Jon DiPietro is Domesticating IT

Weekly High Five lists the most interesting, compelling, and/or useful links of each week.

Weekly High Five lists the most interesting, compelling, and/or useful links of each week.  This week’s theme is “The Changing Face of Facebook,” but I’ve also included a bonus link from Chris Brogan.

#5: Federal Board Says Employees Shouldn’t Get Fired Over Facebook Posts

The National Labor Relations Board has filed suit against a Connecticut company for firing a worker who complained about her supervisor on Facebook. This will be an important case study to watch and will have implications for how wide or narrow employer social media policies can be.

Link: AllFacebook

#4: Livestream For Facebook Lets You DIY Live Stream Video On Fan Pages

More and more small businesses and sole proprietorships are using Facebook fan pages as free surrogates for a website. Depending on the business, they may or may not be able to get away with this. Either way, Facebook is continuing to chip away at the reasons why you can’t do this (see #3 below).

Link: TechCrunch

#3: Microsoft’s Docs Now Supports Facebook Groups

One of my web pet peeves is the lack of decent group collaboration tools available. Google Wave had promise, but was too complex and “weird” to catch on. With Ning euthanizing its free product, there is a rather large opening that Facebook seems to be moving toward. In addition to providing a means for communication and discussion, Facebook groups has now made it easier to share documents. Now all they need to do is add audio and/or video chat and they’ll really have something.

Link: AllFacebook

#2: Facebook’s Gmail Killer, Project Titan, Is Coming On Monday

This entire week has been abuzz with rumors that Facebook will be announcing its Gmail Killer on Monday. There have been lots of clues, leaks, reading between the lines, and it’s obvious some sort of email solution is on its way. But not everybody is on the same page about what they’ll be announcing (see #1 below).

Link: TechCrunch

#1: Why Facebook Probably Isn’t Launching an Email Service

This is a pretty thought-provoking article. It’s predominately a semantics argument about what exactly constitutes an “email” solution. The important aspect of this article is the discussion about the future of electronic communications. Many of us are aware of the fact that only about 11 percent of teenagers use email and many colleges have halted the practice of providing freshmen with “edu” email addresses. From my own anecdotal experience, I’ve watched my two teenage daughters shift much of their communication away from text messaging and toward Facebook instant messaging. My guess is that Facebook is grabbing onto that trend with both hands and rather than trying to kill Gmail, it’s looking to serve the users who aren’t using email at all.

Link: Fast Company

Bonus: Don’t Do This – Speaking

I think most speakers are guilty of this until they learn otherwise. But it’s still far too common, so I’m doing my part to wipe out this scourge by sharing this brilliantly simple doodle from Chris Brogan:

Don't Do This, from ChrisBrogan on Flickr

Link: Chris Brogan

Continue Reading

Weekly High Five lists the most interesting, compelling, and/or useful links of each week.

Today’s post is the first in a new weekly series that will be called “High Five,” in which I will list the five most interesting, compelling, and/or useful links from each week.  I know, it’s an annoyingly uncreative name but you’ll have to put with it.  I wasn’t simply being lazy; it was somewhat deliberate on my part.  The reason is that when you’re trying to build brand recognition (as I am here on DomesticatingIT), I think you can run the risk of being “too creative” in some cases.  Sometimes, giving something a quickly, easily recognizable name that augments your existing brand works too.

Having said that, on with the show…

The theme of this week’s High Five is “cautionary tales.”  Four of the five links are to stories or announcements regarding the effects of Web 2.0 on “traditional” means of communication.

#5: Shameless Self-promotion

The first link is a shameless self-promotion for the new DomesticatingIT fan page on Facebook.  But hopefully you’ll simply recognize this as practicing what I preach; Be Authentic, Relentless, and Everywhere.

http://twitter.com/domesticatingit/status/4835717315

#4: The End of the Email Era

This article generated a fair amount of chatter on Twitter.  While I do think the title of the Wall Street Journal article (Why Email No Longer Rules…) may overstate the case a bit for the sake of sensationalism, it makes an important point.  It’s also a point that I harp on in many of my social media presentations; the communication landscape is changing as anyone with teenage or college age children knows.  My daughters’ primary means of communication are text messaging and Facebook updates (in that order).

http://online.wsj.com/article/SB10001424052970203803904574431151489408372.html

#3: Judge: Cellphone Ringtones Are Not Concerts

I am fascinated by the recording industry’s ongoing declaration of war against its own customers and this article is an example of its unbridled arrogance and avarice.  What organization (other than our government) thinks it’s OK to charge people twice for the good or service?  Of course, there is that old adage about software development; “You pay us to put the bugs in, and you pay us to take the bugs out.”

http://www.wired.com/threatlevel/2009/10/judge-mobile-phone-ringtones-are-not-concerts/

#2: Google Wave Explained

This is a nice, short video that provides a simple (albeit abridged) explanation of just what Google Wave is.  I’ve just secured a Google Wave invitation and will surely be blogging about this in the future.  Be forewarned; this is a game changer and it deserves your attention.

