Jon DiPietro is Domesticating IT

Jon DiPietro

Create Your Badge

Facebook is a cloud with a huge silver lining

By now, you’ve heard all the hype about Facebook; how fast it’s growing, how vast its membership is, how much content is uploaded, how much time is “wasted”, etc…  But two things have happened this week that have really caused me stop and say, “Whoa.”  The reason?  It’s becoming clear to me that Facebook as a delivery mechanism for software applications is going to be a real game changer.

The “Whoa” Moments

The first moment was last week when it was well past the “old fogies’ bed time” and my wife, for some reason, was still down stairs.  I went down to see if there was a problem and discovered that she was in the middle of a strawberry harvest on Farmville and had to finish it.  The interesting point here is the years of jibes and ribbing I received when I was in the middle of a game and would report that I’d be at the dinner table after I finished “one more level.”  The tables had turned and this is actually an important business lesson.

The second moment was a couple of days ago when I found that one of my all-time favorite games, Civilization, is coming to Facebook next year.  Online gaming has been around for a long time, but this is different and significant.  Cooperative gaming has always been plagued by network issues that only geekiest gamers were equipped to handle, which greatly limited the addressable market.    Also, there was the infrastructure.  The game companies were forced to make massive investments in infrastructure (World of Warcraft) to host the games on their servers before they would really know if the games would take off. Many of the games on Facebook are small in scope and relatively simple.  To the best of my knowledge, Civilization is the first “mainstream” game with a large, fanatical following to jump on to Facebook and it’s going to be interesting to see what happens.

These two incidents together exemplify the true power of Facebook and every software company, and every business, needs to pay attention.  Here’s why.

Batteries Included

The first and most obvious benefit is the built in infrastructure of cloud computing in general.  Using Facebook’s development platform, you can write the software and use their servers.  Where Facebook is different from other cloud options is that their “infrastructure” includes built in networking capabilities like sharing, advertising, and inviting.  For the non-hardcore gamers in the audience, one of the things that we love to do is take screen shots of our successes and post them to forums and file sharing sites.  This is something that is done immediately and seamlessly on Facebook.

The Center for Disease Spreading

Viral marketing.  It’s a well known term and it’s something that has been studied, written about, and attempted time after time.  There are many theories and approaches to “going viral” but one thing is obvious; they need a medium to spread.  Facebook offers a built-in medium for spreading ideas and products virally.  Of course, the network is not enough to get something and that’s where the secret sauce comes into play.  Malcom Gladwell’s “Tipping Point” is the classic tome of viral messaging, but my personal favorite is “Made to Stick” by Dan and Chip Heath.

Crossing the Chasm

My wife never played a computer game in her life until last week.  In fact, she was down right hostile toward them.  How did she get started?  Our daughter Jacqueline sent her a request for help in Farmville and off she went.  At first blush, this may sound like a simple rehash of the built in viral marketing discussion, but it’s deeper and more important than that.  Her decision to start playing this game has its roots in a deep emotional connection with her child, something into which it’s very difficult to tap.  It demonstrates the platform’s ability to leverage the social connections between friends to get people to buy into things they otherwise never would have considered.

Don't underestimate the influence of pornography on "legitimate" business trends

They’re “Just Games”

Up to this point, you may be thinking this all well enough but they’re “just games” and don’t apply to my consumer product company, or magazine, or business to business service.  The first thing I will point out is that the influence of “entertainment” on technology is under appreciated.  And by “entertainment” I mean games and porn.

Seriously.  In the early days of the web, nothing drove the modem and data compression markets more than the pornography market.  Gaming pushed hardware and software limits to the max.  And let’s not forget the Beta versus VHS wars.  If you’re interested in more examples (come on, you know you are… it’s OK) you can check out “iSex: How pornography has revolutionised technology.”  The take way here is that any business can these entertainment trends as a crystal ball into the mainstream future.

