Wednesday, August 31, 2011

How To Make Your Password Secure

Okay. Yes. This is a boring and tired old topic. But among other recent news stories, the Morto threat once again drove home the point that we must choose our passwords very carefully.

In a business setting, it is important to avoid the default passwords for any service or application. Many products including popular operating systems, system utilities, database systems, communications software and other applications are delivered with the same default password, or worse, no password.  If you doubt this check out this table. As soon as these systems are installed all passwords should be changed. The Morto worm is only successful because it uses knowledge of "likely" passwords and finds entry where these common passwords are still in place.

An awful lot of malware is clever about guessing likely passwords using personal information or information socially engineered from you, your friends or publicly posted. Using the name of your pet, home address numbers or children, while easy to remember, is not particularly hard to guess.

Whether in an office, at the airport or at home, your user account and password may be the only thing standing between you and some unscrupulous individual who would love to have access to all of your programs and data.

Here is a simple way to make passwords that are still relatively easy to remember but will be much more difficult to crack.

First, you must include several elements in each password. It should contain both upper and lower case letters, some numbers and a special character such as a $, ! or +.  Not all systems will allow you to use any special character so you may have to conduct a little trial and error to find a good one.

Next, you want the password to be at least 8 characters in length.  The longer a password is the more difficult it becomes to cycle through all the possible combinations of letters, numbers and characters. Keep in mind computers today are extremely fast and powerful so while it could take a human years to try a few thousand combinations, a computer can do it in minutes.

Last, make the password something easy for you to remember. For example, you might have access to a document library. An easy password you might associate with library would be "bookworm."

Now let's morph this easy to remember word into a more secure password. Change the B and W to upper case. Make the O a numeric zero and put a plus (+) sign in the middle. Now our password is B00k+Worm. This will be much harder to crack.

Think about all of your passwords and whether someone could guess enough about you to stumble upon the combination of words or numbers you are using. As we put the sumer behind us and head back to our daily routines are home or at work it may be a good time to get a little more creative and be a whole lot more secure.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Tuesday, August 30, 2011

Where Were You When the Wireless Went Out ?

Hurricane Irene created many problems, damaged a lot of property and even took several lives. For some, the worst thing that happened was the inconvenience of not being able to make a cell phone call. While this pales in comparison to the more significant losses, it happened to me and started me thinking about how much we have come to depend on wireless communication.

According to a report issued today over 6,500 cell towers were knocked out of commission up and down the East coast. Cellular capacity was diminished and severely overtaxed. This in turn made it difficult for some to complete a call.  Fortunately, all 911 service centers were still operating and emergency personnel communication systems continued to function keeping police, fire and rescue workers in touch. But if you needed help and were depending on your cell phone you may have been out of luck.

Everyone knows the drill by now. When hear the news of a major storm on its way we rush to the grocery store and stock up on bread, milk and eggs. (Someone joked about this saying they didn't know why people make french toast in a crisis.) We also make sure we have enough water, batteries and candles. We know the power may go out and roads could be impassable for a while so we prepare for the worst. In fact, some homeowners have gone to the extreme of installing their own generator so they will always have power.

In business we must go to great lengths to ensure our computing systems can survive and our data are protected under any circumstances. Companies spend millions moving critical data around to different locations, installing uninterrupable power supplies (UPS) with batteries and generators, and a host of other preventive measures, all to be certain they can continue to operate their core business after almost any disaster.

For a lot of people, the smart phone has become a key element of every day life. Escaping the limitations of a wire, we simply expect to be able to make a phone call to anyone, anywhere and at any time. We know there are areas of poor coverage and dead zones, and we grouse when the call is dropped and we have to dial again. But what will we do when we cannot get a signal at all?

Beyond the simple phone call, many have come to depend on smart phone applications and these require a data connection which, without cell service, is not there. This may come as a shock to younger people but when there is no cell service there will be no Facebook, Twitter, Foursquare, Google Pus or any other social network available. It may mean we have to use our Starbucks card to pay for that latte or show an actual loyalty program card for credit at the pharmacy or supermarket. We might even have to use a paper boarding pass at the airport again.

In business, old stubborn Ralph who refused to give up his day planner and use that newfangled phone app to make sales calls will be laughing all the way to his next customer while the rest of the modern sales force is disconnected and confused. As business applications become increasingly mobile, business continuity plans better to take this into account and provide alternate means for employees to reach their well protected and still functioning systems when the communication lines go down.

And we who practically live our lives through our little hand held friends better think beyond making french toast in the dark to what we will do when we can't get a connection.

By the way your land line, broadband and wifi won't work well in the dark either.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Monday, August 29, 2011

Are You A Tough Act to Follow

When Steve Jobs announced he was stepping down as CEO of Apple, turning the reigns over to Tim Cook, the reactions were visceral and immediate. The airwaves lit up with Tweets, email alerts and news stories. Editorials, blog entries and predictions came in wave after wave, like the ocean under the influence of hurricane Irene. The stock dropped over 5% in emotional response, an irrational perception of an uncertain future for the company. It has since recovered and continues on its long term positive trend.

I think Apple will be fine. But this event reminded me of one of the more important but often overlooked responsibilities of senior management and that is succession planning. When the time comes for you to step up, down, over or out, who is going to carry on in your place and, more importantly, what are you doing to ensure you have prepared someone -- the right person -- to fulfill your role.

Every manager has a responsibility to ensure your staff remain interested, motivated and energized at work. Their talents must be recognized and used to the fullest. You have to train, coach, advise and develop people to their maximum potential. They must feel like they have a career path with opportunities to advance.

In larger organizations you can move staff laterally, exchanging roles and responsibilities. Often IT staff have the option to move into a business unit, sometimes in a supporting or even an operational role. If they return to IT they do so with a much better understanding of the people, functions and business they serve.

In smaller organizations it is more difficult to do this. IT staff sizes are smaller and often stretched pretty thin. Here the challenge becomes finding ways to give them more autonomy and greater responsibility on projects or over a specific departmental function.

Yet another important part of the plan is to train your staff to train the people they manage, perpetuating the cycle.

My personal belief is that you should always surround yourself with the smartest and most enthusiastic people you can find. Technical skills like knowledge of database systems, programming languages and major applications can be learned. However, it is very difficult to alter an individual's personality making then be more inquisitive, more excited or more engaged with the job. If you are fortunate enough to have bright, motivated people, it is up to you to tap these precious resources, ensuring they are allowed to grow, blossom and become the best they can be.