http://holykaw.alltop.com/google-wave-explained-11?c=1

#1: ISA replaces annual expo with new knowledge-based event

This is an important article regardless of whether or not you have any interest in the International Society of Automation.   The ISA announced that it will be ending its trade show exhibition with an event more focused on “knowledge.”  I made my thoughts known on Gary Mintchell’s blog, so I won’t recount them right at this moment.  The more universal point here is that we are seeing another example of the Web 2.0 world imposing its will on traditional platforms for marketing, communication, and collaboration.

http://www.automationmag.com/200910132568/ma-content/industry-news/isa-replaces-annual-expo-with-new-knowledge-based-event.html

Feel free to provide your thoughts and/or contributions…

Continue Reading

This post is not about technology, so please indulge me my brief foray into motivational speaking. This post is about how we approach each opportunity, each day and either intend to win or not to fail because a) they are not necessarily the same thing and b) I’m not really even going to focus on the outcome.

Nashua Elks Little League

When I played Little League and Babe Ruth baseball as a kid, I was a lousy terrible hitter until literally the last few games of my unheralded career. The reason for the dramatic, albeit woefully late, conversion was actually very simple. For most of my childhood, I was terrified of striking out. I would break out into a cold sweat in the on deck circle and when I stepped into the batter’s box my entire mind set was focused on somehow finding a way not to strike out. I would watch most pitches go by hoping for a walk, making token attempts at swinging at pitches in the middle of the strike zone. The result was a few walks here and there and an occasional, miraculous hit. Then one day, a thought occurred to me. What if I went to the plate looking for a good pitch and actually trying to get a hit? Well, you can guess what happened. I went from pathetic to slightly above average overnight.

You might be thinking that next I’ll tell you how this event transformed me into a newer, more confident young adult and shaped me into the man I am today. You’d be wrong. The fact is that I apparently didn’t learn a darn thing because I’ve been approaching many of my business challenges the exact same way; playing not to lose instead of playing to win. I came to this realization a few days ago when I approached a challenge and decided I was going to knock the ball out of the park. And I did. I exceeded the customer’s expectations, which should be every business’s goal.

But as I said in the opening, this post isn’t about the outcome. Immediately after receiving thanks and praise from the customer for a job well done, and for no particular reason, I remembered my transformation in the batter’s box and started to wonder what would happen if every action I took, no matter how simple, was treated like an individual at-bat. What if I actually tried to get a hit every time I sent an email reply, or spoke with a customer, or wrote a new database stored procedure?

So that’s really what I’m writing about. Treating the dozens of relatively small acts we undertake every day with the same intent to visualize a positive outcome and knock the cover off of the ball. You will rack up a bunch of hits, a few strike outs and even some home runs so that, eventually, you end up with an impressive career batting average. After all, why do we play the game in the first place?

Continue Reading

Is cyber security a technology problem or a people problem?

Cyber security is complex, highly technical subject that is best left to the Asperger-nerd in the computer room battling against the pimply-faced hacker sucking down Mountain Dew in his mother’s basement, right?  It’s a cat and mouse game that pits the white hats against the black hats, the antivirus computer scientists against the hackers, right?  It’s certainly not the realm of the average small business owner, right?  Wrong, wrong, and wrong!

What if I told you that human error was more responsible for data breaches in 2008 than hacking?  What if I told you that hacking was third on the Identity Theft Resource Center’s (ITRC) categorized list of data loss methods?  The reality is that cyber security is a people problem first and a technology problem second.

More Awareness, Less Reliance

I’ve come to a remarkable, if not depressing realization in my information technology career.  Over the last 20 years of consulting, I’ve visited scores of clients in hundreds of facilities and I can easily count the number of times I was ever given any sort of cyber security orientation – exactly once.  I’ve walked into propped-open back doors of more manufacturing facilities than you can shake a stick at, and more often than not waltzed right up to a machine control panel, hooked up my laptop, and started pounding away at the keyboard while smiling and waving at trusting operators I had never before met in my life.  The realization is this; the vast majority of companies, large and small alike, is completely oblivious to the weakest link in the security chain; people.

The misperception that cyber security is all about technology is a serious mistake that is made by both small and large businesses.  The small businesses often believe that they are not sophisticated enough to employ their own cyber security programs and, therefore, either ignore it altogether or simply outsource it to an IT subcontractor.  The large businesses spend millions of dollars on intrusion prevention systems, biometric security, and other sophisticated technological countermeasures.

Hopefully by now I’ve made the point that cyber security is about much more than firewalls, Trojans, and keyboard loggers.  So without further delay, here is a list of five no-cost practices every organization can implement that will go a long way toward securing their data.

