Computer Security: Back to Basics

Posted on October 6, 2009 by Jacob Prystowsky

Computer security is a complex subject, and staying safe is no easy task. Paraphrasing a quote attributed to security analyst and cryptographer Bruce Schneier, the only secure computer in the world is unplugged, encased in concrete, and buried underground — and even that one might be vulnerable. This reality aside, it’s still important from time to time to review some of the basic steps of computer security.

Physical Security

A general rule of thumb is, once an attacker has physical access to your computer, the game is up. So be smart: Don’t let just anyone use your computer, and don’t leave it unattended in an insecure place. Even at home, you may not be completely safe. Is your screen visible through an outside window? Do you know and trust your neighbors? Has there been recent criminal activity near where you live? Who else in your house has access to your computer? Ask yourself these questions when evaluating your physical security.

Encryption

Treat any information that you store unencrypted on your computer as though it is going to be stolen. You probably wouldn’t care (as much) if someone took your grocery list or vacation photos, but tax returns, bank statements, account passwords, and confidential emails, to name just a few, are another matter altogether. As a rule of thumb, if you can’t stand to have it read by everyone, then make sure it can’t be read by anyone. (For a more thorough treatment of why cryptography is important and to get software recommendations, see “Nothing to hide? Hide it anyway.”)

Passwords

Actually, “password” is now anachronistic – “passphrase” is probably the better term, since short, simple words won’t cut it in this day and age. Good passphrases should be long (16 characters is not unreasonable), complicated (use upper- and lowercase letters, numbers, symbols, and whitespace), easy to remember, and, most importantly, hard to guess. Furthermore, you should use different passwords for different accounts (so that if one is compromised, the damage is contained), change them regularly, and not reveal them to anyone who you don’t implicitly trust.

These requirements are challenging to say the least, so a better solution is to let software pick – and remember! – your passwords for you. I like Keychain Access (built in) on Mac OS X and Password Safe (passwordsafe.sourceforge.net) for Windows.

Public Locations

It goes almost without saying that you need to be especially cautious when using your computer in public. If you’re somewhere where you wouldn’t feel comfortable thumbing through your wallet, you shouldn’t use your computer there, either. Be aware of who is around you, especially if they have a view of your screen or seem suspicious. Make sure that no one can shoulder surf as you’re typing.If you’re traveling, make sure you know where your computer is at all times. Never set it down and walk away from it in places like airports and train stations, even if it’s in a bag (thieves know what laptop bags look like).

If you use a public Internet connection (whether wired or wireless), treat everything you do online as though it is being intercepted and read. If you need to do anything sensitive, use encryption and a VPN if you have one. Avoid connecting to unknown Wi-Fi networks or those with suspicious names. If you are using VOIP or videoconferencing software, act as though your audio and video are being monitored. Make sure all your software, including the OS, is up to date, run antiviral and firewall software, and turn off features like file sharing and remote login before you go in public.

Be Cautious

It’s nearly impossible to cover every possible scenario, but, in a nutshell, think carefully before you act.

If you get an email asking for your personal or account information, it’s probably a scam. Similarly, if you’re asked to visit a website for an unexpected reason (for example, to preserve your account information), you should be extremely cautious – it’s almost never the case that this is legitimately needed. Don’t click on any suspicious links (which might take you to a phishing website). Instead, type in the company’s URL yourself to see if it’s legitimate. If you get a message and you’re not certain that it’s legitimate, don’t hesitate to call whatever company is supposedly contacting you or email them at a trusted address to find out if the email is a scam. And, of course, if you’re offered something that’s too good to be true – a large sum of money, a special business venture, a lottery winning, or something similar – it is almost certainly a fraud.

Outside of phishing emails, you should avoid visiting strange websites or downloading files (especially software) that you don’t recognize or that are from questionable sources. P2P file-sharing software is particularly likely as an attack vector for malware. If you are visiting a secure website and are told that there is an error with its certificate, that it is expired, or that it is signed by an unknown Certificate Authority, it’s always safer to cancel whatever you were doing than to continue on and risk being trapped in a MITM attack. And, of course, be sure regularly to update your OS and install, use, and keep up to date antiviral and firewall software.

Filed under: Technology | Tagged: , , , , | Leave a Comment »

Cincinnati accounting show live blog of “XBRL – the digital reporting frontier”

Posted on September 30, 2009 by Jacob Prystowsky

Only fifteen minutes until the session begins. We’ll be updating as things progress soon.

