Wednesday, September 8, 2010

Google apps marketplace - Security, Privacy

I like - it seems like a sweet app, a simple but good CRM/ Project Management application, and amazingly its FREE!
But is there always a catch?
Think about it.

It's a Customer Relationship Management application. That means you give it all kinds of private information, your contacts, your documents, your plans and the vendor doesn't even provide YOU with a mailing address and phone number on the website.  Hmmmm. But surely they are ok?

I mean... this is a Google Marketplace App... So the great and powerful Google must vet these folks, right?
Let us consult the oracle.
Sayeth Google:  " NO! "
You are solely responsible for any compromise or loss of data that may result from using a Marketplace should be cautious and install applications only from vendors that you trust.
Caveat Emptor! Sez the great and powerful Google!

Think about it.
If someone walked up to you on the street and asked for all of your email contacts, and the contents of all of your documents, and the phone numbers off of your cell phone, would you do it?

Tuesday, August 17, 2010

Higher Edu Ch ch ch changes - Anya Kamenetz

"There are people out there who are extremely talented and valuable, who don't have the resources to succeed in the current system. In a crass sense, they are undervalued talent. They're non-credentialed talent. Is there a way for them to prove their talent in order to succeed? ...  they're going to get hired by forward-looking companies who are going to underpay them because they don't have a credential, and then those companies are going to succeed wildly. So that's the opportunity that the Silicon Valley group sees. And I think that's going to be a growing opportunity until it evens out. "

The foundation of the value of higher education is institutional trust -- The institution prints paper we call "degrees." Just as paper money is backed by "the full faith and trust of the US government," degrees are backed by the full faith and trust of the institution.  A degree costs more than a piece of paper because of the public trust of the institution - its reputation. We trust that the institution has made sure that  students know enough before they graduate so that they won't go out and be an embarrassment to the institution -- Accrediting bodies police schools as well.  The system is necessary cause a lone individual has no way to show the world what they know or  have done. Oh, wait - what about the internet? What about blogs, videos, websites, etc...?

This is what I was talking about. A school certifies two things:
  1.  What knowledge, skills, abilities and accomplishments are "good" - i.e. important, useful, relevant, necessary
    1. In a particular field
    2. In general
  2. Who knows that stuff - or is smart/dedicated enough to learn that stuff.
Higher Ed is pretty close to losing its monopoly on 2) - I am not sure about 1).   

    Article about Anya Kamenetz here.
    Read a chapter of her book here

    Wednesday, April 21, 2010

    Just Ship It

    For fun I've been reading  interviews with Ward Cunningham.  (Inventor of Wikis, and a big influence on modern software development) He says:
      [so] much time is spent worrying about decisions that don't matter. To just be able to make a decision and see what happens is tremendously empowering... "
    He explains that it is easier and works better to have a plan for recovering from mistakes than to prevent them.

    Seth Godin talks about bypassing the lizard brain (deep seated fear of failure) through Just Shipping It.  (Whatever IT is)

    7 steps:

    1. Connect
    2. Be generous
    3. Make art
    4. Acknowledge the lizard
    5. Ship
    6. Fail
    7. Learn

    Now I guess I better get to work.

    Friday, April 2, 2010

    Open source collaboration, safety and enemy images

    Two guys who started the subversion project talk about how their community works. I guess they work for google now doing open source development.

    Enjoyed hearing about how they keep projects on track. After taking a semester-long course in project management, replete with all of the PMBOK high-falutin' language, I like the practical 'lessons-learned' wisdom here. Though the title and a part of the flavor of the presentation bothers me, "surviving poisonous people," the approach they describe is actually fairly flexible.

    "poisonous people" is a judgment. A poisonous person is a "thing" in your imagination. A scary thing. Immutable, fixed. An enemy.  And that is not useful. I'd prefer to think about "people patterns which threaten a project." (This is not as pithy as poisonous though)  Maybe they could call it poisonous patterns instead or dangerous patterns.

    To summarize what I understand :

    As open source software project leaders we are afraid of the threat of dissolution of our project, the frustration of our desire to make something awesome .  If this were to happen we would lose respect, maybe money, and the fun, inclusion, connection, and sense of competence we get from being part of the project community.

    We need safety to work well.  We are going to tell you about some  common dangerous people patterns which have threatened us and got us all distracted, frustrated and disconnected,  and how to keep the community safe from community death (falling apart).

    Groups do need freedom from distractions - e.g. too many ideas,  and/or  arguments, (What NVC might call needs for: "ease","harmony", "stability" "clarity" and "order") - But they also need to be open and welcoming to new ideas, new members to keep "alive" (needs=growth, stimulation, learning, spontaneity) -- and fair and collaborative in decision-making to survive...seems like a tall order to balance all of that!

