Category: software

State and local government websites as wikis?

MontreatI'm intrigued by websites powered by wikis, where the content can be added, modified and deleted by the users of the site.  When the people who are affected by the quality and structure of the content presented have some control over that content, you sometimes have an opportunity to get more useful, relevant, current material than if the site is maintained by a small number of content administrators.

At Summersault, our entire company intranet is a wiki.  Anyone who works with us can edit the content on it, add new pages, delete stuff that they think is out of date or unhelpful, and so on - from small typo fixes to multi-page documents and images.  If someone makes a change that needs to be un-done, the wiki software lets us "roll it back" or otherwise incorporate only partial changes.  All of this gives us the opportunity to have an intranet "by and for" its users and our staff, instead of something built and maintained solely from a management point of view.

Wikis aren't appropriate for every kind of website, or even most kinds, but I've been thinking lately about what it would mean to have wikis power city, county and state government websites.

If these sites are primarily meant to be informational tools for use by the people who live in a given geographical region (and who are theoretically paying for the site's creation and maintenance), could governments give those people some control over the content on those resources?

Continue reading "State and local government websites as wikis?"

1Password alleviates the horrors of password management

1PMainWindowI come to you today a recovering password management hypocrite.

I have over 190 accounts and logins for which a password or PIN is a part of my access: website tools, online banking, social media, email, internal company tools at Summersault, and so on.  I used to pretend that I was maintaining the security of these accounts by having a reasonably strong set of passwords that I re-used across multiple sites, sometimes with variations that I thought made them less likely to be broken into if someone did happen to compromise one of my accounts.

But as I prepared to give a talk in December about email privacy and security issues, and really stepped back to look at my own password management scheme, I realized just how much pretending I'd been doing, and just how vulnerable I was making myself to the increasingly well-equipped and highly-automated attempts at compromising accounts, stealing identities and stealing funds that are being launched every day.  I went and tested some of my passwords at the Password Strength Checker, and I was ashamed.   The potential impact of this really hit home as I read Mat Honan's personal tale of woe and his follow-up piece Kill the Password in Wired magazine.  Add in Passwords Under Assault from ArsTechnica and you'll be shaking in your boots.

So I decided that I was not going to be that guy who goes around telling people about how vulnerable they are with their simplistic password schemes while quietly living a lie in my own password management scheme.  I might still be hacked some day, but I would not be found giving some teary-eyed interview to Oprah where I whined about how the pressure of the 190 accounts to manage just got to be too much and how I knew using a simple dictionary word plus a series of sequential numbers was wrong but I still didn't do the right thing.

That's when I found 1Password from AgileBits, a password management tool that alleviates the horrors of password management.

Continue reading "1Password alleviates the horrors of password management"

Replacing Notifo with Pushover

Two years ago I compared Notifo and Prowl as tools for sending custom push notifications to your mobile devices.  I ended up relying on Notifo quite a bit to send me mobile alerts about certain kinds of events that I might not otherwise notice right away - email messages from certain people, some kinds of calls or voicemails at my office, certain messages meant for me in the office chat room, etc.

(You might think all that alerting would get obnoxious, but having these notifications sent to me according to my preferences has meant I'm less likely to obsessively check email or other digital inboxes for something important I might be missing.  The good/important stuff gets to me fast, the rest waits for me to view it at my convenience.)

In September 2011, the creator of Notifo announced that he would be shutting down the service.  It's continued to mostly work since then without his intervention (a testament to the self-sufficient nature of what he created), but in the last few weeks I've seen increasing errors or delays in getting messages through, so I went in search of alternatives to Notifo.

Today I found Pushover, a really simple but elegantly done service that offers all the features I want.

Continue reading "Replacing Notifo with Pushover"

Are Wayne County's voting machines trustworthy?

Early voting is underway in Wayne County, Indiana.  Voters showing up at the polling stations will find themselves directed to the Hart InterCivic voting machines.

A 2007 study of these machines, initiated by the Ohio Secretary of State and conducted by Pennsylvania State University, the University of Pennsylvania, and WebWise Security, Inc. found that:

the Hart system lacks the technical protections necessary to guarantee
a trustworthy election under operational conditions...Virtually every
ballot, vote, election result, and audit log is forgeable or otherwise
manipulatable by an attacker with even brief access to the voting systems.

You can read a summary of the study or read the full 335-page report.

Review of CrashPlan for computer backups

I've been using the CrashPlan automatic backup system for my home computing devices for almost a year now, and I offer up this review.

Prior to using CrashPlan, I have to admit that my backup strategy for home computers left much to be desired.  Over the years I had tried various combinations of home-grown scripts and syncing tools that broke too easily or didn't offer enough flexibility in recovery, crusty third-party software that seemed to take hours to configure and then never quite did what I expected or didn't work with all the different devices I used, and even elegant tools like Apple's Time Machine backup system that still didn't offer me the off-site redundancy I wanted in case of physical catastrophe.