Use Passwords, Use Them Well

OK, show of hands… how many of you are rolling your eyes?  It sounds obvious, but password laziness and ignorance is still the number one vulnerability for computer systems.  I understand how painful it is these days to maintain all of the user names and passwords in our lives these days.  However, it is the world we live in and we must accept it and follow these bare minimum password practices:

• No shared passwords:  This is especially common in process automation where there are many users of the same machine.  Everyone must have their own unique user name and password.
• Complex passwords:  Use combinations of letters and numbers, preferably composed of one or more words that are not in the dictionary.  Why?  Read this article about Dictionary Attacks.
• Change passwords:  This is probably the most annoying of these three practices, and I confess that it aggravates me to have to do.  However, changing passwords periodically is one of the best ways to prevent misuse of a password that is unknowingly (or even deliberately) disclosed.

Utilize Automatic Updates

Unpatched operating systems and out of date virus definitions are like the gimpy prey of a flock; they are the first to be targeted by the hunter.  Many computer viruses and other exploits rely on software vulnerabilities that are typically patched within days or weeks.  However, it is not at all unusual for me to see network servers out of date by more than a year.  Another common problem is for antivirus subscriptions to expire, preventing the virus definitions from updating.

Clean House

Every program loaded on a computer is a potential vulnerability.  The fewer of them there are, the better.  A typical Windows PC has loads of “crap-ware” installed on them that can and should be removed using the Add/Remove Programs option in Control Panel.  Additionally, there are Windows Components (e.g. Messenger, Media Player) that should be removed if not used.  Finally, there are usually Windows Services running by default that are not used.  This particular cleanup is generally left to computer professionals, as it is not always obvious which of these is required and disabling the wrong service can lead to “unexpected behavior.”

Create Policies

There are many reasons for establishing written computer and internet policies for employees.  One, of course, is legal liability for the employer.  The other is (or at least should be) educational.  It’s not enough to write up these policies; they need to be presented and explained in an open environment to ensure that they are understood and appreciated.  These policies go far beyond telling users they can’t surf porn on the company’s computers.  They need to include things like proper care and usage of portable storage devices, remote access procedures and policies, e-mail policies, etc…  You can find a list of templates at the SANS Security Policy Project web site.

Protect Sensitive Information

Insiders and subcontractors are another major vulnerability and care must be taken to provide information necessary for them to do their jobs, but no more.  This is especially true of subcontractors, of which I am one, who are frequently given and/or create sensitive documents, diagrams, lists, and other data.  It is important to establish guidelines for its use to ensure that the information is handled with care and returned or disposed of when the job is complete.  As incredible as it sounds, a subcontractor published a complete schematic of Pearl Harbor Naval Base’s power monitoring control system in a white paper available publically on the Internet (I just checked and the information has apparently been removed).

The Bonus Round

What is the hacker’s #1 tool of the trade?  I’ll give you a hint; it has nothing to do with computers.  It’s called Social Engineering and you can read more of it in my blog, “The Hacker as a Magician.”

Feel free to share your own anecdotes and pearls of wisdom on the subject.  What are some of the head-shaking moments you’ve witnessed?  Are there any “doh!” moments you care to share?

Credits and citations:

• Office thief cartoon by michael molenda
• Mr Oblivious photo by San Diego Shooter
• Data breach report from “2008 Data Breach Totals Soar”, Jan 5, 2009, Identity Theft Resource Center

Continue Reading

To web, or not to web, that is the question. Whether ‘tis nobler in business to suffer the slings and arrows of outrageous consultant costs or to take arms against a sea of technological doubts, and by opposing, end them.

Since recently becoming active in the LinkedIn question and answer section, I’ve seen no fewer than four questions in the span of one week asking “Do small companies need a website?” and various derivatives thereof. Most of them were asked by incredulous marketing consultants who obviously run into prospects and clients who do not have one and/or don’t feel they are necessary. My $0.02 = they are as necessary as business cards, only cheaper!

Why!? Why!?
Before a discussion of exactly how quick, easy, and inexpensive it is to get a web site up and running, I can hear the “professionals” tearing clothing and ripping hair from their skulls as they scream, “Noooooo! But what about x, y, and z?!?!” Where x, y, and z represent any web design or marketing catch phrase you care to insert. I even saw one designer advise a small business owner to make sure that any designer they select does not use tables for web page layout, or they would be sorry! While there is sound theory behind this advice, it is precisely the sort of technological hyperbole and cart-before-the-horse advice that paralyzes small business owners. My short answer is, “All in due course.” But let’s get this beast domesticated right now with a little more detailed answer…

Stage 1: The Online Business Card
That sounds pretty simple, right? In this stage you expect no more from your website than you would from a business card; your company’s contact information and logo along with a quick blurb about what you do and/or what your mission is. The key thing about a business card is the “leave behind” aspect; that you can give it to someone for them to reference later on. Browser bookmarks are the Internet equivalent in this case. If I want to remember your company for some reason, I’ll slap a bookmark to your website in the appropriate category.

Stage 2: The Online Advertisement