    It thrills me to learn more about collaborative forms of software development - though I have been involved in evaluating, installing, configuring and using open source products for over 10 years -And have even done bug reports,  I have never contributed code to a project.

    The thing that thrills me is that if I can pull some of my enjoyment of group process, improv and Non-violent Communication practices together with my tech background   it would be lots of fun.

    Marshall Rosenberg (NVC founder) on  enemy images: - Hearing what people feel and need instead of what they "think" when they label you as a powerful technique to get to communication. Someone calls him a "murderer" (sees him as very poisonous) - he is able to get past that to communication.  His distinction between violence and protective use of force is very clear here.

    Saturday, March 27, 2010

    Amazon Cloud Computing: EC2 and EBS-Booties

    The Google  App Engine is a "cloud-based virtual hosting" platform. Pluses are: Free, no configuration necessary,  and cool tools. Minuses are: proprietary - you use what they have, not what they want. (ie. bigtable vs mysql) - lack of flexibility - i.e. you can't install a languge, or specific php libraries to play with them.

    We selected Amazon EC2 instead because we already knew and understood mysql, and we wanted to be able to install anything we wanted as the project developed because we were not sure in advance what tools would fit our needs - in fact as we worked we ended up writing non-http backend php/shell scripts to process xml files - which would have been more difficult without a command line interface.

    More than the usual number of Acronyms and terms in the Amazon Cloud. To wit:
    • AWS = Amazon Web Services - Amazon's various "cloud computing matter"e.g.:
    • EC2 =  Elastic Computing 2 "duh compute cloud" (Xen-based?) (presumably EC1 sucked?)
    • EBS =  Elastic Block Storage (Closet to keep bouncy blocks of permanent "disk" ;)
    • AMI = Amazon Machine Image = Similar to a VM Image. A "file" which contains an 'EC2' bootable image of a particular OS.
    • Instance =  When you "boot"  an AMI  that running image is an instance.
    • EBS-boot AMI = Traditionally instances evaporate without a trace when you terminate them, .i.e. any changes to the file systems are ephemeral.  EBS-boot AMI's are new and have two stop conditions. terminate (ephemeral) and stop (persistent) = So they behave more like a "real" machine, ie. storage(disk space) sticks around when you shut them down.
    Having fun doing a project in "duh cloud." I chose EC2 as opposed to a hosting service because I like having full root/admin access and being able to load or remove whatever packages we want instantly. Note that it is easy to get ssh access to your "instance".  Root access uses "keys" and it is pretty simple.

      Project: PHP/MySql Web application. I am using an EBS-boot LAMP server = This link is a good summary of LAMP install on EC2  - But it uses EBS for additional volume (not for boot/root volume).

    (I have to say that the term "Elastic Block Storage Boot" sounds more like goofy footwear you are ashamed to wear, so you keep it in a closet than a computing service)  ------>

    This is an intermittent project. So EBS-boot made sense because it allows us to just "stop = shutdown" the machine & not pay for compute, only storage, which is purty cheap.  I just grabbed the available Fedora 8 version which amazon has published. See this useful overview of EBS-boot.
    And nice Step-by-Step guide which I used.

    Next time I would probably try Ubuntu - I have no idea why Amazon uses Fedora and the version is so old.  Here is a link to information on ubuntu EC2 AMI with EBS-boot

    I also tried out Elasticfox - a Firefox plugin which allows you to do all kinds of things more easily than the AWS http console does.

    <--- (Long LOLcat seeks ElasticFox) 

    Pricing summary for small instance Elastic gob=  ~2Gb memory, 1 cpu, 160 GB disk limit.

    45 days use total includes 20 * 24 hrs + 25 days "off"

    EBS storage:    15 GB @ .10 per GB/month  = $1.50/mo
    CPU:      .085/hour x 24 hrs * 10 days  = ~ $20 *2 = $40
    "Elastic IP" (= static IP continues when you turn it off)
         = .24/day * 25 =  ~$5
    Data in = free ; Data out: est 10 Gb at  .15 per GB (first Gb free) = $1.40
     Total price =  $40 + $1.5 + $5 + $1.4 = approx $50 for 45 days "up" ~ 40% of the time.

    (And by the  way, yes "elastic gob" is a technical term - it's just my private technical term)

    Wednesday, March 24, 2010

    Lettuce in the Dish-rack

    Part 1

    A friend told me how "cute" and "funny" it is that I dry lettuce in the dish-rack. -- I had never really thought about it before.  It just seems sensible not to purchase one more piece of plastic  crap just to dry lettuce.

    I guess I enjoy creative reuse. That elegant  solution that jumps at you when you turn your head sideways. Iron-clad categories drive me crazy. Why let what someone else calls it limit your possibilities? Why can't it be a lettuce-rack?

