You get a warning, a timeline to fix it, and if you do not you are shut down until you do.

It's only a matter of time before the federal regulators step in and protect your user's data if you do not.

End of Line.

Personal trust is the biggest threat in and of itself

2012-01-24T20:16:00.000-06:00

Information security is all about trust. Who do you trust? For the true security guru the answer is no one. You can trust no one and shouldn't try to.

Person to person trust is the biggest threat to a company in and of itself. If it wasn't there wouldn't be a Data Loss Prevention (DLP) market, there would be no access management systems, there would be no need for encryption, passwords or tokens. Yet, inside the walls of the company hard security practices go to the side for personal trust of the employees.

It seems that once someone gets inside the company and receives a paycheck that they are one of you. If you are thinking that way then don't be surprised when your data is gone either stolen or destroyed when that user gets disgruntled. It doesn't have to be malicious activity either for a user to abuse their access. Except in the IT world, the business data is a little more valuable than a ream of printer paper or a box of pens someone takes from the supply cabinet.

In some places I have been in and seen the level of access given to a wide range of people without proper checks or justifications is astounding. It really is surprising that there are not more major data breaches, maybe there are just never detected and people's information is being sold silently. Companies focus so much on protection from the big bad Internet and external Chinese or Russian attacks and as a result their internal security processes and measures are where the real holes are. But the management trusts the employees are doing the right thing, but are they? Can you trust every single person on your payroll? If not, why have you not tightened the security from the inside as you do externally.

One good example I use to put things into perspective came from a place I was in once. To get into the building you needed to go through a security background check, including bonding by the Department of Homeland Security, get your picture taken and put on a card, a hand scan, and fill out paperwork to all the floors and data center rooms I needed access to. Excellent physical safe guards.

When I hit the server room, where a thousand servers sat, there were no locked racks and the admins could access every system as root/Administrator. No checks, no restrictions, free reign. Millions of dollars in the building locks, not so much on the IT locks for the internal. A few thumb drives, a database export, and the entire customer base walks out the door to the highest bidder. All because they trusted the people that made it through the doors and trusted the non-employees that were escorted back there.

One last story about trust and a company that didn't trust any of its employees. I had a contractor working for me a few years back. He was brought in and given the normal access, all checked and verified. About two months in he started doing odd things with the code, hooking our two environments together that didn't share data or users, had odd authentication steps that made no sense. Things like that, we confronted him on it and removed it. Then one day I get a call from my manager asking me to get to the datacenter and escort this guy off the premises immediately. Turns out, this guy took a high powered WiFi Access Point and plugged it into the corporate, internal network. It was broadcasting a powerful signal that could be picked up a full city block away. That access point was attached to the bottom of his desk, way in the back. He exposed the entire network for reason unknown. Had the company not been paranoid about wifi access they never would have had the detection stations all over the building that could triangulate where the broadcast was coming from. Had we trusted the guy like other companies trust their workers, who knows what damage or data would have been stolen. Why would somebody do that?

Think about it next time you grant admin rights to someone, can I really trust this person?

End of Line.

Self-Service removes the man in the middle

2012-01-23T13:48:00.001-06:00

Identity and Access Management projects are mostly looked at by the business and management as an automation solution, which it is, but why are you automating and what else is the business gaining outside convienences? One of the biggest cost savings aspect that doesn't get as much focus as it should in an Identity and Access Management program is self service. Self service is enabling the users to manage their identity and accounts. However, when you say self service what is the function that comes to your mind? Password reset right? That seems to be the only part of self service that people focus on because it's the easiest to comprehend and sell. But like provisioning, password reset capability is one piece of an overall self service strategy.

Self service should be built to allow as much ability of the user's to manage their information as possible. Password resets, account unlocks, access requests to applications, vacation schedules for out of office delegations, workflow approvals, reporting, attestations, and so on... Build your business into the Identity Lifecycle Systems and enable as far as you can. Your processes don't change that often and can easily be automated and streamlined. When you do that it's easier to track the progress, see the slow down in the queue, remove the eyes that can see sensitive data. If Identity and Access Management is a train, Self Service is the passenger stations along the track. The easier it is to get on and off the more it will be used.

