With all the reports about blocked connections and such, the folks at Renesys have done their usual good and clear-headed analysis about what is working in terms of Internet routing into Iran in their post here. Unlike what has been reported in the general press, things aren’t as simple as a complete blackout, and there could be other reasons (such as a greater interest from the rest of the world) that is affecting the traffic patterns observed.
The Power of the Proxy
Proxy servers have been in the news as of late, both as a result of the Iran putative election and a new legal case where Microsoft is suing purveyors of advertising click fraud. I thought I would take you through what proxies are, how they can be used for both good and evil, and what all the fuss is about.
First, here is a little background. When you bring up your Web browser, you are asked how you want it to connect to the Internet. Most of us that have home PCs don’t use any proxy, and go out to the raw Internet without any fuss or bother. But enterprises that want to cut down on their bandwidth usage, improve performance and security, and have control over what their users see use them all the time. Each browser first checks and sees if the Web page that is being requested is on the proxy’s cache, or memory, and if so, it saves a few milliseconds or more by grabbing the page directly, without having to traverse the Internet at all. So proxies are often combined with caching servers to deliver the best combination of features and management. As far as the browsing user is concerned, all this happens without any notification, other than the pages seem to load quicker on their PCs. About the only configuration option is the IP address of the server, which is placed inside the browser options or network settings. And proxies are available for more than just Web protocols, although that is their most popular use case.
That is the good side of proxies. What about the evil side? Proxies are supposed to be for internal users of an enterprise, but if a hacker can find out the IP address of an internal proxy, they can gain access to lots of network resources. This was a common MO for the hacker Adrian Lamo, among others, and you still find corporations that haven’t locked their proxies down with the appropriate security. It is also possible for proxies to operate on a user’s PC without their knowledge, which is a common way botnets are created.
There are also proxies that are used to make your browsing history anonymous, which can be used for both good and evil; depending on what information you are trying to hide.
Now to the news. Microsoft filed suit in federal court yesterday against three people it claims were defrauding Internet advertisers by having automated programs mimic users clickstreams. They found the fraudulent activities by tracing the actions to two proxy servers. And once they blocked the particular IP addresses of the proxies, the fraudsters would simply alter them in a continual game of cat and mouse. The fraud involved is significant, and ClickForensics estimates that 14% of the total ad clickstream is faked.
http://www.nytimes.com/2009/06/16/business/media/16adco.html
When the Iranian government wanted to block Internet access, several private individuals from around the globe took it upon themselves to set up the open source proxy Squid (squid-cache.org) and other tools on their own networks to get around these blocks. They then publicized (via Twitter) the IP address of their Squid PCs so that anyone could connect to the open Internet, rather than be blocked. Of course, as the government learns of these addresses, they add them to their block list, so another cat and mouse game ensues.
(small self-promotion here) The news is very timely, indeed. I am off next week to work with Blue Coat on producing another of my screencast product review videos on their proxy and caching server line for my WebInformant.tv site. Let me know if you’d like me to do one of these for your product, they are a unique way to promote and explain a product.
Faster response times and Google’s Wave
For those of you that feel good about yourselves because you are IM’ing and Tweeting, your online life is about to get a whole more complicated thanks to Google. More on that in a moment, first let me set the stage.
I remember back in the day when many of us first got on email and we tried to do everything in it. When we tried to completely replace real-time phone calls and in-person meetings, it was an abject failure: you still needed that give-and-take. And many corporations that put up email support or customer response inboxes quickly found out that they needed to do more than just assign the inbound messages to a staffer: they actually had to respond with a meaningful answer. I remember an article that I wrote back in 2000 where I sent out a test email inquiry to 13 financial services firms and timed how long it took before I got a response. Some sent out automated responses quickly and followed with a more meaningful reply within an hour, some did worse. Ironically, one site where it was hard to find an email address now has one of the currently best self-service Web sites, USAA.com.
http://strom.com/pubwork/fintech2.html
Then came the era of Instant Messaging, and suddenly we didn’t have to worry about email response times because we could connect with someone in real time. Some firms got into IM in a big way, particularly to connect remote work teams. And parents found out that IM was another tool in their arsenal of trying to track down their teens’ whereabouts in those dicey after-school hours.
Lately everyone is talking Twitter, and that makes IM seem slow. Twitter and I are still getting used to each other, and I am still not sure that it will be tremendously useful to me in the long run. But it is sure fun to experiment with, and thanks to Bank of America being on it, I managed to save myself a bundle in overdraft fees about a month ago. But that is a story for another time. What I have found is that I am sending and receiving fewer IMs these days.
