Archive for Misc

As I have been asked a few times (ethical hacking / Domino)

After the BP107 presentation “defending the perimeter” at IBM Connect, I have had a few (quite a few more than I would have expected) queries on if I would run the ethical hacking/domino workshop again.  The answer is the the typical answer of any consultant when asked if they would run a paid workshop again.

“Of course”

Just get in touch.  I have ran it at events and also on customer sites.  You just need to do the paperwork with my pimps.

Comments (2)

The future of mobile communication.

I remember when my mobile phone bill could have been calculated by the weight of the  posted invoice.  Any international road-warrior with requirements to provide support and be contactable has suffered extensively from roaming bills for calls and data.  I wince at the thoughts of how much I cost my company on the mobile phone for making and taking calls from anywhere,anytime.

This is starting to change.  Three.co.uk have made a brave move.

A few months ago I switched to the Three phone plan for my use from O2.  This includes the “feel at home” data roaming option.  Simply put, once I am in a country that is approved (including USA, ROI, Denmark, Sweden and m0re) I can happily data roam on my phone, or call the UK, all out of my normal plan.  No extra charges.  No selected networks.  Now my smart phone stays smart, without having to worry about the cost.  Hopefully other carriers follow.  IMG_1102

Comments (1)

A government bond site.. sending clear text passwords

A year ago, Tescos (US readers, think Walmart) got in a *lot* of hot water for sending clear, unencrypted passwords by email to customers.    When tech security hits mainstream press, you know you have screwed up (or been caught) big time.  With the haze of the holiday period disappearing, I plunged into my mailbox and noticed a couple of emails from an Irish Agency.  The irish government prize bonds agency.

prizebondsimage

It was real, from their real address with my online bond-tracking password in clear text.  Let’s put this in some level of perspective.  It is estimated (by end of 2010) that the total value of Irish prize bonds was estimated at €1.33 billion.  Over 1% of the country’s's national debt. (source).   Figuring something was up, I logged in and changed my password.  Then did a “forgotten password request” to get my new password sent to me, in clear text.

I emailed them querying this woeful security.  Some of the response.

I understand that you have received an e-mail containing a Bond Tracker password. I can confirm that this e-mail would have been sent from the Prize Bond website.

In the event you have not requested your  password we confirm from time to time this can happen and is usually the result of one of two possible scenarios.

1) A Bond Tracker user in logging on, makes a typing error which may result in the user name being wrong by one digit or letter. (this username will then be the same as yours). The password will then be rejected and the user requests that the forgotten password is e-mailed to them. As they’ve inadvertently logged on as you, the e-mail will be sent to your address.

2) From time to time you can get people who browse various websites and randomly try usernames to try and access details. If one of these people guessed your username, they could request your password. Again the password would only ever be sent to your e-mail address.

In both of these cases your password is only ever sent to your e-mail address. No one else receives it. Both of these scenarios are rare and of the two I would say it’s a case of someone accidentally keying in your username and then requesting the password, which they never receive.

In the event you have requested your password it will be sent directly to your email address which will contain your new password therefore to use when logging onto the Bond Tracker.

My follow on email explaining that the basic premise of the security model is terrible and do they understand that has as yet, remained unanswered.  For a basic site or free service to do this, it is poor.  For a company to do it, terrible.  For a multi billion government agency to do this, it is .. “fascinating”.

Comments (8)

So… 2013 happened

I best jump on the bandwagon of writing up an epitaph to 2013.  Of course, of the many blogs I read in various communities I know that mine will be mostly uninteresting in comparison, but sure here goes anyway.

In short, 2013 was defiantly a year where I felt “older”.  Some of this is related to actually not being as healthy as I used to be, and the rest was due to incidents and milestones.  It was a mixed bag of a year on a personal front.  Some good, some bad.  Technology wise, it most definitely was a year of transition.  But treating technology as simply “technology” reminds me that the problems and the people will always be the same.

January involved my seventh trip to Lotusphere (screwit – I’m sticking with that name).  Many other people put it a lot better than I did about the events of that week, but needless to say I have very vivid memories of certain things.  The rest was just an unimportant blur.  Sadly the vivid stuff still haunts.

In February, Gab Davis and I rewrote Connections101.net for version 4.  It took a few days and as ever Gab’s commitment and simple desire to educate people stuns me.  No hidden agenda, no bullshit.  She just wants to help everyone… anyone.  February also involved Kenneth’s funeral in Denmark.   After that, early March I managed to check a box and finally get to Australia, albeit for a very short trip.   However, Tony and I managed to squeeze in a lot and for once I travelled in style.  Auslug, and its organisers did themselves proud.  LCTY in Hamburg, BLUG and Madrid all quickly followed.

A highlight of the year was traveling to the Catalonia Moto GP  in June with my wife, Tony and Roy Holder.  A great break and I was hooked on race weekends instantly.  July and August was very busy with work, house hunting and study.  A week out for a holiday break in September just after the last UKLUG, which I rode to with Sean Cull and Simon Peek.  Good times.  Admincamp in Gelsenkirchen followed straight by a customer visit in Tampa (and visiting the Dolphin Hotel to meet up with Gab and Tim).  October, November and December went way too quickly, with many short trips and fortunately lots of work.