Self service provides a significant security advantage and protection for the business because it removes the need for a man in the middle to process the request. A good example is a business that has a call center to handle account locks. The user calls a call center that is usually staffed by part time, low cost employees and you provide your sensitive data and they either give you a new temp password over the phone or it's emailed to you. It takes time for two people to process the request and there is a security gap of a middle man knowing your account status, probably what the temp password to access your account is, and there is lots of room of human error. I personally know of a company that uses the same generic password for ALL password resets for EVERYONE. Why? Because it's easy. Think about it, all your employees are having the same password when they reset, from executives to contractors.

It takes the business and project leaders to talk about the benefits that go outside the box of the obvious user enablement and automation of password resets.

End of Line.

IAM is to enable the business, not make IT's life easier

2012-01-16T08:57:00.003-06:00

IT Guys

Identity and Access Management (IAM) is one of the most critical security functions you have in your business. Even if you do not have a set of tools designed for it, you are and have been always practicing it. Since you put in your first computer you had a process to get people to access it. It may not be a detailed process, but it is a process. As the technology world is accelerating the evolution to a virtual/cloud based deployments, controlling access and knowing who is accessing your systems are getting more critical.

However, Identity and Access Mananagement projects often fail and fail hard. It's not because of the technologies chosen, how many applications you have, how complex your data is. They fail because the project itself is not internally advertised properly to get the sponsorship, full support and focus that it needs. If it's left in the hands of IT, it doesn't get very far. In fact, the most successful IAM implementations and one of the most mature I know about was actually driven and controlled out of HR not IT. IT manged the technology and 'kept the lights on' but HR drove the implementation.

IAM is heavily technological in nature but the success of the solution is 100% on the business. You can put the best and greatest into your environment but without a business purpose or business created plan it's not going to go anywhere beyond 20% of the ultimate goal. That failure is that the decision makers and check writers are not presented with what IAM really is, instead they see a few million dollars being spent to make the IT guys life easier through automation. Too many people focus on the workload aspect of Identity Management provisioning rather on what provisioning really is meant for.

"Why would I spend $2 million so those geeks down on the 6th floor don't have to manually create accounts? It works today just fine, they just want to be more lazy."

Right? Heard something like that before? Said something like that before?

When I have conversations or hear people talking about their IAM projects I listen to see if they talk more about provisioning and most don't, the stop there, some even call their IAM project the Provisioning project. I have blogged about this disconnect before but I am seeing it more and more that IAM is getting a reduced focus because the business enabling benefits are getting missed.

Here's a script to provision into AD. Save yourself a few bucks if that's all you are going to do is provision.
==================

Option Explicit
Dim strUser
Dim objRootLDAP, objContainer, objNewUser
strUser = "ProvisionedUser1"

' Bind to Active Directory, Users container.
Set objRootLDAP = GetObject("LDAP://ActiveDirectoryServer")
Set objContainer = GetObject("LDAP://cn=Users," & _
objRootLDAP.Get("defaultNamingContext"))

' Build the actual User.
Set objNewUser = objContainer.Create("User", "cn=" & strUser)
objNewUser.Put "sAMAccountName", strUser
objNewUser.SetInfo

WScript.Quit

===================

If you want to be successful in an IAM implementation there here are the things you need to figure out long before you worry about the act of provisioning.

Who are your business partners? HR, Management, Audit & Compliance, Info Security, Application Developers, Business Analysts. These are your primary benefactors from a mature IAM system, IT is not listed here.
What are the business rules? Your business functions in a specific way, you have an organizational structure, use unique decision matrix, want your information flow to be a certain way. IT does not know this in detail and probably don't care what the business does outside their world.
Compliance requirements? Depending on what type of business you have, chances are you need to meet increasing external compliance requirements. What part of the business has to meet that? What information is needed? IT makes sure that the data is there and available but they are usually not data users for compliance, just deliver.
What are the business operational costs? Help desks, paper, time (waiting for the process), compliance failures, reporting, and so on. Does IT know about these costs or do they care?