It is inevitable that one day, by accident or by design, you are going to have to hand off the baton. At that time, you want to be sure there is someone to hand it to who will pick up speed and carry on towards the finish line.

Have you thought about who will be ready to take your place when you move on?

Captain Joe

Follow me on Twitter @JPuglisiLLC

*** Special thanks to David O'Malley for today's topic.

Friday, August 26, 2011

What are Hashtags #Definition #Examples

There it was. The big news of the day. More Facebook changes? Steve Jobs resigning? Hurricane Irene hitting land? Gaddafi finally cornered?

Nope. It was the fourth anniversary of the invention of the #hashtag!

What the heck is a hashtag you ask? Well, that is what we will explore in this column. Accomplished social media gurus, techies and geeks can stop reading now. #YouAlreadyKnow  But for the rest of you, as if all these social networks aren't confusing enough, the hashtag can add yet another layer of complexity to using them.

Actually, the notion of a hashtag is quite simple. In SQL database parlance they would be called descriptors. It is an additional "tag," a descriptive word or phrase that will enable people to group similar or related things together. For example, take a Twitter tweet or blog entry about football, baseball, basketball, tennis or hockey. We could add the hashtag "Sports" to all of them. All but hockey might include #PlayedWithBalls . All but tennis might get #TeamSports. You get the idea.

Tags have been around for a while. They are used in database applications and variety of other places. Look back at previous View from the Bridge columns and you will see they all contain tags. These make it easy to find all the columns that deal with specific topics such as "mobile" or "social" networks. Notice some will have more than one tag. Library science would refer to this as cross referencing.

The use of hashtags originated with Twitter where the convention of leading with the # symbol was established.  There is an interesting bit of history HERE. The idea was Tweets could have these additional keywords allowing people to group Tweets by hashtag independent of author. In Twitter you "follow" people which means you choose to receive their Tweets. You only get Tweets from the people you follow and conversely, only people who follow you see your Tweets.

But hang a hashtag on the end and anyone can find your Tweet by looking for all Tweets with that tag. For example, if you attend a conference, concerts or other major event there is often a hashtag assigned by the organizers or one that emerges as the tag to tie everyone's comments together. You don't have to be following everyone in the audience to see what they Tweet about the event. You can show all Tweets for that specific hashtag.

There is no taxonomy of hashtags. In other words, you don't have to look up the right tag to use. There is no correct tag, you make them up. Unless provided, as in the cases described above, it is up to you to create a tag or tags that would make sense and help interested parties find your contribution. Comment on the HBO series #Entourage or mention a candidate in #Election2012. Listen to a great song on #Pandora or #Spotify.

Accomplished Twitterati also use hashtags in very clever ways. It can introduce humor or sarcasm to a Tweet and is even the basis for word games. The hashtag #StarWarsTVShows was invented to evoke humorous titles based on real TV shows and the movies. A search returns dozens of titles like the ones you see above.

Now all you amateur tweeters and bloggers understand hashtags. #SoGetToIt #ThanksForReading

Captain Joe

Follow me on Twitter @JPuglisiLLC

Thursday, August 25, 2011

Innovation is the Key

With a great deal of fanfare (somewhat overshadowed by the unusual East coast earthquake) Facebook announced a round of major enhancements allowing subscribers to better control their content and protect their privacy. Popular opinion, of course, was that they went to all this trouble to stave off the upstart Google Plus where the Pluserati are quick to point out your privacy is job #1.

Facebook are reacting to a small but vocal portion of their subscribers and the media who put a huge spin on these concerns and somehow manage to inflate them to massive proportions making them "real issues.". The vast majority of FB users are perfectly happy to post their birthday photos and ski trips so their friends and family can view and comment on them.

Arguably, the Google Plus "circles" concept might be easier to understand and less confusing than the more traditional group construct. But at the end of the day, you really have no more or less security over your content. It is still ultimately up to you to manage who can see what you post.

These structural changes and whatever Google Plus responds with are largely irrelevant. Apart from generating more buzz, keeping the software developers busy and keeping the rivalry alive and kicking, they will serve no real purpose. I would sorely like to see some hard metrics around adoption rates or changes in the switching rate between these services attributable to these changes. It will be a minor blip at best.

Having just hit one trillion page views per month I can't understand what Facebook is concerned about. But if they are looking for more growth or simply want to enhance "stickiness," encouraging current subscribers to  come back more often and spend more time on the site, then they must truly innovate. Introducing more approval steps and menus of controls over your content is likely to annoy or confuse more people than it will please.And it does not make the site more attractive.

Let's be honest. Early adopters flocked to Google Plus because it was new not because they thought it was more secure. The invitation only access made it cool to be one of the insiders, and it did stuff none of the other social networks did. To compete, Facebook or any of the other services must continue to introduce new and exciting capabilities.

Here is a great example. Ticketmaster now gives you the ability to know where your Facebook friends are sitting when you are buying tickets. This is new and fresh, and creates a compelling reason for people to use these two services and to want their friends to use them as well.

Google Hangouts, the unique Google Plus video chat feature, is being used in all kinds of new and genuinely novel ways. Hangouts have allowed people to interact in completely new settings including interactive concerts and the virtual newsroom couch.

True innovations like these will create that stickiness and cohesion needed to attract new users and preserve the core subscriber group.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Wednesday, August 24, 2011

Are We Flush With Research

You've all heard the old joke 63.4% of all statistics are made up on the spot. It usually takes a few moments for it to sink in and then you get it. Way back in college we used a textbook by Phillip Kotler that began each chapter with a short quotation. Among may favorites was "Statistics is the art of torturing the data until it says what you want." Whenever reading any reports, findings or conclusions based on numerical data analysis these are usually among the first things that pop into my head.

The social nets are terrific at highlighting stories and odd bits of information. Monitoring Twittter feeds can alert you to news stories as they are breaking (like the rebels victory in Libya or the earthquake on the east coast) while Facebook lets you see what all of your friends think is worth sharing. Google Plus also has a broad spectrum of postings from politics (Ron Paul forgets Rick Perry's name) to pot (weed DNA sequenced) depending on who you have placed in your circles.

Watching my various social nets can provide good information and often inspires or plays a key role in my daily column. For example, some weeks back a close FB connection (my son) shared Spotify with me which lead to some experimentation and a brief report on first impressions. There is so much good content its difficult to choose which links to follow. Music, news, videos, art, science and humor. You're entertained or educated.