2:27: People are still coming in and we’re going to begin pretty soon.

2:34: Stands for extensible business language and is based on XML. Used to communicate business and financial info. Why use it? SEC and AICPA suggestion and also better than a spreadsheet or other clumsier and slower methods. More accurate… If the taxonomy etc is used properly. And it is faster and enables more frequent updates.

2:40: the taxonomy is code, can bee pulled from SEC website which enables standardization. Instance documents breaks down individual data. This technology is being used internationally already and is required in some places, e.g. China.

2:43: Software is in it’d infancy right now but will probably get better over time. Variety of in house uses probably also, such as live data analysis, that will push development. One thing to note, auditors aren’t required to have any involvement so companies are on their own. Another consideration, what are long term plans for it’s use? Chairman Cox said, long term point is to bring investors faster, easier, more accurate information.

2:48: SEC had been helping development since 2005 and taxonomy etc continues to evolve over time, even recently.

2:50: SEC will require tables, notes, schedules to be individually tagged. Software is immature right now but again will improve.

2:53: Quality of initial submissions varies right now. About 410 issuers submitted XBRL exhibits in July or August and 14% of issuers are using grace period now. From an outside perspective, how do companies post viewer so anyone can grab file? Something to think about. Common mistakes: applying wrong tag or applying it to blocks of data inappropriately, or not tagging parts of documents that need to be as per specs. So still room for growth out there.

3:02: XBRL has been extended more as well. Banking, real estate, utilities, manufacturing, media, and so on.

3:05: Why do issuers need to “get it right?” SEC will require it for one thing. Need to help investor end users get it properly as well. And getting things wrong does pose liabilities.

Filed under: Technology | Leave a Comment »

Google answers the call again

Posted on August 12, 2009 by Jacob Prystowsky

“We’re sorry, the party you are calling cannot be reached. At the tone, please leave a message. After you are done, stop speaking, then hang up, or press: Pound. To leave a callback number: Press. Five. To page this person: Press. Seven. At the tone, Eastern Standard Time Will Be: Eight. Forty. Five. And. Nine. Seconds. Now please: Listen. To. The. Party’s. Voicemail. Message. Thank you. (Beep.)” (OK, maybe that’s an exaggeration, but just barely.)

Sound familiar? If so, you’re probably like most cellphone-wielding Americans. Make you want to tear your hair out? You’re not alone. But have no fear: Google’s just entered the calling and voicemail market, with a beta caveat and pricetag of “free,” as usual, and they’re set to do to it the same thing Gmail did to web-based email providers and that Google itself did to search engines. First we had Google SMS. Then we had GOOG-411. Now we have Google Voice. The best way to experience Google Voice is to try it out yourself (invitation from Google required), but while you’re waiting for your invitation to join, we’ll break down just a few of the reasons that make those of us in the IT Department at OSCPA love it.

Where do you want to call from?

The fun starts at the registration page. Chances are, when you got your cell phone from $carrier (AT&T, Sprint, Verizon, etc. — pick your favorite), they gave you a random phone number, or at the very least, didn’t give you much say in what it was. Not so with Google Voice. While at the moment Google doesn’t allow you to transfer your current phone number to the service, they make up for this by letting you search for a number you want. That’s right: if you want a phone number in New York that contains the word “CODE,” you can do that (if one is available). If you want a number anywhere that has a “1776,” you can do that, too. Or if you’d just prefer to appear to be calling from Hawaii, Google’s got you covered (that would be area code 808, if you’re wondering).

Back to basics

Google, of course, offers all the “basic” features you would expect, all done with their traditional style and simplicity. When people call your Google Voice number, it will forward the call to any number of your choosing. In fact, it will forward it to as many different numbers of your choosing as you like, all at the same time, and it can be programmed to ring different phones depending on who’s calling. You can also choose to block certain people altogether, send some callers straight to voicemail, or even mark particularly annoying callers as spam (rumor has it that they receive a fictitious “number disconnected” message — at last, some competition for the TeleZapper). You can also require callers to say their name first (Google will ask you when you answer whether or not you want to take their call), particularly useful for numbers you don’t recognize. And you can set up several different voicemail greetings to play for different people.

For all of these features, you can set your preferences based on individual people or groups of people (e.g., you could decide that callers in the “Family” group ring all your phones, hear “Hi, please leave a message!” as their greeting, and don’t have to say their name first, while those in “Work” ring just your work number, hear “Hello, I’m not here right now, so please leave your name and the best time at which to call you back” as their greeting, and do have to say their name, and those in “Annoying” are just sent straight to voicemail, being told, of course, “I’m sorry, but I will be unavailable for the foreseeable future”).