Some of the more interesting experiments in the Twittersphere have to do with aggregating Tweets from a variety of different sources. Take a look at scienceinthetriangle.org, a news site that reports on tech events in the Raleigh-Durham area that is the labor of love of a bunch of volunteers but is probably the best place to go to get up-to-the-minute news and blog posts in the area.
And then there is a new protocol and product coming from Google by way of Sydney Australia called Wave. It was announced a few weeks ago, and while I am still analyzing it, I can tell you that the near-instant response times that we get from our IMs isn’t going to be fast enough. What Wave does is similar to a product called Etherpad.com that allows for real-time collaborative composition of documents, but oh so much more. You can thread your conversations, add wiki-like tools to do joint editing, and add email notification and Twitter-like status streams all in a neat bundle. The 80-minute demo video is definitely worth watching, at least the first third, here:
http://wave.google.com/
But before you abandon all hope of every staying current with the latest Internet fad, let’s just go back to first principles for a moment and think about what your expectations of customer response times should be these days, and whether your company is coming anywhere close to fulfilling these expectations. With some people (such as my condo board), I have no expectations that I will get a timely response – that is just the type of folks that they are or they just aren’t that service-oriented. With others, such as my Tweets to Bank of America, a few hours to reply was better than anything that I have gotten from them. Previously, I had to wait on hold or in line down at my very busy local branch for at least 30 minutes. For other businesses, overnight is still a reasonable expectation.
What I am saying here is that before you scrap yet another response system, take a few days to conduct a census of your customer-facing staff and see exactly what they are delivering now. And maybe try to improve the human side of your response systems that have nothing to do with any underlying technology.
I have no doubt that Wave represents a new way of thinking about how to interact with each other and work together. And while it might be a while before we can actually touch the technology, in the meantime let’s not lose sight of how we work with our customers and give them the best possible service.
Using Tricipher’s MyOneLogin to authenticate Web resources
A single-sign on, two-factor authentication portal that is easy to setup and deploy for both internal and external Web and other resources.
Price: $30 per user per year subscription service (or $3/mo/user)
Requirements: Runs on Windows IE v6 and above, Firefox v3 on both Windows and Mac
We tested the service on a variety of browsers on both computers during June 2009.
Pros:
Simple to setup and deploy without any programming or security skills required
Hosted service, no software to install on the desktop
Powerful management controls for business users
Cons:
Reports and event logging somewhat difficult to parse
Doesn’t completely support Safari browsers
See my screencast video here for MyOneLogin.com
Tricipher Corp.
http://www.myonelogin.com/
650.376.8326
750 University Avenue
#260,
Los Gatos, CA 95032
How To Choose the Right Network Printer
One of the earliest uses for a network was to be able to share printers, back when printers cost as much as a small car. But as prices dropped on printers and GM goes into bankruptcy, there are still compelling reasons and plenty of different models to choose from.
As your business grows – assuming that at some point our economy is going to turn around – you need to reassess your printer fleet. You probably will be spending too much on desktop printers and can justify replacing a few of them with more expensive network printers, based on the operating cost savings. You can read more about this in my column in PC World here.
Using Tricipher’s MyOneLogin to protect your Web credentials
A single-sign on, two-factor authentication portal that is easy to setup and deploy for both internal and external Web and other resources.
Price: $30 per user per year subscription service (or $3/mo/user)
Requirements: Runs on Windows IE v6 and above, Firefox v3 on both Windows and Mac
We tested the service on a variety of browsers on both computers during June 2009.
Pros:
Simple to setup and deploy without any programming or security skills required
Hosted service, no software to install on the desktop
Powerful management controls for business users
Cons:
Reports and event logging somewhat difficult to parse
Doesn’t completely support Safari browsers
MyOneLogin.com
Tricipher Corp.
http://www.myonelogin.com/
650.376.8326
750 University Avenue
#260,
Los Gatos CA 95032
Ten things to help promote a successful tech center
I was fortunate enough to cover the annual convention of the International Association of Science Parks, held this year in Raleigh, N.C. The group is composed of a variety of people who operate industrial and technology “parks” like the granddaddy of them all, Research Triangle Park, which is located nearby.
I have been to RTP many times, mostly to visit IBM, which is the huge anchor tenant there and has 10,000 or so employees working there. Over the years this IBM facility has gone through many iterations – it was a key player in the early days of the PC, but that business was sold to Lenovo years ago.
What I took away from my meetings was a set of ten principles for people who want to establish their own future successful tech centers.
- Have a good source of university talent nearby. What made RTP work was its proximity to three great universities (hence the “triangle” in the name). Other science parks have figured this out but it is more than just being close by: you have to engage academia in interesting ways, and exploit cross-discipline work. One of the best examples of that is RTI International, a large mostly government-sponsored institution that is in RTP and has hundreds of research scientists that work jointly with the academics. “There is no one dominant industry here in RTP unlike Silicon Valley, and we have found that innovation occurs at the boundaries of various disciplines,” said one RTI manager to me.