The end result was that my backups were happening infrequently, and in ways that did not necessarily guarantee the ability to restore what I would need in the event of a system failure or worse.  For someone who preaches the importance of backups to my friends, family and clients all day long, this was an embarrassing state of affairs. Then, one day a friend's laptop was stolen from his house, and as I listened to the stories of what was lost because of an incomplete backup and imagined what I would possibly lose if the same happened to me, I knew I needed to look for a better system.

That's when I found CrashPlan.

Continue reading "Review of CrashPlan for computer backups"

Initial thoughts on Google+

Google PlusI've had a few days to play around with Google's new social network offering, Google+, and I thought I'd share some initial thoughts.

First of all, kudos to Google for "going for it" in the Facebook era.  They're one of few players who actually has the resources and skill to make a serious go at a viable alternative to Facebook, and you've got to admire the effort.  If the success of the movie The Social Network tells us anything, it's that Facebook has become mainstream and popular, and as generations of younger people look for ways to establish their identity in the digital age, they'll be looking for alternatives to the place where their parents and now grandparents also hang out online.  By the same token, people of all ages and professions are trying to figure out just how to effectively and safely use Facebook, LinkedIn, Twitter and other social media tools in a world where we're being encouraged to blend our personal and professional lives together more publicly.

Is Google+ just the right thing at just the right time?

People are already writing about the high bar that Google+ will have to jump in order to see any significant migration of Facebook users, not the least of which is all the time people have invested in curating their lists of "friends" there.  Facebook is going to make it as difficult as possible for its users to do any kind of exporting of account information from their system, and I don't think Google is devious enough to launch an unauthorized workaround.  So people will be left to recreate their online identity on Google+, where the number of people you are connected to still largely drives your user experience.

Continue reading "Initial thoughts on Google+"

Notifo vs. Prowl for iPhone push notifications

Notifo : application de notification pour iPhone / iPad gratuite pour le push Twitter et d'autres servicesI asked on Twitter yesterday if anyone would like to compare the "Notifo" service to the "Prowl" application for handling push notifications to iPhone and other mobile devices.  No one answered, and so here's my brief rundown comparing the two.

If you don't already know about push notifications, a brief primer: they're basically just like text messages, except they can be routed/categorized in ways that make them useful to individual applications on your phone.  Instead of getting a generic SMS text message when someone DMs you on Twitter, you can instead use push notifications to have the Twitter app on your phone realize a new DM has come in and alert you according to your personal settings.   When you "view" a push notification, you can be taken to a web page or app that's relevant to its content.  Best part: the messages don't count against any text messaging limit (for now).

I started using Prowl about 9 months ago.  My three main uses were:

Continue reading "Notifo vs. Prowl for iPhone push notifications"

My YAPC::NA talk on framing and Perl

In June, a delegation from Summersault attended the YAPC::NA Perl Conference in Columbus, Ohio for a few days.  My second YAPC conference, it was an interesting experience full of inside jokes, engaging discussions, more inside jokes, and good food.

I was only scheduled to give one presentation ("How to talk, or not talk, to your clients about Perl") but after hearing some of the opening remarks at the conference that spent too much time and energy, IMHO, declaring that "Perl is not dead!" I signed up to give a new talk about possibilities for re-framing that sentiment.

You can view a video of the talk, or you can view my slides [PDF].

iPhone iOS4 IMAP mail syncing problems

Market musicianI offer this account of trying to address a known (and I would say, severe) bug in the iPhone 4 mail software, in case it's helpful to others:

Ever since I upgraded my iPhone to IOS4 (the latest version of the phone's operating system), the Mail application has been flaky when it comes to syncing mail messages via IMAP. Duplicate messages, empty/blank messages, messages dated 12/31/1969, messages that are deleted and then re-appear, and so on.

At first I thought it might be my phone hardware, which had been cursed from the beginning (a story for another time), but after that phone died and Apple replaced it with a brand new one with fresh firmware and settings, and it STILL happened, I was convinced it's the software on the phone.  Other people are having the same issue all over the place.  But it can be hard to make Apple believe this - said the Apple Genius Bar worker at the Apple Store in Chicago, "they're probably all just using the phone wrong."  Wha?

Continue reading "iPhone iOS4 IMAP mail syncing problems"

Unhelpful responses to cyberwarfare

State of the art blender powerA number of mainstream magazines and newspapers have recently published reports on the increasing threat of "cyberwarfare," the significant resources being devoted to fighting that "war" and what we're doing to protect the critical national asset that is our digital infrastructure.

Unfortunately, most of the responses (and the ones favored by the Obama administration) are focused on paying insanely large amounts of money to private contractors to create and deploy complex technological solutions in hopes of addressing the threat.

What advocates of this approach fail to appreciate is that (A) most of the actual threat comes from uneducated human operators of the technology in question, and (B) deploying homogeneous, technologically complex solutions often makes us more vulnerable, not less.

Continue reading "Unhelpful responses to cyberwarfare"