The results of so many studies are made available. Smart phone share of market, smart phone user frustrations, social software relevance in business, and the list goes on and on almost endlessly. Most are interesting, important, relevant or at least useful. Many very well done.

Then this story with a pretty catchy headline was shared with me. It read: 35% of Tablet owners use device in the bathroom. and a different thought crossed my mind. Beyond my usual questioning of the validity of the numbers (called in to question by the extremely small size of the sample) this story begs the question; have we gone too far in our efforts to understand our own behavior? Did these subjects actually volunteer this response or was it a choice the researcher put on the  questionnaire? Do we really need to know if you people are using a computer (or any other electronic device) in the bathroom?

I'm all for understanding consumer behavior, technology usage patterns and the never ending quest for knowledge in general. But we should draw the line at the bathroom door.

Let me know what you think. Make sure you wash your hands. You don't know where that keyboard has been.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Tuesday, August 23, 2011

There is More to Life than Facebook and Google Plus

With all the excitement around "Godzilla Facebook" doing battle with "Mothra Google Plus",some other significant social network developments are being overlooked.

Twitter recently did an overhaul of its appearance and more recently announced a new image gallery of its own. LinkedIn, a network of over 120 million professional connections, undertook an IPO and continues to grow in importance in the human capital space. Yelp hasn't changed much but continues to be very useful when looking for a place to eat.

And then there is one of my favorite social networks, Foursquare. Almost game-like, Foursquare permits you to "check-in" using your smart phone at various locations like the movie theater, a local pizza store or at the Washington monument. Digital badges are awarded for certain unique achievements. For example, you get the JetSetter badge after checking in at your fifth airport. Click here for the full list of badges. Check-in more frequently than any one else and you are named Mayor of that location. To date I have collected  24 badges, hold 7 Mayorships and racked up nearly 1,000 check-ins. I've wired Foursquare to optionally Tweet and post to my Facebook wall when I check in so my followers and friends always know where I am -- when I want them to.

Foursquare is not only designed for fun but can provide real value. After three check-ins at a wine bar in Manhattan, I was entitled to a free cocktail. The Mayor of a location is often entitled to discounts or free goods. Starbucks was the first company to offer a nationwide discount program to Mayors in its stores.

Foursquare alerts you to nearby deals when you check-in. At a local coffee shop, my check-in revealed a 10% discount at a nearby electronics store if I merely showed the screen. Of course it can also be used to suggest other places in your immediate area and offers tips, photographs and comments your Foursquare friends have posted about them.

Foursquare offers businesses the opportunity to attract customers through discounts, co-marketing and a collection of special programs. Earlier this year there was a major tie-in with the Super Bowl. More recently Foursquare partnered with AMEX building loyalty for both services and the participating merchants. Zagat has also leveraged Foursquare by recognizing Mayors since they clearly know the restaurants they frequent and can be used as opinion leaders to enhance the credibility of reviews.

Foursquare just announced a news service tie-in taking the service in yet another direction. Reporters from the NBC affiliate in Philadelphia will check-in and report breaking news from the location while their followers will learn about the story even before it hits a web site or other means of distribution. Yet another innovative use of a social media network to enhance subscriber value and increase station viewers.

Look me up on and "friend" me on Foursquare. You will (almost) always know where I am, and it will explain all the references to Dunkin Donuts you see in my columns and comments from friends.

By the way, Dunkin, as Mayor of a local store, shouldn't I get a free Coolatta or something?

Captain Joe

Follow me on Twitter @JPuglisiLLC

Monday, August 22, 2011

It's My Party and I'll Cry If I Want To

A few weeks back, Google issued every Google Plus subscriber 150 invitations. Almost immediately, the Pluserati were declaring victory over Facebook would happen in a matter of months if not sooner. With 25 million subscribers, they reasoned, each giving out 150 invitations, the ranks of Google Plus would swell blowing right past Facebook straight into the annals of social networking history.

Armed with my 150 invites and a slightly different perspective, I decided to run a little experiment. Those who follow my column may have read Come Join the Party  (published August 12) where my invitations were left out on the front porch like a big bowl of candy on Halloween night. At that time I made some fairly conservative assumptions about the distribution and take-up. Under these optimistic conditions my very simple calculations projected Google Plus would merely double, adding about 20 million new subscribers. This would have brought Google Plus to 45 million, hardly threatening the more than 750 million users of Facebook.

So here we are two weeks later and I am sorry to have to report that despite my best efforts, only three of my invitations were snapped up. The candy bowl still holds 147 more treats and I think Halloween is over.

Now if you recall (or click the link and go read it) my estimate was 2% to 3% take-up on the 150. Bingo. My experiment resulted in 3 out of 150 or exactly 2%. But we're not seeing headlines about Google Plus having picked up tens of millions of new subscribers. In fact, there have been no new subscriber reports since the widely publicized 25 million milestone. My guess is the 20% number was way high and far fewer subscribers went to the trouble as I did to put the invitations out there.

Yet scan the articles posted, shared and +1'ed by the current Google Plus subscribers and you will quickly see they are strong believers in this new social net. There is still no shortage of predictions for success. Just yesterday there was another article shared laying out the ten reasons why you will be using Google Plus by this time next year. So why did the faithful fail to propagate?

Without hard statistics it is difficult to prove, but I suspect most people (like me) who shared their invitations shared them with a network of people that significantly overlapped on itself. In other words, many people who read my column are already in Google Plus. Blogger statistics help bear this out. Over time it reports about 30% of my readership comes from Google Plus.

The other major sites referring readers to my columns are LinkedIn (32%) and Facebook (25%.)  This suggests a low switching rate from these other networks, not unexpected given the more "professional" nature of a LinkedIn user and the natural inertia of an entrenched Facebook user.

Doesn't appear my bowl will be emptied any time soon. I'll leave the candy on the front porch anyway. Help yourself.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Friday, August 19, 2011

Insurance Company Moves into the Cloud

At a conference I recently attended, I was delighted to hear the CIO of a major insurance company report that he has been leveraging cloud computing for speed, efficiency and reduced cost. For the last several months the Cloud Computing Consortium at Stevens Institute has sponsored several committees studying various aspects of this innovative form of computing from a business perspective. I have been on the committee examining the value proposition including the economics and benefits that can be achieved.  We have almost completed our first report and constantly look for real world examples to support and illustrate some of our findings.

Hypothetical situations can help explain what may happen, and theories are useful to discuss as well. But nothing drives home a point quite like a real world story. Here was someone talking about actual use of the cloud.