- The ideal situation is to cross-pollinate ideas between entrepreneurs, academics, government, and established industry. At a science park in Berlin, they worked with two different universities, one that specialized in the arts and one in the sciences, to create joint research projects and to enhance each other’s graduate programs.
- Build community however you can. At RTP, there are softball leagues, golf games, bike paths, and various other events to try to get communities started and nurtured.
- Build in your legacy for the next generation of leaders. Some of the companies at RTP have been there close to 50 years. “We endure because we had the longer-term vision and knew that as the older generation retires or ages out, we needed new faces. We realized that no one group was going to get to finish RTP,” says Rick Weddle, the CEO of RTP. “We needed to reach consensus around a grand scheme and create a trans-generational leadership legacy to see this through.”
- You need a mix of big and small companies. Just like the best shopping malls, you want both big and small ventures to play off each other’s skills and needs. RTP has both, including three incubators that can handle the earliest of startups. “More jobs have come out of the smaller firms than out of the big companies put together,” said RTP’s Weddle. Since the 1970s, more than 1,500 RTP-grown startups have been created. That’s a lot of new jobs coming from someplace that was a bunch of “pig farms and tobacco fields” back in the 1950s, as one person put it.
- Eat your own dog food. In Brazil, a science park that was specializing in experimental construction technologies built a flexible building that demonstrated many of these technologies and was both a showroom and a proving ground for what they were trying to accomplish. I saw the same thing at TechColumbus where you could reconfigure office space by moving walls and other modules.
- Test, and retest and don’t be afraid to fail. The best parks are the result of serendipitous experiments, unplanned fortuitous circumstances, and other oddities. You can’t plan everything so try a lot of different approaches.
- Mixed use is essential. If you aren’t going to be in a center city, figure out what it will take to keep people near where they work. One of the things that RTP didn’t get right was nearby residential use, something that they are now building. People want to live near where they work. The ultimate example of this is at SAS, which isn’t inside RTP but nearby in its own office-park like setting. The CEO actually lives on campus. Too bad they didn’t think about housing for the rest of their staff.
- Have a liberal telecommuting policy in place early. At IBM in Raleigh nearly 40% of its staff telecommutes. They did this for a number of reasons, but it just makes good sense. And while it is harder for managers to cope with people when they aren’t there, if you are going to attract the best and brightest people, they don’t have to show up at their desk every day to get their jobs done.
- Have a mentoring plan in place early on. You want to exploit the learning and tutoring that happens in these highly intellectual environments. Hold seminars, encourage staffers to do community outreach, and in general get people talking to each other.
Markmonitor Brandjacking Report: Financial Services Abuse June 2009
In this edition of the Brandjacking Index, we look at the overall trends for exploits with four major financial services brands. As the economy has worsened over the past six months, we found that con artists have exploited consumers’ financial fears and uncertainties and rushed in to hijack well-known brands for their own profit. There has been a profound increase – 36% in one quarter — in the level of phishing attacks and cybersquatting abuse. More than 7,300 phony domains have been registered in the first quarter of 2009.
You can download the Brandjacking Index® – Spring 2009 report from MarkMonitor’s Web site here.
Computerworld: 3 e-mail encryption packages help businesses stay secure
You probably know by now that any e-mail that isn’t encrypted traverses the Internet in clear text that can easily be viewed with little skill and just some patience. So what are you doing to protect your company’s sensitive e-mail?
The right way is to encrypt e-mail messages in their entire path from sender to receiver. You also need to digitally sign them, to ensure that no one else has tampered with them in transit.
In today’s Computerworld, I review three solutions: Hush Communications’ Hushmail for Business, Voltage Security Inc.’s Voltage Secure Network and Connected Gateway and PGP Corp.’s Universal Server.
Top talkers on Twitter research
Research from the Harvard Business school has found that “the top 10% of prolific Twitter users accounted for over 90% of tweets. On a typical online social network, the top 10% of users account for 30% of all production. To put Twitter in perspective, consider an unlikely analogue – Wikipedia. There, the top 15% of the most prolific editors account for 90% of Wikipedia’s edits. In other words, the pattern of contributions on Twitter is more concentrated among the few top users than is the case on Wikipedia, even though Wikipedia is clearly not a communications tool. This implies that Twitter’s resembles more of a one-way, one-to-many publishing service more than a two-way, peer-to-peer communication network.”
I would like to see research that shows the relative utility of Twitter vs. social networks as the size of your followers/followed network increases. My thesis is that the bigger your Twittersphere, the less utility it has — the reverse I would think would be true of social networks.