Lessons learned?  Quite a few on the professional side.  I screwed up once but also managed to pull off another project in a manner I’m proud of, so I consider that even (ok… I focus on the screwup but what did you expect).  On the professional/personal side I started to ignore people that drain energy.  No badness, just simply not trying to pander to folk as much as I used to.  One regret is taking this long to start doing that as it’s working out quite well!

2014 has many new projects on the horizon (two starting next week actually).  I have a suspicion that travel will be frequent in the coming year, but three personal projects are going to take priority over work.  One will be announced in about a month (get ready to put your hands in your pockets), the other two are kicking off soon.  The coming year is a game changer in many ways for me.  Hopefully 12 months from now it will have all worked out.

Leave a Comment

idiots

IDIOTS from BLR_VFX on Vimeo.

Leave a Comment

Its been a while…

Looking at my blog from time to time fills me with geek shame.  Of years past if we didn’t post for 2 weeks the next on the list began with an apology fully explaining absence  with evidence and justification.  Nowadays, it’s so different.  I don’t blog for the lack of news.  If anything, I (and fellow geeks) have been busier than ever (more on that in a bit).   One hundred years ago authors complained about the disappearance of long form letters and articles.  They would have wept looking at blog posts from the early noughties.  They would have positively barfed at twitter, facebook and “10 things… shite on buzzfeed now adopted by all major media sources.  Yes, TIME I am looking directly at you.  I post there because it is quick and convenient, and people that may have an interest may see what I say.  Blogs are a resource though.  Social media outlets are sentiment/statistical monitors.  Not, in my opinion a resource, or at least a resource easy to search.  Try to find anything on Twitter, Facebook, Chatter, Connections or Linkedin. Go on.  I will wait.

See?  Ok, point made.

I used to  link to good tech notes, as opposed to explaining the problem and solution better, granting Google the information it needs to easily help someone else.  Now its a “this is handy http://tinyurl…..).  Alas…

Work is mental.  I have not been this busy in years. Wearing different hats (Domino, Salesforce, Connections) has been very good to us in Bluewave.  Aside from that on many occasions I have just been asked to advise on technology as a whole, without products front and centre (Security, mobility, cloud).  Interesting stuff.  Additionally, I have been working with Christian and Gab on the Show and Tell Track for Connect14, although I sadly suspect it will be my last time.  I have been luckily enough to also be selected for a session on the Best Practice track too.  No, not adminblast, but something different.  Hopefully fun.

Defending the Perimeter. Protecting your Web Servers – Paul Mooney, Bluewave Technology

In order to defend, you need to know how people attack.  In this session, Paul Mooney takes you through his lessons learned from the techniques of internal or external disrupters and hackers,  their processes and goals when it comes to your web and smtp servers.  Introduce yourself to the methodologies and tools used in this world and how to protect your service and data

For anyone that has read my site, you will know I ran ethical hacking sessions over the past year.  Add one and one and you will get a 60 minute version of this session that will show you what bad people do, and some of how they do it.  I promise it will be fun.  I’m looking forward to presenting it and discussing the pros and cons at the bar afterwards.

Speaking of ethical hacking, I presented at DNUG last week in Frankfurt (thanks to Wee4IT) the day-long version of this session, and it seem’ed to go well. Also managed to bump into Volker Weber,  an excellent surprise.   I had also presented at the wonderful Admincamp a few months back.  Next week I travel to DANNOTES with Tony Holder.  I shall present Adminblast but return for as much a personal reason as business with Tony Holder, representing better people than us to pay respects to an even better person.  See you all at the bar.

Salesforce is going well, and the value of years in collaboration along with a growing technology is fascinating.  Meeting “new” customers is brilliant.  That said the IBM Collaboration work is out the frigging door!  Always amazed me with the Domino server.  ”It’s dead…. no THIS time it’s dead.  Nobody uses it anymore…  Everyone has an exit strategy”.

Try replacing it in a business.  See what happens.  If you are lucky and kept your smart staff,  you have a chance (Duffbert is prime example of this).  Usually this is not the case and we get called to pick up the pieces.

Travel on the whole has been manic, and I amazingly now have status on an airline.  It is mostly attributed by actual amount of flights, as opposed to getting the expensive seats.  The way a few things are going at the moment, travel may pick up in a big way over the coming months.  What else?

GSX have monitoring support for Traveler HA.  A very nice addition.  Go take a look.  Traveler 9 is very good.  Notes and iNotes9 is good.

Gab, Abb and I are trying to push mobug.  We still love the idea, but quite a bit of apathy in the area, which is not what I was expecting.  I need to focus on it more.

 

Connections 4.5 is an improvement as expected, but at the back end still needs work to make it easier to manage.  Gab and I are busy with some new ideas in this area.

I have a Pebble watch.  I like it.  I don’t love it, but I love the fact it is the start of something.   All watches will become smart to different levels in future.