The act of provisioning should be one of the last things you worry about. Any tool set that leads with how many directories they can create accounts in should be looked at with a raised eyebrow. There are tons of programs out there that can create accounts. So What?

Identity and Access Management is not about how automated you can create objects, it's all about how your can apply your business functionality to manage them. Taking your how your business works and automate that to to increase processing times, harden security, gain real time reporting, put in automatic rule enforcement for access (People in Accounts Receivable cannot have the same access as Accounts Payable) is what IAM is about. In addition, a well defined IAM system can be used for managing physical assets as well as accounts. Cell phones, desk phones, building access cards, and so on.

Where did I mention provisioning in that description? Provisioning is about 20% of an entire IAM project, if that's how it's sold to the business that's how far you will get and miss 80% of the enabling, cost saving reasons on why you need IAM in the first place.

End of Line.

Too Much Maintenance, Too Little Advancement

2012-01-12T09:14:00.000-06:00

Technology requires tender loving care, much like you car. It needs to be tuned, cleaned, trimmed, refreshed, updated, sometimes replace parts, and keep it running efficiently. We in the IT industry call that maintenance. However, unlike a car, your technology's maintenance can be dependent on how you have your things setup and end up building your self a maintenance nightmare.

I was talking to a colleague of mine recently and we were reminiscing about prior environments we have had exposures to. As the stories came out we stumbled onto a common theme. The environments that were spending huge amounts of time on simple maintenance tasks or fighting problem fires were significantly behind others that were not doing those time consuming maintenance tasks. Everyone has to do maintenance, but not everyone is doing it is as efficiently as they could.

If you are in a situation where you are trying to meet your annual goals of technological advancement but keep missing them or never getting to them, ask yourself why? What is taking your time up at such a level as you cannot put time to update from SAML 1.0 to 2.0 or upgrade your core software to take advantage of new features or do some new code that adds new cool bells and whistles into the applications. All of those activities have business advancement opportunities or needs and they cannot be done if all you are doing is replacing the duct tape to plug the oil leaks.

Like your car, you should really be touching your IT in the same way. You put gas in it regularly (new apps, features, users, etc...), change the oil every 3 months (patches, updates), replace the battery and tires (major OS or software uplifts), vacuum it out every now and then (disk clean up), and replace the parts that break unexpectedly. These are the same tasks that everyone does everywhere. If you are in a situation where you are doing these things yet can't seem to find the time to advance the apps or technology then review the process.

Lots of companies use the industry analysts to check which technologies and vendors to use but they never use them or check with other companies how their operations actually work. If you are taking 3 weeks to prep for a small migration and you take 8 hours to do the actual work where the rest of the world takes 2 days and 30 min for the same exact task, then you have a problem. Not being able to advance the technology, most likely, is not a technological problem. It's internal process and procedures that were put in place to help the business that's actually hurting it.

Maintenance should be 10% of your IT life. No more. It's maintenance!!! By definition it's almost a non-event thing to do. Yet lots of people have project level time and efforts around things that should be routine. That's why you can't enjoy the benefits of the latest and greatest, not because of the tools in place but how they are build and ran.

Business is about business, doing more business, better business, cheaper business that makes you more money. Period. Why spend the time filling out paperwork to get reviewed before it's approved and signed off prior to the kick-off of a 30 minute patch? You just spent 5 days doing that instead of advancing. I am not saying process, checks and balances are important... they are. At what point do you get so over-saturated that those processes are so complex they no longer provide any value. The approval chains are so disconnected you no longer have any idea what changes went in last night or last week.

If maintenance and routine tasks are the majority of your development team's time, then it's time to take a look at everything around that task to find out why.

End of Line.

Back In The Saddle For 2012

2012-01-10T22:04:00.001-06:00

2012 started out busy. The day job has kept me on my toes with 2012 goals and objectives finalization activities. The various technologists that touch my environment with various levels of skill expertise have thrown a couple big outages my way, thank you very much. I have been working on the New Year health plan to target to run at least 3 5Ks this year. Everyday life, my Twitter and Blog have started to slip from my attention. So tonight I am working on post ideas and getting the ideas and content out.