Conclusion

This is the portion of our show where I put up or shut up.  Here are some glimpses into the future that I would be working toward if I were in any of these industries:

• Consumer Products Example: Nike is already half way there, but may have jumped the gun a bit with their Nike+ product line and web site.  I wouldn’t be surprised to see a Facebook app from Nike that allows people to upload their iPod data through a Facebook application and share it on their wall.  You could then create running networks where people compete with one another virtually by creating goals based on distance, time, etc…
• Publishing Example:  What if the Associate Press created an application that would allow friends to create their own “magazines” by simply grabbing posts, links, and photos from their walls to be assembled and published on their web site.  They could create their own branding and be indexed by search engines.
• Maintenance Business Example:  If I owned (or advised) a landscaping or home maintenance company, I would look into creating a Facebook application that allowed you to enter in the specifics of your home like region, grass species, lawn size, heating system type, etc…  The application could then build a maintenance plan with reminders and the occasional “special offer.”

That’s enough for now.  If you want more ideas than these, you’ll have to pay up… 

Or, feel free to propose your own Facebook game-changing application in the comments.

Continue Reading

We all know intuitively that it has never been easier or cheaper to do “x” than it is today.  In fact, statements like that are boring and pedestrian to the point that you may already be considering moving on to the next article. What if I told you it’s possible to build a web site today for $0 in one weekend that would likely have cost over $100,000 and taken several months just three years ago?

After launching the web site Truemors, entrepreneur Guy Kawasaki posted a presentation titled “How I Built a Web 2.0, User-Generated Content, Citizen Journalism, Long-Tail Social Media Site for $12,107.09.”  And he did so in 7.5 weeks. Closer to home, I received a RFP to build a web site for a local association on a Friday afternoon last year.  By Sunday morning I had the entire site built with nearly double the functionality that was included in the RFP.  These two anecdotes illustrate that it has never been easier or cheaper to build web sites, communicate, collaborate, reach out, or network.  In fact, almost all of the tools I’ll discuss in this article are FREE.

Domain Registration

The first step in leveraging these tools for your organization is not free, but it is very inexpensive.  In order to gain full leverage from many of these tools, it’s important that you own and control your own domain name.  Domain registrars can be found online and include services like GoDaddy, Register.com, and Network Solutions.  Depending upon the domain level type (i.e. com, net, org) the annual registration cost ranges between $10 and $15 per year.

Web Hosting

Next, you need to select a hosting service and it may or may not be through the same company that is your domain registrar.  Selecting a hosting provider should be done on the basis of a) the operating system you intend to use (i.e. Windows or Linux), b) any applications or frameworks you’ll be installing (e.g. WordPress, Drupal, DotNetNuke), and c) promotions that various companies may be running from time to time.  In most cases, you should not have to pay more than $4 to $8 dollars per month for shared hosting.

Content Management Systems (CMS)

Free, open source web content management systems have obliterated most of the barriers to entry that have existed from the early days of the web until very recently.  I typically use the analogy of an “instant web site – just add water” to describe them.  In fact, many hosts offer one-click installations of these frameworks as part of their service offering.  Most CMSs share the following benefits:

• Ability to manage content without web or programming skills – no more relying on web masters to make changes.
• They are FREE.
• They are powerful, flexible, and scalable.

They also share most if not all of the following characteristics:

• Template (or skin) driven layout and design
• Group-based security and membership support
• Easily modified content
• Web standards upgrades
• Third party extensions

The most popular open source CMS systems are DotNetNuke, WordPress, Drupal, and Joomla.  A comparison of these systems is beyond the scope of this article, but my take is that WordPress is the easiest to install and use, while the other three are more powerful and flexible with a longer learning curve.   Of the four, DotNetNuke is the only Windows-based CMS; the others are all LAMP (Linux/Apache/MySQL/PHP).

Google Apps

Google has a free service called Google Apps that provides a whole laundry list of FREE, powerful services including email, shared documents, shared calendar, shared contacts, web analytics, and more.  It’s quite easy to create an account and configure these services for your organization and they deliver powerful collaborative features.