One key example of the value that can be derived is the unique ability for these cloud based services to provide a flexible burst of computing power. Months ago I heard Tim Chou, noted author, tell an audience that a scientist in the cloud computing model would have the ability to acquire 30 minutes of processing time on 10,000 computers. This kind of compute power is not economically or logistically feasible for most companies. It is too expensive to install and operate this number of computers for one project, and even if you could justify the expense, it would take weeks or months to put in place. But in he cloud model you can simply buy as much or as little computing as you need when you need it. It was an interesting story but simply an illustration he made up.

The insurance company CIO described how an important business process required to compute their actuarial models had been reduced from taking over eight hours to complete to approximately one hour. The in-house system had been replaced with cloud based resources exactly as Tim Chou had described - only this was for real.

As if this wasn't exciting enough, the CIO later revealed their plan to move electronic mail and office automation to a cloud based service as well, citing dramatic reductions in operating costs. He estimated the service was to cost the company less than half of the current in-house system.

In a sidebar following the presentation I asked how the CIO had managed to convince management that the cloud was secure. Security is the number one issue that keeps the cloud from being adopted. He explained in his company security was governed by a separate organization outside of IT. Every system or project had to meet their stringent requirements, but if they did, management would have no issue.

There were several other interesting presentations, some great stories and an extensive vendor exhibit at this conference. But hearing this particular success story had me on cloud 9.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Thursday, August 18, 2011

Do You Know Where You Are Going?

A recent warning about a spike in the amount of malware showing up in e-mail reminded me of a safety tip I would like to share with all of you. Malware, as you probably know, refers to programs that find a way to sneak on to your computer to do bad things. These programs which come in various forms called worms, viruses or trojans attempt to either damage or destroy your data, cripple your computer, gather information from your computer or use your computer as a base of operations.

Malware can be present on your computer for months, quietly doing its nasty work without you ever knowing about it. This is why every computer must have anti-virus software with an active subscription to keep the system current and capable of detecting the very latest in malware. There are well over 13 million known signatures, the electronic fingerprints of malware. The statistics on new viruses created and launched every day is equally staggering. Your anti-virus software will constantly require new signatures and time to look around your computer to make sure you remain malware free.

There are many ways malware gets installed on your computer. But it almost always depends on you performing a specific action such as clicking on a button, "hot-spot" or a link. You probably receive emails with buttons or links all the time. You are presented with buttons or links on web sites too. The button may have a words like CLICK_TO_SUBSCRIBE. The hot spot may be embedded in a picture of a deal, a product or an exotic location. The link may look like it will take you to one place such as TRACK_YOUR_PACKAGE or BUY_NOW, when in reality it will actually take you somewhere else and start the process of installing the malware.

The major browsers including Internet Explorer, Firefox and Chrome all have a feature which can help  you avoid making a terrible mistake. Before you click on anything you should simply hover over it. You can determine where you are really going to be sent before you click.

Here is a link LOOKS_LIKE_IT_IS_A_SAFE_PLACE which appears to be safe. Now take your mouse or track ball and simply point at this link without clicking. If you are using IE, Firefox or Chrome, look at the very bottom on the left hand side of the screen and you should see the actual underlying link appear in a gray shaded area. Note how this is different from the text displayed over the link.

Examine links very carefully. Links (like looks) can be deceiving. The most dangerous ones will contain a file name with a suffix of EXE or ASP buried somewhere in it. EXE (executable) and ASP (active server pages) are two types of files that are actually program code. Click on one of these and you will execute this program code on your computer granting it all the rights, privileges and access that you have. Think twice before clicking if the link is not someplace or something you recognize. Look closely since even one or two characters or numbers can make a huge difference.

Be aware the bad guys go to extreme lengths to make the messages appear very authentic. You might believe it came from your bank or credit card company, eBay, PayPal or other popular sites. The counterfeit messages are often almost indistinguishable from the real deal. Do not click on links in the email. Instead, go directly to the company site, sign in and see if the same message is there. If you don't have an account with that service it is unlikely the message is real. Delete it.

To drive the point home I wrote a little poem:

It only takes one click to make a computer sick. 
Then it will take days to erase its malaise. 
So remember my sneaky browser trick 
And take a quick look before you click.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Wednesday, August 17, 2011

Googorola or Motoroogle

Unless you live under a rock you must have heard the big news yesterday. Google bought Motorola Mobility for $12.5 billion. Almost as soon as the news broke the barrage of articles flooded the airwaves. Every other Tweet in my timeline seemed to herald another report or analysis. So being a newly minted columnist, I felt compelled to also write about this event.

These professional journalists have already beat me to the punch. The brilliance of Larry Page (Google CEO) and the people who orchestrated this deal has been loudly proclaimed, while story after story explained all the justifications Google had for making this strategic acquisition. Some observed that now the longstanding patent conflict would come to an end, or pointed out how Google could now compete directly against Apple. Google can more fully  integrate Android into the hardware, another one said, and still another from a legal perspective pointed out that if approved this deal paves the way for more acquisitions including perhaps Nokia or RIM. Each of the good things that could arise from this deal had been identified.

Of course in other stories you could read how Google overpaid, and how the other major phone manufacturers have been alienated. Android will be abandoned and phones will all be using the Mobile OS from Microsoft. You would learn that Motorola's patents are too weak to provide any defense, how the manufacturing division will clearly be spun off and how, according to S&P, this is a good time to sell your shares in Google. Clearly this deal would result in bad things happening.

I have been involved in a fair number of mergers and acquisitions in my day. Deals that involve billions of dollars are managed closely and very carefully evaluated. It is highly likely this transaction was studied seven ways to Sunday. The potential value and return on investment had to meet certain criteria for management to approve. We may not yet know the key driver. We know what Larry told us in his blog and what we can read in the press release. But only time (or possibly Wikileaks) will reveal all as Google's full strategy unfolds, evolves and becomes truly apparent.

The speed and availability of information today is marvelous, but can also work against us. When program trading goes awry, for instance, we have these wild and uncontrolled point swings in the stock market. A man is shot by the police and before any facts can be determined, the act is condemned, relayed in social media and riots are breaking out. Today, gossip can spread to the four corners of the earth in less time than it takes for it to circulate around an office. On a macro level, loss of confidence in the economy can quickly be telescoped and become a self fulfilling, self perpetuating problem.

Perhaps when these mega-deals are announced we ought to take a little more time to allow all the information to become available. Let's listen a little more, study and think through what the long term implications may be. Then we can publish a more considered opinion. Excessive speed and the resulting breakthrough can sometimes lead to a undesirable result.