Also — and this really does merit its own paragraph — Google Voice isn’t annoying. It doesn’t plague you with prerecorded messages telling you that you’re at a voicemail system and so you should leave your name and number after the beep (really, in 2009, does anyone not already know this?) or asking you whether or not you’d like to page the person you called. If you call in to check your voicemail, it doesn’t beat around the bush, telling you that the menus may have changed since yesterday and that you have: Twelve. New. Messages. And, everywhere, the menus are short, simple, and fast. No more waiting for thirty seconds just to hear how to erase a message. This is Google, after all.

Free calls, cheap calls, and call recording

Another great feature, although perhaps not as crucial since most people using Google Voice will probably use it with a mobile phone and not just a land line, is that you can make calls to any (continental) US number for free (caveat being that it still uses your cell phone minutes if you’re not on a land line). And if you’d rather talk to someone in Brazil, Russia, or Germany, you can call them too, and cheaply at that (at the time of writing, $0.04, $0.05, and $0.02 per minute, respectively). Google even gives you $0.10 right off the bat, just for signing up.

We should also mention that you can record calls to listen to later, although at the moment this is restricted only to incoming calls and doesn’t include calls from your Google Voice number as well. So, next time you’re on an important conference call in the middle of driving to the airport, you can focus on traffic instead of finding a pen to write down your hotel’s address.

SMS? Yes

Not limited only to voice, people can send SMS messages to your Google voice number as well, and these will be forward to however many mobile phones you’ve added. You can also send and receive SMS messages via the web interface, and you can save old messages for reference instead of having periodically to erase them as you would on a phone.

Voicemail, part deux

You have no idea how clunky your current voicemail system is until you’ve seen how Google Voice does it. With voicemail from Google, you can listen to your voicemails online, save them to your computer, or embed them on web pages (sounds like a problem waiting to happen), it’s true. Yes, you can even listen to people as they leave you a message to decide whether or not you want to take their call. But Google’s taken it to the next level, because Google Voice can also automatically transcribe your voicemails to text, send them to you via SMS and email, and let you store, search, and annotate them online in a Gmail-like interface. While not perfect (the transcription is sometimes a little off, but still amazing for a computerized service), this feature is probably the best part of Google Voice, and you really have to see it to appreciate it.

Do you like your carrier’s features? Then stick with them. In the meantime, we’ll be using Google Voice.

Filed under: Technology | Tagged: , , , , , | 2 Comments »

Let bookmarklets work for you

Posted on August 7, 2009 by Jacob Prystowsky

Everybody has heard of web browser bookmarks (aka “favorites”), links to web pages stored within your browser for easy access to websites you want to visit again. But did you know that bookmarks are capable of storing more than just URLs? Modern web browsers allow you to store JavaScript (or “JS” hereafter; JavaScript is a simple scripting language that provides much of the power on the web behind everything from Gmail to the statistics software for our very own OSCPA website) within them too, and with a little creativity and programming experience, you can be well on your way to making your web browsing experience easier and more pleasant — and if you’re like me, taking some of the chore out of regular tasks, as well.

Let’s get started

First things first — if we’re going to write JavaScript bookmarklets, it helps to know a little bit of JS, or at least have prior programming experience of some kind and be good at learning on your feet. If you don’t have this proficiency already, there are plenty of sites that can get you up and running soon. You’ll also need a modern web browser (I prefer Firefox) and a decent text editor — I recommend the excellent BBEdit (or its free cousin, TextWrangler) for Mac, Visual Studio (or its free variant, Visual Studio Express, or Notepad if you absolutely must) for Windows, and either vi[m] or Emacs for Linux — I won’t take sides publicly. For the purposes of demonstration, I will be writing bookmarklets using Visual Studio and running them in Firefox, but the process will look almost identical no matter what combination of the above software you use.