    Part 2

    I found the above picture in Google images by searching: dry+lettuce+in+the+dish-rack
    It's the only real match. I don't know whether this is comforting or disturbing.  What does it mean when it's easier for me to get a picture of lettuce in a dish-rack from google images than to bother to take one myself?

    Monday, March 15, 2010

    A weasel in dog's clothing:online communities, trolls and sockpuppets

    It looks like I will be helping a small firm with their online social media presence a bit. I have been blogging since around 2004/2005 (and involved in all kinds of usenet/listserv communities since long before that.)

    I like this presentation on the "power of artifacts." Kim mentions that online conversation always produces an artifact.(i.e. a "thing" - a blog post, a discussion thread) and he discusses how powerful this can be.

    I don't like the fact that the presentation dies before the end and asks you to fill out a form to see the rest.  Annoying. Like a slap in the face with a wet sock. And speaking of socks...

    Kim also does not discuss what I consider to be THE big issue with building online community - Trust. On the internet no one knows you're a dog.  You could be a trolling sockpuppet - a weasel in dog's clothing.
    Building a community when participants are anonymous is difficult because one bad weasel can upset the applecart.   EG: Kathy Sierra death threats --very violent/sexual  and graphically illustrated threats  were made to a prominent professional blogger.  I remember the blogosphere discussion. Some bloggers fervently dissed Sierra's fearful reaction, and supported the "right to free speech" of the anonymous poster.

    The troll or sockpuppet can hit and run or  quietly insinuate -- engage in guerrilla warfare.  The anonymous troll wields asymmetric destructive power. He knows a lot about you. You don't know anything about him.

    Online communities are groovy but  also risky.

    Wednesday, March 10, 2010

    I will gladly play you Tuesday

    For a Hamburger today.

    I wish I had known about Kahn Academy when I was taking Financial Accounting and learning about Present Value and Net Present Value.

    The disruptive effects of the internet on Higher Ed have barely been felt yet.

    The main disruption of the internet is: Information.  The cost of  publishing and the cost of finding have both dropped dramatically. (Think e-journals vs browsing stacks. - Google vs card catalogs.)

    Higher Ed has held a virtual monopoly on the certification of quality knowledge. The institution's value lies in its ability to deem "What knowledge is good, real, useful and new" and "Who knows that stuff." That is why people pay so much for a MBA or PHD.

    This knowledge is still mostly handed down in personal interaction, classes, and to grad students (apprenticeships). But Universities will have to compete for students, and be forced to become more efficient as internet-based education continues to get better,cheaper, faster, stronger.

    Sunday, February 7, 2010

    Printing to Windows 7 printer from OSX 10.5

    Recently upgraded home machine which serves our printers / file shares from XP -> Win 7 Professional - after nasty spyware infection. (That's another story. I would just say - having a boot disk of Ubuntu to restore the registry was great - Since we did not have XP restore console, or restore XP boot disk) However, even after I was able to use kewl tools like  Malwarebytes and Counterspy and  Combofix to remove the vast majority of the crap (Along with a bit of Hijack this, and diligent observation with Process Explorer... Things were stable, but we  still did not trust the resulting system... Plus it was heavily loaded and sagging due to 6 years of built up cruft. Thus the move to Win 7.

    Post-upgrade, OS X machine would not print to Win7 direct connet printer, or browse shares on the Win7 box. A few things seemed to help fix this problem.
    • Re-share printer - less than 15 characters in share name, no blanks.
    • Edit Local policies->Security -> Network Security- set: 
      • "Send LM & NTLM -- use NTLMv2 session security if negotiated" and
      • Turn off "require 128 bit encryption"
    • In Win 7 Network sharing center
    • Make sure that OS X has the proper workgroup set in sys prefs -> network -> advanced -> wins
    • Reboot Windows 7

    Later I discovered that some had fixed the problem by sharing the printer from windows via lpd.  As obsessive as I am about figuring things out, I did not try this yet.

    Monday, January 4, 2010

    Messing around with Java & Eclipse

    I already had Java installed from Apple site I have latest version of Mac OS X 10.5 Leopard(10.5.8) with recent Java updates installed on a core 2 duo Mac.
    Need to run Java 6 EE with Eclipse EE version.

    Useful info:
    1. Make Java 1.6 the default Java execution environment: Run Java (in Finder -> Applications -> Utilities). I changed the Java versions to default to using Java 1.6 by drag Java SE 6 to the top of the application and applet lists.
    2. Which java version am I running?:  In a terminal window use: /usr/libexec/java_home
    3. When creating a Java project, Eclipse prompts for the desired JRE version in the new project dialog box. To ensure that Eclipse tracks the language differences between versions, also select the desired version in Preferences->Java->Compiler->Compiler compliance level to match your project.
    4. Use the 64-bit Cocoa version of Eclipse 3.5.1.
    Thanks to
    OTOH, see