Having thought about this for a while now, in my opinion, they should call it Motoroogle.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Tuesday, August 16, 2011

What Would You Do

What Would You Do is the name of a popular TV show which is something of a cross between Candid Camera and America's Most Wanted. The producers set up a controversial situation in a public location and with hidden cameras record people as they react. It is entertaining and generally provides a unique glimpse into our human nature with all of our bias and personal perspectives quickly exposed.

Reading current debates centered around how BART officials plan to deal with the threat of protests organized using cell phones and social media makes me wonder what any responsible security professional would do if put into a similar situation. By announcing the plan to shut down cell service in the BART stations, officials have raised the ire of many including the well know hactivist group Anonymous.

There has been a lot of controversy around officials attempting to mute the public by heavily filtering or shutting down the internet altogether as in the case of China and Egypt. The West typically decries this behavior citing the need for freedom of speech. But then we hear Number 10 Downing suggest blackberry communication be jammed to avoid further social unrest in London. Outrageous and hypocritical we would clearly say here in the good old US of A. We would never see that happen here. Then we read about transit officials in San Francisco suggesting similar steps in anticipation of a protest potentially disrupting their transportation system.

I do not want to get in the middle of a political or idealogical debate, but rather, like the popular TV show, I simply want to pose the question: If you knew in advance that your company was going to be targeted through the use of technology how would you respond? What if it was your management who angered the hactivist community by refusing to process payments for Wikileaks as Paypal did? Or it was your CEO who made some inflammatory statements or simply boasted that your network was impregnable inciting the black hat community.

How far would you be willing to go to ensure the safety, integrity, security and reliability of your operations? Would your industry matter? What if, for example, you ran a hospital and some anti-abortion group decided they were going to infiltrate your systems and prevent the distribution of patient medication? What if it was an airline and not a railway system under attack and the proposed attack would have an impact on passenger safety? What if your operation is an integral part of the nation's defense system or controls a nuclear power generating facility? Where would you draw the line? Does any of this make a difference in your response?

My point is this. It is easy to be critical and condemn the actions of other people. But for a moment try to imagine you are in the hot seat. Assume the stakes are high, including the potential loss of life. Under these conditions, it becomes a lot more difficult to say what the appropriate action would be.

In the words of  John Quinones, host of the show, "What would you do?"

Captain Joe

Follow me on Twitter @JPuglisiLLC

Monday, August 15, 2011

Is It Live or Is It Memorex

Having lived through the advent of the mini computer and the introduction of the PC, I was fortunate enough to witness first hand the emergence of many different computing models. Once PCs were present on the desktop, they became new endpoint devices replacing so-called dumb terminals used to access the traditional  mini and mainframe machines where all the applications and data resided.

Large PCs called servers later formed the center of  new "local area networks" of computers. These LANs gave rise to client-server computing configurations. In this model the computing was shared between the server which typically hosted the data and major applications, and the PC which allowed for some of the processing and storage to happen locally. The servers continued to evolve in speed and capacity, and eventually displaced the minicomputer. Ironically, new  technologies such as Citrix emerged to move processing back to the server leaving only the presentation layer happening at the PC, in effect, recreating the dumb terminal scenario.

The internet triggered another whole round of evolution in the world of computing. Initially the browser allowed you to access and display information on your PC that resided on host computers literally anywhere.  The client-server model expanded its geographic boundaries allowing applications to have much greater reach than ever before. Some of you probably may have used travel or banking applications you could load to your PC which allowed you to interact with your key service providers. Then, as the browsers became more sophisticated, local applications were replaced with browser add-ons or java applets that executed locally. This was basically another incarnation of client-server with the browser and all of its extensions acting as the client side.

We are now living through a third wave of evolution involving tablets and smart phones. There are thousands upon thousands of applications on the Internet, which we sometimes characterize as "in the cloud." They provide information, offer  services, process transactions and deliver entertainment to a variety of endpoint devices. Virtually all the services and applications I access on my PC at home are available to me on my HTC EVO smart phone.

Remember the old ad campaign: "Is it live or is it Memorex?"  In one vignette a singer cracks a glass with her voice. A recording is then played with the same effect. The point was you could not tell the difference between live and recorded sound.

With the advent of new browser standards (HTML5) and other capabilities being added to each of the major browsers it is going to become increasingly difficult to know (or care) where the processing is actually occurring. In today's "cloudy" environment, the server may, in fact, be a collection or cooperative of many computers banding together to deliver faster results. Similarly, how much processing is done on the endpoint device may depend on the capabilities of the particular PC, tablet or smart phone. Those devices with sufficient capacity may store and execute locally, accelerating results or providing off-line capability. Other less powerful devices might simply be required to handle only the presentation layer.

It's been fascinating to watch the pendulum swing back and forth. I doubt it will ever stop, but I suppose that is neither here nor there.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Friday, August 12, 2011

Come Join the Google Plus Party, or Not

I have been participating in Google Plus for several weeks now and find it to be quite compelling in terms of user interface, content and overall experience. I have met a number of interesting new people like Sarah Hill from KOMU TV in Missouri. I've also connected with family, friends and business associates, and even crossed paths with the likes of Michael Dell, Jason Pollock (Director) and Dave Girouard (Google). Yes, Paris Hilton is here too, but I didn't put her in any of my circles.

This new social network site took off reaching 25 million participants in record time. The "invitation only" method of accepting people used in the past with GMail and Google Voice worked once again to create an aura of exclusivity and drove demand, albeit at a controlled pace. The early rush prompted many to forecast Google Plus would reach astronomical proportions in no time and crush all other social networks. Of course, in my view  this pure hyperbole and I expressed a more reasonable and rational view in an earlier column..

Now I am reading a few articles like this one reporting on the poor take-up of  special new invitations all of us early participants were recently granted. Google posted a custom link which entitles all current subscribers  (including me) to offer up to up to 150 of our friends and neighbors an invitation to join. So, I decided to run my own test and see how many people take advantage of my stash. Here is my button:

You Can Join Google Plus by Clicking Here

Let's assume 20% of the 25 million will take the time to extend their 150 invitations to their network. Typically you would see a 2% to 3% response. Based on these assumptions the program would add about 22 million new subscribers. Do the math. Once those invitations are exercised this model suggests the number of subscribers would nearly double.

But I have a theory that suggests there are enough natural connections among the groups of people who were early adopters to make this approach ineffective. This campaign is like handing out free show tickets to the crowd of people who are already in the theater.