Everybody’s first bookmarklet

The canonical first program is “hello world,” and there’s no reason to break tradition here. Open your editor of choice and type:
javascript:{
alert("hello world");
}
Much as the http:// at the beginning of a regular URL signals to the web browser that we are accessing a web page, the javascript: tells the web browser that this is going to be a piece of JavaScript code, not a regular bookmark. Copy the block of code, paste it into a new window, and remove all the line breaks. (This is the technique we will be using: writing in an easy-to-read style, and then when we are ready to try it, making everything one line, which is required.) If you’ve done this right you should have a piece of code like this:
javascript:{alert("hello world");}
bookmarklets-1At this point we’re ready to add the bookmarklet to our browser. Open a new window and then add a new bookmark to your browser, then after it’s created, paste in your single line of JS in place of the page’s URL and give the bookmarklet a descriptive name like “hello.” After loading the bookmark, you should see an alert pop up with the text, “hello world” inside:

bookmarklets-2

A little more serious

Now that we’ve seen how to make a bookmarklet, let’s try a couple of real world examples of how bookmarklets can make your life easier — since admittedly, “hello world” probably isn’t useful to you. For all these examples, just follow the template above: write your code, make it one line, and save it in a new bookmark in your web browser. (With any luck, you won’t have any debugging to do.)

Search the news

I’m a fan of Google News, but it can be annoying to have to load the home page just to search for something. Let’s tackle this with bookmarklets. To get an idea of the kind of URL we are going to generate by doing a search, we try a test search, and get something like this: http://news.google.com/news?pz=1&ned=us&hl=en&q=test+search. After some experimentation, we come up with this JavaScript solution:
javascript:{
var term = escape(prompt("Search Google News:"));
window.location.assign("http://news.google.com/news?pz=1&ned=us&hl=en&q="+term);
}
The first line (of real code) prompts the user for some search terms, URL-encodes the characters (e.g., “?” becomes “%3F,” etc.), and assigns this result to a new variable named term. The second line appends this search term to a generic-looking Google News search URL, and then directs the current window to go to this search URL. Just what we wanted: searching the news without the middleman.

High-contrast web pages

Sometimes webpages can be downright hard to read. While garish, it’s generally accepted that white text on a black background is the best possible scenario for readability, and bright red and green both stand out well on black as well. The following JavaScript, adopted from a bookmarklet found at Lifehacker:
javascript:(function(){
var newSS, styles = '* { background: #000 !important; color: #FFF !important; font-size: 12pt !important; font-weight: bold !important } :link, :link * { color: #F00 !important } :visited, :visited * { color: #0F0 !important }';
if (document.createStyleSheet) {
document.createStyleSheet("javascript:'" + styles + "'");
} else {
newSS = document.createElement('link');
newSS.rel = 'stylesheet';
newSS.href = 'data:text/css,' + escape(styles);
document.getElementsByTagName("head")[0].appendChild(newSS);
}
})();

will do the job, making any webpage high contrast and easy to read.

These are just two examples of what can be done with JS and some thought. With a little practice and foresight, you, too, can start writing bookmarklets to change the way you work online. (If you like bookmarklets and use Firefox, be sure also to check out the powerful Greasemonkey extension.)

Filed under: Technology | Tagged: , | Leave a Comment »

Password Safe

Posted on July 28, 2009 by Jacob Prystowsky

passwordsafe-2Whether it’s your bank’s website, OSCPA’s membership resources, or even just an email account, nearly everything we do on the Internet requires us to authenticate ourselves with a password. But passwords provide a virtually inevitable quandary: Any password that easily can be remembered can also probably easily be guessed. Worse yet, it is difficult enough to remember multiple simple passwords, much less multiple secure ones, so people tend to reuse the same password, or set of a few passwords, across multiple services, perhaps altering the passwords very slightly (and probably predictably) for each one, and that’s if we’re lucky. Add to this the sometimes draconian password policies requiring passwords to be changed on a regular basis, and it’s no wonder that passwords are such a problem today.

The ideal solution, of course, would be if everyone (we will use an apocryphal user Alice for simplification) used different passwords for each resource (email, banking, OSCPA, etc.), and if each password was secure. The importance of using different passwords for different services is the same as the importance of using different keys for different locks. Imagine if Alice used the same key for her car, her home, her mailbox, and her office. If a thief — let’s call her Eve — ever managed to copy the key, she would immediately have access to all of these locations, and Alice would have additional hassles with having to change so many locks. Furthermore, Eve could target the easiest location at which to copy Alice’s key — perhaps by impersonating a maintenance person at her work, instead of having to go directly to her house. The importance of Alice’s keys being secure (i.e., not easy to copy, not blank keys bought from the store, and of a shape not easily guessed) is, we hope, self-evident.