Writing for a blog really can't be an everyday thing unless you do it for a money or don't have other responsibilities... or a 3 year old. So, I will be changing my blog writing style this year to take one or two days a week, an hour or two each day and write posts. Before I would think up an idea and write it, post it and do it over again. For my setup that's not as productive as it could be, I think I could crank out more posts this way. Only one way to figure out if it works is to try it out.

I am working on a few posts which I will get done this week so here's a tease on the titles. The first round are Identity and Access Management centric.

Too much maintenance, too little advancement
IAM is to enable the business, not make IT's life easier
Self-Service removes the man in the middle
Personal trust is the biggest threat in and of itself
People come and go, business roles do not
Do you know? Prove it right now.

Stay tuned.

End of Line.

The Hair Dryer Computer Fix

2012-01-02T17:17:00.002-06:00

I am the resident computer fixer for everyone I know it seems. At some point or another, no matter if it's a personal computer or corporate problem, people call me. Today was the most bizarre computer fix I have done and I have no idea why this worked but it did. This is my story...

Quick background my in-laws are at a technical level that they can turn on the light switch and know that it will make the light bulb light up. They will be the first to admit that too.

I got a call from my in-laws last night that their house had a brief power outage. They have had outages before, except this time their computer wouldn't turn back on. Everything else did but that. Over the phone I ran through the basic trouble shooting. Check the cable, see if there is a power switch on the back of the unit, unplug it from the power strip and plug it directly into the wall... all nothing. He kept saying he sees a green blinking light. I assumed it was the LAN card, but it had no power, odd. Anyway I had the day off today and I said I was going to head up there to check it out. Fearing a burnt out power supply or worse I had a feeling I was going to bring the unit home for surgery.

I arrive and sure enough no juice, not even a blip on the fans. Sure enough right underneath the power cable port there was a green LED light blinking. When you unplug the power cable it slowly faded out but it took about 30 seconds, so the power supply was holding a charge. I did the regular things, unplugged everything, checked all the seats, nothing. Before I was going to leave with it I had my trusty iPad with me and I hit the Google.

The power supply unit maker was a OEM mass production company, no website and the unit was in everything from HP, Dells, to homegrown. Luckily I found oodles of posts about this green light blinking. All signs pointed to a power supply failure and not the motherboard. I was in no mood to go to my computer parts stores looking for a 230W power supply from a computer I built for them in 2006. It was old and time and effort vs. money was not there for me to repair it.

I have never let a computer problem get me down so I kept reading to see if there was some way with household tools to crack open the power supply and de-charge it, flip a breaker out or something. Then I came across one entry in one forum that someone had posted and others tried and validated it worked. It was so simple yet crazy I gave it a shot.

Unplug everything from the computer except the power, keep it plugged into the wall and see the blinking green light. Take a hair dryer, hold it to the light and blow hot air on it for a few minutes. The post said after 3 to 5 minutes the light will go solid and everything will work fine. Yeah.... right.

I did it and the first round was 5 minutes and nothing. About 10 minutes passed and I tried it again, after 2 minutes the light went solid and bright. What!?!? I plugged everything back in and it fired up like nothing was wrong.

Ummm, OK.

I have looked and I can't find anything to what that green light is, what is hooked up to and why heating up the power supply makes it trip back to normal. I looked at my powers supply and I don't have an LED like that. I can only guess that that light it some kind of safety measure that blocks the primary power that the sudden loss of power tripped it. Heating it up 'tricks' it to go back or it melts something and allows it to work. There were many people that did the same thing and it worked for them, every time. I didn't find one post that tried it and it didn't work for this scenario. I just can't explain as to why.

So this goes down as the most strange and unexplained fix I have done.

End of Line.

P.S. - A laptop will be in their near future... and a backup.