Newsletters

Many organizations still send email newsletters to their customers or members using standard email.  This is dangerous for several reasons.  First, many of these home-made newsletters violate the Federal CAN-SPAM Act.  Second, if enough of these emails are sent you could be violating your Internet Service Provider’s terms of service.  In addition to these dangers, they also have several shortcomings compared to dedicated e-newsletter services like Vertical Response or Constant Contact, like the lack of advanced reporting and analytics or attractive HTML-format emails.  Plans start at $10 per month, but Vertical Response if FREE for non-profits.

Networking and Outreach

A full discussion of Social Networking is also outside of the scope of this article, but it bears mentioning.  Facebook recently introduced the “Fan Page” feature that is becoming more and more powerful as a tool for organizational outreach.  LinkedIn is a more professionally focused networking web site whose “Groups” feature is an effective means for connecting together groups of like-minded professionals.  There are many others that have their own virtues and vices associated with them, but they all have one thing in common; they are FREE.

How to Keep Up

The world is changing and although this article can get you started, the landscape is changing quickly an you will need tools to keep up on the latest trends.  Here are a few suggestions:

1.       Stay up to date by finding relevant blogs and reading them regularly, using an RSS reading tool to subscribe to news and blog feeds, and use social networking sites like Twitter and LinkedIn.

2.       Ask questions about current and emerging technologies.  Again, social networking sites are great for this particular approach.

3.       Spy on other organizations similar to yours.  What technologies are they using?  How are they leveraging social media?

4.       Network with others in your space.

5.       But DO NOT simply accept the status quo and keep following the same old plan.  Technology is always changing, so keep an ear to the ground and be a “heretic.”

Whatever you do, don't do this...

We’re Talking Techno-DIY

Leveraging these technologies is similar to a “do it yourself” project at home; you don’t need to be a plumber to replace a faucet, but you may not want to install a new sink yourself.  The trick is to find your comfort zone and ask for help when you’re outside of it.  The take-away from this article is that you should, at the very least, be aware of the vast array of low and NO cost technologies available to solve problems today and you should vigorously challenge the assumption that “more expensive is better.”

Continue Reading

This afternoon I presented “Introduction to Cybersecurity” to members of the New England Water Works Association in New Haven, CT.  The presentation focuses a recurring theme of this blog; no/low cost options for improving security.  This particular presentation focuses on the particular challenges faced with securing SCADA (Supervisory Control And Data Acquisition) systems.

During the presenation, I stressed the point that humans are the weakest link.  I wish it had occured to me to embed the following video of Kevin Mitnick demonstrating social engineering techniques:

Remember, people are the weakest link.

Continue Reading

Is cyber security a technology problem or a people problem?

Cyber security is complex, highly technical subject that is best left to the Asperger-nerd in the computer room battling against the pimply-faced hacker sucking down Mountain Dew in his mother’s basement, right?  It’s a cat and mouse game that pits the white hats against the black hats, the antivirus computer scientists against the hackers, right?  It’s certainly not the realm of the average small business owner, right?  Wrong, wrong, and wrong!

What if I told you that human error was more responsible for data breaches in 2008 than hacking?  What if I told you that hacking was third on the Identity Theft Resource Center’s (ITRC) categorized list of data loss methods?  The reality is that cyber security is a people problem first and a technology problem second.

More Awareness, Less Reliance

I’ve come to a remarkable, if not depressing realization in my information technology career.  Over the last 20 years of consulting, I’ve visited scores of clients in hundreds of facilities and I can easily count the number of times I was ever given any sort of cyber security orientation – exactly once.  I’ve walked into propped-open back doors of more manufacturing facilities than you can shake a stick at, and more often than not waltzed right up to a machine control panel, hooked up my laptop, and started pounding away at the keyboard while smiling and waving at trusting operators I had never before met in my life.  The realization is this; the vast majority of companies, large and small alike, is completely oblivious to the weakest link in the security chain; people.