Password security involves a lot of different technical aspects, but the three take-away elements are this: Good passwords should be complex, utilizing both uppercase and lowercase letters, as well as numbers, spaces, punctuation, and other symbols; they should be long; and they should be random. Complexity is a measure of a password’s key space. Intuitively, the greater number of symbols that Alice’s password contains (e.g., letters and numbers instead of just letters), the greater the number of combinations of passwords that she could be using, and so the more passwords that Eve must guess. Length is a measure of a password’s key length. Once again, the longer a password, the more possible passwords there could be, and so the harder individual passwords are to guess. Finally, randomness is a measure of a password’s entropy, which can be thought of as measuring how hard it is to predict one letter based on another (for example, a password of “abcd” is less entropic and so less secure than that of “a3@Z”).

passwordsafe-3

These days, a minimum amount of entropy that we should demand from our passwords is about 128 bits. In lay terms, this corresponds to a password of between 16 characters (containing a completely random sequence of every symbol of which you can conceive) and 64 characters (containing only regularly-typed English letters). Somehow remembering a litany of completely different passwords of these types, some of which must be changed on a regular basis, is understandably probably impossible (unless you’re Dustin Hoffman’s character in Rain Man). And if you write these passwords down, unless you store them somewhere safe, you might as well use weaker passwords that are easier to remember — and if you do store them somewhere safe, they’re probably not going to be easy to get to.

What’s the solution to this technical headache? Go ahead and use different, strong passwords everywhere — but only worry about remembering one of them. There are a number of different software solutions that will store your password for you, many built into the different operating systems, but the program we will be reviewing is Password Safe, which is free (in fact, open source), available for Windows (beneficial for many corporate environments, and programs compatible with Password Safe are available for other operating systems), and secure.

Upon launching Password Safe, you’ll be asked either to open an existing database or to create a new one (choose the latter if you’re using it for the first time). The fact that you can create multiple databases has a number of useful applications. For example, you could have one database for home and another for work, or one database for personal accounts, and another for group accounts, and the password database for the latter could securely be shared among multiple people. The password that you supply for each database will be all that is required to access the passwords inside, letting you remember just one key — the database password — while forgetting about the numerous secure passwords stored inside. If ever you need them, just open up Password Safe and pull them back out again.

passwordsafe-1

Password Safe helps you manage your passwords in other ways as well, like coming up with good passwords in the first place (you can customize your password policy and even have the program generate a random password for you), storing account and other info along with them, remembering the last several passwords used, copying passwords to the clipboard without viewing them (for deterring shoulder surfers), changing how often passwords expire, and so on.

Finally, the databases that Password Safe creates are very secure, ensuring that if a thief somehow got access thereto, if the password you chose to protect it is secure, its contents will be, as well. The software is open source, so you can examine its code yourself and ensure it is up to no ill, and it was designed by the respected security analyst Bruce Schneier. To protect your information, databases are encrypted with the Twofish algorithm, one of the Advanced Encryption Standard finalists, and Password Safe has been reviewed by Schneier’s own Counterpane Internet Security, Inc. (now BT Counterpane, owned by BT Group plc). So whether you’re a grandmother at home or a corporate executive flying between Columbus and San Francisco, it’s time to set your excuses aside for not using multiple strong passwords everywhere and save yourself a headache of trying to remember them all.

Filed under: Technology | Tagged: , , , , , | Leave a Comment »

Nothing to hide? Hide it anyway

Posted on July 21, 2009 by Jacob Prystowsky

If you’re like most Americans, you probably value your privacy. You’re probably not ashamed of anything, and you’re not doing anything wrong, but just on the principle of the matter, you would prefer to keep your private life private. If a stranger knocked on your door and told you that he was going to watch you read your mail, you would almost certainly call the police. If you saw your neighbors peeking through your living room windows as you watched TV at night, you would probably walk over and give them a piece of your mind. And if you found out that the government had been listening to your phone calls without a warrant, you would be outraged, and probably hire a lawyer to get justice and accountability. And all of these actions you would be justified in carrying out.

Just as you enforce your privacy in your tangible, day-to-day life, so, too, should you do so on your computer — especially as more and more of the activities that make up our usual days become digitized, are stored on hard drives, and are sent flying across the Internet. So it is somewhat mystifying to me that most of the people to whom I have talked about encryption seem entirely disinterested in taking the time to implement secure cryptography (see the end of this post for more information) on their computers.

Oftentimes, the first reaction to my suggestion that I hear is, “Why? I have nothing I need to hide.” But, while that is probably almost always the case, their reaction misses the point entirely. It’s not whether or not you have anything to hide, it’s whether or not anyone else has the right to pry, and in my mind, unless either someone is both legally authorized and justified in snooping on my data, or I give my consent for them to do so, I should keep the data on my computer as secure as possible.