I get out on the bike when I can.  But this time of year it is hard.  There are plans afoot for a big trip next year, and hands will be expected to be put in pockets…  Well, with that I best get back to work.  Servers restarted, vpn reconnected… back at it.  See you again, sooner next time I hope.

Leave a Comment

Bruce’s hair. An obituary

I first met Bruce’s hair in 2006, when he, his carrier and his wife started to talk to me at Lotusphere.  He knew me from some posts I did on Microsoft application analysis and wanted to talk about business and life in general.  From there on, Bruce’s hair helped me with session ideas, podcasts, dealing with storm’s in teacups and rallying the troops when needed.  Bruce’s hair, or his carrier never spoke code to me, as I don’t speak that lingo, but always spoke community, technology and strategy.  In a smart way.  Not a smug way – just a nice smart “how can everyone benefit and share the love way”.  I loved that.

In 2008 the hair came to Ireland (on it’s own coin) just to present at ILUG for me, which I will always be grateful for.  The hair presented on how it got stronger and better as people used Openntf.  And in the background the provisioning of Openntf had significant play in extending the life of the Domino platform.  The hair gave a professional podacast for many years with Julian Robichaux – I was asked to be on that a few times and muddled through, attempting to sound half as professional as these guys.

The hair worked in the murky depths of the community as much as the spotlight, organising, planning and settling disputes most people will never hear of.  He managed to keep a dysfunctional family moving.  Once a  year, he would instruct his carrier to sing Happy Birthday to me as loud as humanly possible over skype, always making me smile and regret that ever year I forget to record it.

The hair has managed to score a pretty outstanding wife.  Gayle is as much a part of this weird family as any of us.  She sits with geeks and does not fall asleep.  Amazing!

The hair has managed to run multiple businesses and jobs simultaneously, while keeping an upbeat attitude and always caring about everyone else.  He instructed his carrier to give outstanding sessions, and infuse enthusiasm in everyone in an instant.  It was only natural that a teaching position would follow and it is great to see him succeed.

After many years of steady decline, the hair has left us.  His carrier still shines as much as ever though and we will always be grateful to him!

Comments (3)

Why the new stuff?

A few pings this evening about Salesforce certification and queries as to why I was interested in that cloud service (or anything other than my usual stack).  I found myself answering the question differently depending on the way it was asked.   Over the past few years I have found myself working with Enterprise Vault, Connections, deep security work, Google Apps, mobility, MDM and MAM solutions and a lot more.  I appreciate that it gives the impression that I am not focussed on Lotus software anymore, but I don’t believe that is a reason.    I still love the Domino server.  I really do.  I still want to launch the Notes client out of a window.  I really do.  Anyway, my reasons for new things….

  • I try to learn something new to a technical level, including implementations, customisations and certifications every year.  Yes it’s tough as hell, but it keeps me on my toes for having to keep learning new things.  Our market is in a constant state of change.  It could get very easy for me to rest on my laurels on IBM Domino, as there is still work in that market.  Especially those that invest hard in becoming niche skill levels.
  • I dislike closed minds.  I also dislike blind following of one brand/software/company.  In my earlier years I was guilty of this.  Nowadays I really dislike someone being dismissive of other software/services unless they have a *very* good understanding of them.  All software is a compromise.  The more varied products and solutions I learn, the more that is obvious.  Also I become a lot more comfortable with discussing and comparing software fairly.
  • I don’t really believe in the “adapt or die” mentality.  But in change lies opportunity.
  • You can always draw on your knowledge in older products when learning newer ones.   You also can quickly make suggestions on new technologies based on experience and lessons learned with older ones.  I find it easier now to see products that will be successful.
  • All products have the same problem.  The business.  Sustainable products need to address problems.  Anything else is looking for a quick exit strategy with hype and buyouts.
  • People with 15 years+ of consultant-level business implementation experience may be dismissive of the massive advantage they have over newer technologies and “younger” consultants/products.  You have dealt with business people, shitty project managers, egos, politics, ridicule, people management, screwups, screwING up, software bugs, release management, change control (or lack of), shitty documentation etc for a long time. You have scars to prove it.  Add that knowledge, that is only learnt over time, to any product, be it new or old and you are a powerful force for a customer.
  • Middle management are the first against the wall when the recession arrives.  Keep skilled.

Update

Another reason that I should have mentioned

  • Skilling up in a growth technology is refreshing.  Not feeling like you are in a shrinking pond and meeting brand new names, new customers and new opportunities is a shot in your arm.   Also, dealing with software vendors proactively as opposed to screaming at them makes your day a lot easier.

Here endeth my opinion.  Yours may differ.

Comments (15)

Twitter starts gathering your private data for targeted advertisements

As per this boing boing article, Twitter is bringing in targeted advertising, which permits them to use your browsing history and other personal data to deliver targeted advertisements.  This is twitter going down the facebook road.  You are “opted-in” by default.  Go into your settings and uncheck to opt out.

twitterprivacy

Leave a Comment

There are worse places to have a beer

LondonStPaulsTaken here with friends at Lotusbeers on Monday night.

 

Leave a Comment