New growth will come, of course, when Google Plus allows business participation, promised to be here soon. But to attract more individuals Google will have to more broadly publicize the availability of new invites, or decide the time is right to simply open the floodgates and allow anyone who wants to join to sign up ... using their real name, of course.

Will any of my loyal readers click on the link above? I'll report back on the numbers  in a few weeks.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Thursday, August 11, 2011

Your Table is Ready

Forgive me if this is old news but I had a terrific first time experience at a local restaurant last Saturday night. After seeing Cowboys and Aliens, a most entertaining movie by the way, we strolled over to a nearby restaurant to have dinner. At the hostess station I requested a table for two. It is a popular place and it was a Saturday night, so no surprise when we were advised there would be a wait. When asked for my name to be added to her queue, I gave her "Joe P" my usual abbreviated moniker. It allows the staff to avoid the embarrassment of trying to spell my last name or pronounce it when they are ready to call out for me.

But this time I was also asked for my cell phone number. If you read my columns, you know I use Google Voice and so I see no risk or danger in releasing my number. Without a thought I rattled it off and the young lady punched it into the terminal at her station.

As we stepped to the side I felt that familiar and all too frequent vibration in my pocket that signals a text, e-mail or phone call coming in. Pulling out my EVO and glancing at the screen I saw a text informing me the restaurant would text me when my table was ready. It came from a service called HostConcepts which I later learned offers a suite of restaurant management applications including this neat customer notification system.

How many times have you stood a few feet away in the lineup of anxious, hungry and impatient people, one of whom is always at the desk asking how much longer will it be? How often have you sat shoulder to shoulder on that long wooden bench, hoping the next name called is yours? Have you ever walked away for five to ten minutes, then returned to wait ten or fifteen more, only to find out they already called your name and you missed it! This was so much better, giving us the freedom to wander around without that fear.

Just a few minutes later my phone was vibrating again with the brief message, "Joe P, your table is ready." It directed me to see the receptionist immediately and suggested I text back in case my plans had changed and I was no longer coming.

This is technology innovation at its best. Who doesn't carry a cell phone today? Who doesn't text? So why not leverage the availability of this nearly universal medium to enhance the customer experience, making it infinitely more convenient for customers waiting for their table. No one is bellowing out your name hoping you are still within ear shot or setting off that electronic gypsy disk that vibrates and blinks like the marquis at the old Bijou theater. Customers are free to use the time they have to wait to do anything they choose, secure in the knowledge they will not miss out.

Moreover, from the restaurants perspective you have a simple system that provides better customer service. There is no longer a need to keep a paper list with names scratched out as people are seated.  The system also provides all the metrics you could ever want like the number of turns, average wait times, cancellations and no shows. As a bonus you now have customer cell phone numbers in your database which can be used in loyalty or other marketing programs.

Today, there are restaurants using iPads for wine list applications and others expanding to the full menu. I imagine some will allow you to place your order. Ultimately you will be paying the check using the tablet or, like my Starbucks experience, another smart phone application.

Smart phones and tablets are changing the complexion of the restaurant business. Beyond the in-store, operational impact, there are a number of social networks like Yelp also changing the rules of the game. But we'll save that discussion for another time.

Waiter, check please.

Captain Joe

 Follow me on Twitter @JPuglisiLLC

Wednesday, August 10, 2011

Don't Shoot the Blackberry Messenger

Recent news reports of the riots in London and other major cities in the UK made me angry. While we may not be able to condemn nor condone the actions of the police which resulted in the unfortunate death of an individual, we can surely agree mindless rampages involving property theft and destruction are simply uncivilized and unacceptable behavior. This is not a protest or civil disobedience in response to perceived oppression, but rather a bunch of loosely organized hooligans, using this event to justify their criminal acts. These are bad people who look for any excuse to break the rules and go wild. High unemployment, low income and poor education are possible factors contributing to the behavior of the gangs. But many of these young people know what they are doing is wrong and yet they carry on, misguided by a few false prophets, peer pressure and, apparently Blackberry messenger.

This is the other part of the news reports that angered me a bit. It is hardly earth shattering news that young people are using BBM to coordinate their activities. It may have been in this particular instance some of the gang members were using BBM. My guess is they were using other social networks and conventional means to communicate as well.

The news media, and to some degree the public, always demand we identify a "bad guy"  -- some one or some thing we can blame for all this chaos and destruction. BBM, in this case, became the lightening rod for attention as soon as it was mentioned in early reports. RIM has now suffered the consequences with their blackberry blog site being hacked in retaliation, not to mention the impact on the company's reputation.

Smart mobs, or SMOBS, are a new force to be dealt with by the authorities. We can applaud them when they bring down a military dictator but we must fear what they can do in situations like the riots in London.

People have been organizing since the dawn of history. Social networks are just the latest tool in their arsenal and have been used to achieve both good and bad outcomes. For example, today Twitter is being used to  assemble people in neighborhoods in London to help clean up the mess. Other Tweets are directing people to Catch A Looter, one of several sites where you post photos of people caught in the act or help to identify them. We certainly know the good that ultimately came from the use of Facebook and Twitter in the recent overthrow of some truly oppressive governments in the middle east.

It is not BBM or any specific social network that is at fault but rather individuals and the way in which these tools are being used by them to accelerate the spread of mayhem and destruction. The police and other authorities must acquire the skills and technology necessary to detect and combat these individuals, no matter what mechanism they choose to employ.

Let's figure out how to catch the bad guys and not shoot the messenger.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Tuesday, August 9, 2011

Talk To Me Baby

Over ten years ago I was fascinated by the introduction of a new service called Wildfire. It was a totally automated telephone assistant that understood natural language speech. Your virtual assistant could screen your calls, find you and interact with you, allowing you to decide where and when you wanted to speak to the person calling you. In the demonstration Wildfire would also handle your calendar, reminding you of appointments, moving them or making new ones. You could command Wildfire to place calls for you, too.

No software or hardware was required. Today, we would call it cloud-based. Wildfire was configured, controlled and operated with voice commands. Unlike most other voice activated systems of the day, it required no training. You did not have to teach it how to understand your voice. By the way, it never raised its voice or called in sick on Monday morning.

Voice technology has steadily improved over the years. We are all too familiar with customer service organizations that use interactive voice recognition (IVR) systems. Press 1 for English. Say or speak your 14 digit account number. Your card has been activated; if you need further assistance please say "YES." Computers routinely talk to us by phone and guide us through inquiries, transactions and other activities. While reviewing this column this morning, as if on queue, I received a phone call from the local car dealer confirming my service appointment. "Hello," the pleasant automated voice said, "We are confirming your appointment for twelve o'clock ... if you are still planning on coming, please say yes."