It used to be the case that setting up good encryption was difficult, and that trustworthy software was hard to find — but this is no longer the case. While it is true that there are a glut of badly-written encryption programs that leave your data virtually as vulnerable as they were before, there are also plenty of respectable implementations that easily can be obtained and installed (see the end of this post), and no longer do you need a degree in computer science or mathematics to use them, either (although if you find Feistel networks or finite fields interesting there are plenty of technical aspects about which to learn as well).

The reasons aren’t purely philosophical, either, as there are serious risks in allowing data to sit unprotected on a hard drive. We store our home videos, vacation photos, tax records, hotel reservations, flight itineraries, bank statements, music, and business correspondences on our computers, just to name a few, and more and more, these data are not just sitting on our hard drives, but transmitted online, synchronized via servers located around the world, and categorized, indexed, dissected, and disseminated via the Internet and a littany of applications. So, just think of the potential devastation — financial loss, identity theft, character destruction, etc. — that could result from a breach of privacy on your computer.

Worse yet, it doesn’t take a skilled attacker or government spy for your information to be at risk. Social networking sites routinely encourage their users to volunteer reams of personal information; most grocery store shoppers don’t think twice about swiping their “frequent shopper cards” to gain access to special deals (and allowing the store to track their purchases); and, frighteningly enough, more than 70% of people would give up their passwords for a chocolate bar. Most people seem so incredibly careless with their information security that these and other signs of complacency only add emphasis to the fact that we collectively need to take more seriously the potential risks in leaving our data unprotected (not to mention giving it away) and abrogating our responsibilities — just as it would be irresponsible for us to leave our front doors unlocked and open at night, print our credit card numbers on the back of our shirts, or walk down the street announcing how much money we have and in which pockets we have our wallets.

If you value your privacy in other aspects of your life, consider taking more seriously your privacy when it comes to your computer and your “digital life,” for lack of a better phrase. It is both an issue of security and of philosophy, and it is a salient one. For respectable cryptographic software, consider TrueCrypt, PGP, GPG, and RSA. (For platform-specific options, consider also FileVault for Mac OS X and BitLocker for Windows Vista, both built into their respective operating systems.) For general cryptographic (and other) security information, check out Bruce Schneier’s work (as well as his blog, Schneier on Security, and his books), the Center for Democracy and Technology’s cryptography page, and the Electronic Frontier Foundation.

Filed under: Technology | Tagged: , , , | 2 Comments »

Consider keeping some important data online

Posted on July 17, 2009 by Adam Mahle

It is common for data security folks to tell you to be careful about what data you keep online and the risks associated. But, I’m here to tell you why you should keep some of your data online. Because, while you should be careful about what data you put online – you should be careful about what you don’t.

Consider the unpleasant scenario – a home robbery, house fire, storm, flood or some other loss. After the event you will need access to insurance documents, home photos and other important data. Now assume that you stored all that information on your home computer – all that information is now lost, and recovering it has just become much more difficult.

NOAA public domain image

“But wait!” you say, “I keep all my data backed-up and stored in a fire safe so I’ll be alright.” You need to be careful with this assumption and should be aware of some facts:

  1. Thieves like stealing safes – they assume that you have something valuable inside that they want. 
  2. Fire safes are rated to a specific temperature for a specific amount of time – but the temperatures that are reached inside – while relatively safe for paper documents, at least for the rated period of time – can be catastrophic for your data storage media (backup tapes, CDs/DVDs, flash drives and pretty much all other media are susceptible to heat).
  3. Water, used by the fire department or the result of some act of Mother Nature, can cause damage to both your digital storage media and your paper documents within a safe. So even if you have taken measures to protect your data at home – it may not be quite enough.

No one wants to think that events like these might occur to them, but unfortunately no one is immune from the possibility. Preparation gives you the possibility to mitigate your risk in these situations. To help yourself prepare for some sort of catastrophic event like this I suggest that you look into keeping copies of your important data online. You may want to consider using an online document management service or one of the many online backup services avaialbe. Most online backup services provide reasonable protection of your data through encryption and other measures, and are a relatively safe (there is no such thing as perfect) means to protect your data from loss or theft – and will still be available to you should some catastrophic loss at home occur.