The misperception that cyber security is all about technology is a serious mistake that is made by both small and large businesses.  The small businesses often believe that they are not sophisticated enough to employ their own cyber security programs and, therefore, either ignore it altogether or simply outsource it to an IT subcontractor.  The large businesses spend millions of dollars on intrusion prevention systems, biometric security, and other sophisticated technological countermeasures.

Hopefully by now I’ve made the point that cyber security is about much more than firewalls, Trojans, and keyboard loggers.  So without further delay, here is a list of five no-cost practices every organization can implement that will go a long way toward securing their data.

Use Passwords, Use Them Well

OK, show of hands… how many of you are rolling your eyes?  It sounds obvious, but password laziness and ignorance is still the number one vulnerability for computer systems.  I understand how painful it is these days to maintain all of the user names and passwords in our lives these days.  However, it is the world we live in and we must accept it and follow these bare minimum password practices:

• No shared passwords:  This is especially common in process automation where there are many users of the same machine.  Everyone must have their own unique user name and password.
• Complex passwords:  Use combinations of letters and numbers, preferably composed of one or more words that are not in the dictionary.  Why?  Read this article about Dictionary Attacks.
• Change passwords:  This is probably the most annoying of these three practices, and I confess that it aggravates me to have to do.  However, changing passwords periodically is one of the best ways to prevent misuse of a password that is unknowingly (or even deliberately) disclosed.

Utilize Automatic Updates

Unpatched operating systems and out of date virus definitions are like the gimpy prey of a flock; they are the first to be targeted by the hunter.  Many computer viruses and other exploits rely on software vulnerabilities that are typically patched within days or weeks.  However, it is not at all unusual for me to see network servers out of date by more than a year.  Another common problem is for antivirus subscriptions to expire, preventing the virus definitions from updating.

Clean House

Every program loaded on a computer is a potential vulnerability.  The fewer of them there are, the better.  A typical Windows PC has loads of “crap-ware” installed on them that can and should be removed using the Add/Remove Programs option in Control Panel.  Additionally, there are Windows Components (e.g. Messenger, Media Player) that should be removed if not used.  Finally, there are usually Windows Services running by default that are not used.  This particular cleanup is generally left to computer professionals, as it is not always obvious which of these is required and disabling the wrong service can lead to “unexpected behavior.”

Create Policies

There are many reasons for establishing written computer and internet policies for employees.  One, of course, is legal liability for the employer.  The other is (or at least should be) educational.  It’s not enough to write up these policies; they need to be presented and explained in an open environment to ensure that they are understood and appreciated.  These policies go far beyond telling users they can’t surf porn on the company’s computers.  They need to include things like proper care and usage of portable storage devices, remote access procedures and policies, e-mail policies, etc…  You can find a list of templates at the SANS Security Policy Project web site.

Protect Sensitive Information

Insiders and subcontractors are another major vulnerability and care must be taken to provide information necessary for them to do their jobs, but no more.  This is especially true of subcontractors, of which I am one, who are frequently given and/or create sensitive documents, diagrams, lists, and other data.  It is important to establish guidelines for its use to ensure that the information is handled with care and returned or disposed of when the job is complete.  As incredible as it sounds, a subcontractor published a complete schematic of Pearl Harbor Naval Base’s power monitoring control system in a white paper available publically on the Internet (I just checked and the information has apparently been removed).

The Bonus Round

What is the hacker’s #1 tool of the trade?  I’ll give you a hint; it has nothing to do with computers.  It’s called Social Engineering and you can read more of it in my blog, “The Hacker as a Magician.”

Feel free to share your own anecdotes and pearls of wisdom on the subject.  What are some of the head-shaking moments you’ve witnessed?  Are there any “doh!” moments you care to share?

Credits and citations:

• Office thief cartoon by michael molenda
• Mr Oblivious photo by San Diego Shooter
• Data breach report from “2008 Data Breach Totals Soar”, Jan 5, 2009, Identity Theft Resource Center

Continue Reading