While we haven't quite reached the level of quality of the Enterprise from Star Trek or HAL from 2001 Space Odyssey, the computer has gained the ability to understand and respond in a wide variety of situations. Voice recognition is included in the Windows operating system. Adobe Reader will, in fact, read a document to you. Google Voice will transcribe your voice mail messages and email them to you . Smart phones (iPhone, Android) will execute a spoken search request and offer other applications that readily understand verbal commands. Hands free capabilities in our cars initially allowed us to place phone calls by voice command. Now we control the entertainment system, navigate, book a restaurant and adjust the climate controls as well.

Voice activated systems are all around us. So why hasn't voice activation achieved broader acceptance? One of the last remaining hurdles is the need for a trigger. To get its attention you had to say, "Wildfire" before speaking a command. In your car you typically push a button and, after the tone, speak your command. Voice activation must advance to the point where your commands are heard in context and allow the system to realize when you are speaking to it.

This is no small feat. Imagine if your television was always listening. What should it do if it hears you say, "let's see what's on channel seven?" Does this mean tune to that channel or display the guide? How would it distinguish this from a comment directed at another person in the room. For example, "I don't like this show you are watching, let's see what is on channel seven." Before executing any command, the computer may have to engage in conversation. At a minimum it should confirm your request to eliminate ambiguity. "Did you want me to put on channel seven or show you the guide?" Software usually protects us from ourselves by confirming a file delete or asking if we really want to quit and lose our changes. This would be even more critical in situations where spoken words could have serious unintended consequences.

There is some work being done in this area but until it becomes mainstream I'm afraid we're going to have to continue to somehow get the computer's attention before asking it to do something.

Most wives will understand this since husbands typically operate the same way.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Monday, August 8, 2011

Here's Looking at You, Kid

Facebook has software that allows it to recognize people in photos. This feature introduced last December and currently being rolled out to the entire FB community, was designed to automate and ease the process of "tagging" or associating a name to the people in the photos you upload to the site. Facebook allows you to turn this feature off but it is far from obvious how to do so. You can find the instructions to opt out here.

Major corporations are developing innovative new uses for this technology. For instance, Coca Cola used facial recognition in a new marketing campaign in Israel. Kraft tested kiosks in grocery stores that recognized shoppers characteristics and made dinner recommendations.

Recently the NYPD added a new weapon to their arsenal to help find and arrest criminals. In Canada, this technology is in widespread use by the authorities, casinos and banks.

Airports around the world now employ it to spot would be criminals and terrorists.

This is one of those touchy subjects where the privacy advocates will no doubt come out of the woodwork, or wherever it is they hide, and loudly protest the loss of their beloved anonymity. Many will see this as a privacy issue. Indeed, the government of Germany recently protested on behalf of the EU alleging violations of their privacy laws.

So, have we finally arrived at 1984, or the world as depicted in Minority Report? Or do we finally have technology that can dramatically increase our ability to accurately identify and protect people?

Security specialists will tell you a two factor authentication process is far more secure than a simple ID and password. Three factor, better still. Multiple factor authentication systems involve the use of more than one element proving that you are who you say you are. Today in addition to your account identity, bank or credit card or other form of identification you are typically required to enter a password, security code or a PIN to authenticate yourself. Sometimes a physical token is involved.

Now, imagine if your computer, ATM machines, cash registers or the front door to your house could recognize you. What if your TV was smart enough to engage parental controls when there was no adult in the room? What if your car would only function if you or other designated drivers were behind the wheel? What if your smart phone only unlocked when you looked at it?

This technology can and will be put to good use in so many places. Like all technological advances, it will surely be abused and misused by some. I guess we'll just have to keep a close eye on it.

What are your thoughts? How does it all look to you?

Captain Joe

Follow me on Twitter @JPuglisiLLC

Friday, August 5, 2011

The Day the Earth Stood Still

The news about intense solar flares scheduled to hit the earth today and the potential disruption of electronics reminded me of one of my favorite movies. The original 1951 version of  The Day the Earth Stood Still begins with a flying saucer landing in Washington DC. Klaatu, a representative of the intergalactic peacekeeping force, delivers a warning to the people of earth to cease all conflict and avoid the inevitable destruction of the planet which is apparently going to bring down property values all over the galaxy. Klaatu tries at first to assemble world leaders but meets with little success. He then seeks audience with a well known leader of the scientific community in the hopes of convincing them to somehow change the course of history. To convince the people of earth they are up against a superior force, Klaatu had scheduled what he characterized as a small demonstration of their abilities. At precisely noon, electricity around the globe simple stops working. Cars won't start, trains won't run, elevators stop and lights go out everywhere. The human race is stunned, and, presumably convinced to pay attention. Contrary to the old axiom, don't shoot the messenger, Klaatu is cornered and shot dead. But his body is recovered by Gort, one of a race of giant robots built to keep the peace. He is restored to life long enough to bid farewell and sail of into the stratosphere, leaving the people of earth to settle their differences or else.

What would happen if electricity did suddenly stop working? Maybe we don't have to worry about flying saucers and alien controlling us. Solar flares have occurred before with limited impact.

But we do have to worry about the very real threat of cyber-terrorism and the possibility that one day it will result in more than just the theft of information.  Last year Stuxnet appeared on the scene and is the first known example of a cyber attack resulting in real world damage.  This highly advanced malware (software created for hidden and often devious or even dangerous purposes) sought out and took control over uranium enriching centrifuges in Iran, ultimately causing them to irreparably damage themselves. You can watch this video to see what it looks like when a generator is driven to self destruction by software control.

How long before critical infrastructure such as the telecommunications network or power grid are targeted and successfully compromised? Every day we see another news story about a major security breach. No person, company, government or country is immune. Even our  most secure government agencies have been successfully compromised. This report by Kathleen Hickey lists the targets of one so-called hacktivist group called LulzSec. They include Sony, Nintendo, PBS, the U.S. Senate, the CIA and several foreign governments.

Are we adequately prepared to defend against, deal with or recover from such an attack? The power grid struggles today to keep up with ever increasing demand. Communications capacity is already stretched by internet traffic, streaming video and the support of mobile users. Without power or communications commerce, indeed the nation, will come to a grinding halt. Our daily lives will be dramatically altered. Depending on the nature and extent of the damage, it could take months or years to repair.