So remember, while you may not want to advertise information about yourself or put compromising data on the Internet, you really don’t want to avoid putting data up for that reason. With proper consideration most data can be reasonably secured online – and your disaster recovery solution could be considered an investment in your own future well being,

Filed under: Technology | Tagged: , , , , , | Leave a Comment »

Our data, wherever we are and whenever we need them

Posted on July 16, 2009 by Jacob Prystowsky

“Cloud computing,” like social networking (LinkedIn, Twitter, YouTube, et al.), is all the rage in this new era of distributed, collaborative, high-tech solutions to what are now everyday problems (some previously unknown until the time at which we arrived at a solution and forgot how we could have ever lived without them), and in the area of distributed, Internet-accessible file hosting, Dropbox reigns supreme.

Consider a fictional executive, Alice, who works frequently from home, and has a number of files that she needs to be able to access from both home and work. More importantly, she needs her files to stay synchronized between the two locations, so that if she updates an expense report at home in Upper Arlington she will have the up-to-date version when she arrives at work in Dublin, as well. Furthermore, while she is with her grandchildren in Manhattan, if she should realize that she forgot to record an expenditure, she needs to have access to that same up-to-date report.

In the past, Alice might have used a floppy disk, Zip drive, CD-RW, or, more recently, portable flash drive. But these media are susceptible to damage, and can be lost or stolen with relative ease. Adding encryption would keep Alice’s files secure, but at the expense of convenience and easy interoperability. She might choose, instead, simply to email the files to herself, but this solution is cumbersome, and sacrifices the ability easily to keep versions of her files in sync wherever she goes. Should Alice further discover that one of her fellow executives, Bob, also needs access to some of her files, both removable media and emailing herself become next to impossible to implement as workable solutions.

These types of problems are what Dropbox has been specifically designed to address. When someone downloads and installs Dropbox, the software (which includes a free version with limited but not insubstantial storage capacity) creates a special directory on that person’s computer (called his or her dropbox) which is linked automatically to the Dropbox servers. Any files placed in this folder are automatically backed up to Dropbox’s servers and stored securely and privately, accessible only that user’s Dropbox account. Whenever a file is updated, the Dropbox software updates it on the server as well, and since Dropbox detects what portion has been altered, the software does not transmit the entire file each time, but, rather, only the changes, making this process virtually instantaneous for most files.

Furthermore, the Dropbox software can be installed on multiple computers and linked to the same account, and whenever a file is updated (or added, or removed) in one of the linked locations, it is updated (respectively, added or removed) elsewhere as well. If a file is deleted by accident, Dropbox can bring the file back from the dead. If a change is made that is later found to be in error, the software allows the user seamlessly to roll the file back to a previous version. And, should the user use a computer that is not his or hers, Dropbox allows full access to his or her files through an intuitive, uncluttered web interface.

As if that weren’t enough, Alice’s desire to share some of her files with Bob are met by Dropbox as well. Our apocryphal user can place files in a “Public” folder, wherein he or she can create a special URL allowing anyone, whether or not he or she has a Dropbox account, to download and view the files. If more collaborative access is desired, one can create a “shared folder,” which allows any number of additional people with Dropbox accounts to have full access to all the files in the shared folder, all other features (version tracking, un-deleting, synchronization across computers) intact as well.

All of this is more easily experienced than explained. If you ever find yourself wanting to have access to certain files wherever you are, trying to keep track of something that needs to be maintained by multiple people in multiple locations, or even just wanting an easy way to back up some important files without having to worry about extra hard drives or stacks of disks, download Dropbox and give it a shot. You just might find that it solves a problem you didn’t even know you had.

Filed under: Technology | Tagged: , , , , | Leave a Comment »

Cloud Computing

Posted on July 10, 2009 by Joel Musheno

Recently, there has been a push by companies like Microsoft, SalesForce, Amazon and Google, to use their cloud computing services as a platform to build applications. What makes this any different than running server within your office and storing your business data there? Nothing. You’re just outsourcing number crunching power and storage.

If you use Gmail/Yahoo! Mail/Hotmail- guess what? You’re already using a cloud application. You have no knowledge of where data exists nor do (or should) you really care. You can reach that data from any computer where you have access to the Internet, and the entry cost to that data in terms of hardware is low.

What does a business gain with moving to a cloud computing model? Cost savings in terms of hardware and data storage, and processing power and less reliance on internal servers for 100% availability. To take advantage of this savings, you become reliant on access to your chosen cloud service’s servers, this being your ISP (as if any of us wasn’t reliant on the web already), you have to rebuild your applications and you no longer have your institutional data in-house.