Binary Blogger 2012 Tech Predictions

2012-01-01T09:00:00.001-06:00

It's that time of year again. Time for me to layout my ten tech predictions for the new year. 2012 is going to be a very exciting time for IT I see. In the realm of how the world does business there will be a hard and fast wave that may leave people behind and may cause a rift of those who can surf the wave and those that cannot. What I am referring to is the Cloud. The Cloud is not just a neat little offsite storage for your photos and music. From a corporation the Cloud could be a place where you can offload significant IT costs and provide the same services without all the overhead. There are a whole new set of challenges that come along with the Cloud but I am not going into get into Cloud technologies. My predictions for 2012 have many Cloud based themes.

Facebook will buy Yahoo - Facebook doesn't have what Google has, easy access to data. The partnership of Facebook and Yahoo recently is a sign that their partnership will grow into a marriage. Take Yahoo's current status as a company and some of the decisions that they have made in the past few years and Facebook taking them over makes sense. Yahoo and Facebook would make a one stop location for information consumption and sharing. They could take on Google Reader, Flipboard, and all the other RSS reader apps by having it all in one spot instead of hooking up via APIs or shared access.
Single Login/Account For the Internet - Today as I write this there is a bill going through the works with now knows as SOPA. This bill threatens all freedom we have on the Internet. I think SOPA will fail but will be reborn and focus on the accounts people use. Freedom to use whatever account you want and handle you choose will go under the attack. A new bill will require you to use your full, legal name for all activity on the Internet. No anonymity. Facebook will probably be at the center of the debate and a government verification using your SSN will be in the mix somewhere.
The WiiU will be a complete failure - Video games are the future. Call of Duty is a billion dollar franchise. Movies are losing to video games. Nintendo is not seeing this, their mentality around gaming may have worked 10 years ago, but that's not what people want. For a console people want something to fit into their home equipment, HD, big screens, big sound, details, epic games, and social interaction that is easy to use. The Wii was cool but I haven't played mine in months but I play my Xbox360 almost everyday. The WiiU and it's touch tablet controller won't be able to compete with the iPad and the games will not be the HD people want. The WiiU is lining up to be a monster failure.
Amazon will have an epic failure with their Cloud - Amazon runs more of the Internet's popular sites than you are aware. I have no doubt that there is redundancy built into their infrastructure but eventually you have to touch the perimiter components that are not as robust as they should be. I see Amazon having a glitch that will take down their service for a large amount of time that will spawn weeks of articles, posts, and conference keynotes that the Cloud is not ready or reliable.
Siri will be part of the next Apple OS - Apple will add Siri into every OS going forward for iPhone, iPad, Macs and the new Apple TV. Siri will be used for vocal dictation in document creation. Siri will be the start of the voice controlled Star Trek computing.
Apple TV will not use land line cable or satellite, Internet Only - The Apple TV is coming, I think it will be out in 2012. Much like apps, Apple wants TV to be what you want to watch. They will try to break down all the licensing junk and bring ala carte cable TV to your home. Content and who gets on board will be fun to watch but the Apple TV will use your home Internet and not a cable from your local cable company.
RIM continues its slow painful death into some equity purchase - RIM is dying if not dead already. They had their shot and missed at every attempt from either being too late or completely off the mark. They will get bought by an equity firm then sold off in pieces.
Corporations realize that they are exposed, break out the checkbooks - IT security spending and focus is a borderline joke in corporate America. CIOs, CEOs, VPs have not been focusing on security strongly enough over the past decade. Yet these decision makers are pushing for cloud integrations and Internet exposures with a lackluster security plan. The Crown Jewels of the company's IP is asking to get exposed in this Cloud era. Corporations will wise up and start to spend the money on IT security in a big way.
The Cloud will be a consumer and small company service - Big corporations will not commit to the Cloud idea. There is far too much critical data, security concerns, and regulation headaches that come with a Cloud approach. At the end of the day the cost, financial and business, to move things into the Cloud will exceed benefits recieved.
The World Will Not End On Dec. 21, 2012 - I have a 50/50 chance on this one.

Here you go.

End of Line.