Rebuilding applications to take full advantage of this technology is no small undertaking. Data that resides in your existing data store will have to be ported into your chosen cloud service and any application logic that speaks to your current data will have to be rewritten.

Why is this?

atmostpheresmall In terms of Microsoft’s platform, Azure, a developer has to now conform to a new standard of data storage rather than the ORM or ADO.NET model. Azure is made to deliver mass amounts of data and provide redundancy and recovery features- in order to meet this goal, you have to do things the Azure way. You, as a developer, have a layer of abstraction that sits on top of a network of database servers and no knowledge of how the data is stored in the most basic sense.

I am not going to push for using a SAAS model of development. I, personally, am no salesman. I am not sure I could convince a business owner that 10 years of work should be moved off-site. This is not to say that you must have all of your data off-site, you can peruse a hybrid model as well. I can, however, give one guideline that can ease the transition should it be something that your company wants to do.

Remove all of your business logic from your database.

This, in and of itself, can be a troubling task. I have worked on many applications that have had stored procedures that performed business logic- this has to change in order to use a cloud based platform. There is no more access to the database, so you have to write code that modifies data in the form of a service that runs in the cloud. Encapsulation is key for the cloud model to work.

As I am a Microsoft based developer, I have been focused on the platform that Microsoft has provided (which is said to have Java support soon). Some other examples of cloud service hosts:

Filed under: Technology | Tagged: , , | Leave a Comment »

Perl? I’ve seen those

Posted on July 1, 2009 by Joel Musheno

So this morning I was asked to get content from a website out in plain text.

htmlcontent Visually, this means that the HTML code over on the left, needs to be converted to straight text that can be viewed in notepad without all of the tags.plaintext

As I have done some screen scraping in the past for other jobs, I am familiar with the concept of taking data from a terminal screen and working with it. I have not, however, done any sort of screen scraping for web content. 

My first step in the process is to ask what other people have used. I don’t want to re-invent the wheel if possible. As I am the only developer here, I find it useful to post questions on Twitter, as most of the people I follow have some attachment to the technical industry. I use it as an open messaging system- kind of like shouting down a hall and seeing who answers.

My first response was HTML::Strip. As someone who has been a Windows programmer for most of his career, focused on Microsoft based products (and not really web based platforms), this told me absolutely nothing. Google (or Bing… I’m trying…) tells me that this is essentially a Perl module. Huh?

startmenustrawberry So begins my morning’s quest for knowledge. I do a bit of digging, and I found that what I need to do first is get a some type of Perl interpreter. These sort of things come with Unix/Linux… but Microsoft pays for my life, so I use Windows. The top of my result list was fine for me, so I went with Strawberry Perl as my interpreter of choice. 

As a value add, I get a CPAN Client which is essentially a universal installer utility for installing modules which can be consumed by Pearl script. Meaning that if you need to include a reads HTML pages and return their content to you, you just tell CPAN the name of the library and it magically installs! 

I need two things to get started:

  • HTML::Strip – the Perl library that strips content out of web pages
  • LWP::Simple – the Perl Library to manipulate HTML

cpaninstallAfter a bit more research I found that all I need to do is launch my CPAN Client and in the command prompt run install HTML::Strip, and install LWP::Simple. It’s really just that simple! No messing around with installer files. It just works. Now I can write a script that consumes those libraries.

This post is getting long and rather than just drag on with coding, here’s how we can scrape the text from a web page using Perl:

#!/usr/bin/perl

use HTML::Strip;
use LWP::Simple;

my $hs = HTML::Strip->new();
my $url = "http://www.google.com";
my $content = get($url);

my $clean_text = $hs->parse($content);
print $clean_text;
$hs->eof;

Done. That will write the contents of our $urlvariable’s web site to the screen. I save my script into a text file C:\strawberry\perl\Scripts\Scraper.pl (I use .pl as the file extension only for convention’s sake). 

scraped To execute my script, I open the command prompt and type perl C:\strawberry\perl\Scripts\Scraper.pl and the result is printed to the command window.

 

 

Obviously, I still have some work to do to make my little script a viable solution:

  • Scrape a specific target area on the web page rather than the whole page
  • Loop thru a list of pages to parse rather than just a single page

…but that’s the brunt of what I needed it to do. For all you Perl experts out there- I probably butchered your favorite language... sorry.

 

Filed under: Technology | Tagged: , , , , , , , , , , | Leave a Comment »

Next Page »