Maybe an intergalactic intervention is what we need. Klaatu, are you out there?

Captain Joe

Follow me on Twitter @JPuglisiLLC

Thursday, August 4, 2011

Excuse Me Sir, Can I Get Your Opinion?

One of the truly neat features of Google Plus is Hangouts. These are video chat sessions that can be started at any time with invitations extended to your "circle" of friends or open to anyone on Google Plus. With one click of your mouse you can fire up a Hangout session and the others can join in. Of course your computer must be sound and video enabled although there is a chat window where you can participate by typing.

There are many possible uses of this tool including business meetings, focus groups, tutoring, client meetings, job interviews or just chatting with friends. One individual is using it to deliver guitar lessons and Dell is considering using it for customer support.

Sarah Hill of KOMU-TV came up with a truly novel and quite innovative use for Google Hangouts; she conducts  "man on the street interviews" with people from around the globe. No mobile studio equipment in vans, satellite up-links or remote reporters needed. Anyone can sit in the comfort and safety of their own home while Sarah engages you and the others in a lively round-table discussion. People in Sarah's Hangout are essentially sitting on the studio couch and their thoughts and opinions can easily be incorporated into the news of the day. A special connection was installed to allow the video to be captured or stream to the live broadcast.

I had the good fortune, thanks to Kim Beasley, a Google Plus friend in my circles, to be invited to join  Sarah's Hangout earlier this week  The discussion revolved around new legislation designed to protect students from inappropriate behavior by teachers. The law attempts to prohibit students from having a relationship with teachers in popular social networks. Joining me and Kim in this particular Hangout session were three others including Laurent JP Ravatec from Paris. We each had a turn to present our views while the entire Hangout session was recorded. Three short segments were then compiled and edited into this newscast which went out live to the television market. That's how a blogger from New York can wind up on live TV in Missouri.

Sarah will be hosting more Hangout sessions with the next one scheduled for later today. No doubt this is going to catch on and soon more television stations will be airing content captured with this technique.

In my view, this is truly breakthrough journalism. My (captains) hat is off to Sarah and the entire crew at KOMU for scooping the majors on this one. Sure hope you're paying attention Diane Sawyer.

Captain Joe

Follow me on Twitter @JPuglisiLLC

Wednesday, August 3, 2011

Internet from the Great Beyond

An article in the local newspaper (yes, I still read them) had a story about the use of quick response or QR codes on headstones in the cemetery. QR codes are those little square boxes appearing in all manner of printed media these days. They are another form of bar code that smart phones with a camera and QR reader software can decipher. The  article described a new service inscribing your headstone with a QR code that could link to a web site containing your obituary, a  special message for your friends and loved ones, or a complete archive of your life. Creative, if not a bit morbid.

Then I listened to Adam Ostrow's TED talk "after your final status update" and quickly realized this merely scratched the surface (no pun intended.) Apparently, death does not have to be the end of your social networking activity. There is an entire industry springing up to keep you, or rather your thoughts and memories alive long after you are gone.

Deceased celebrities like Michael Jackson routinely place among the top Twitter accounts followed by hundreds of thousands of people. But now there is If I to help you prepare your final message and keep your Facebook or other social network alive and kicking, even after you are not. In just a couple of simple steps you can prepare a message which will appear on your Facebook page at a predetermined time following your demise.

As if that is not enough, the truly spooky part is work being done to embed the essence of your knowledge, experience and viewpoints into artificial intelligence. With the average Facebook user contributing 90 pieces of content each month and the massive data analysis capabilities at our disposal, over time we just may be able to learn enough about a person to have Facebook continue posting with their views and personality after they are gone.

There are religions that profess and many people who believe in reincarnation. Depending on the kind of life you lead, you may return to the earth in some inanimate object, as an animal or live another human life. Now, those who worship technology can also expect one day to be reborn as a "bot" - a piece of software that acts, thinks and contributes content or comments to columns like this one.

Granny, do you have any thoughts on this?

Captain Joe

Follow me on Twitter @JPuglisiLLC

Tuesday, August 2, 2011

Feeling Insecure? It May Be the People Around You

At the end of the day, information security is all about the people. In any discussion of security in the cloud or the security of digital information in general, people are the most significant element.

One can devote a lifetime of effort erecting all kinds of technical defenses including the latest in firewalls, intrusion detection, double or triple authentication, encryption, biometrics and other systems to keep the bad guys out. But all it takes is one errant click by an employee and all of this is rendered moot.

There have been a number of high profile hacks resulting in large amounts of sensitive data being obtained and exploited by groups like Wikileaks and Anonymous for political purposes. We also read about companies like Epsilon, TJ Max and Sony where huge amounts of personal information has been obtained by outsiders. Moreover, we know we only hear about a fraction of the actual number of hacks that occur. Often a company does not want to publicly admit they have been compromised and will simply pay off the hackers to recover or have them destroy the stolen data.

There is an ever escalating war between the security professionals introducing the latest approach to securing your data and the hackers who always seem to be one step ahead, uncovering vulnerabilities in software and either exploiting them for gain or publishing the means for others to do so.

But when you peel back the covers and look at how most of these security breaches happened it almost always involved an employee who was socially engineered into giving out information or clicking on a link that pokes the proverbial hole in the dike. People are the weakest link in security.

It is surprising, then, that companies continue to invest more of their time and money in complex hardware and sophisticated software, rather than education programs for employees. There is a long list of bad habits that should be addressed such as the use of simple passwords, unencrypted data transmissions, smart phones and laptops lacking a PIN or other access protection and installation of  games or other "free" software. Employees must learn to be highly skeptical of any links in an email, on a web site or in a chat session, and never give out information over the phone without verifying the identity of the caller.

Comprehensive training and frequent reminders coupled with the appropriate level of technology can provide a much higher return on investment and result in a far more secure computing environment.

What are some of the bad employee habits you have observed?

Captain Joe

Follow me on Twitter @JPuglisiLLC

Monday, August 1, 2011

You Are What You Read

You can make some interesting observations about the people who frequent Google Plus by the length of the comment stream that follows each posting. The other day it was quite a challenge to catch up with all of the threads that had appeared literally overnight. But it was interesting to note which topics generated the most chatter.

These observations are based on a relatively small number of people in a very limited time frame, and is by no means a statistically significant sample. But I did find it interesting that most posts were followed by only a handful of comments. In fact, mine generate so few, it makes me wonder if they are actually getting published. But some of the posts by noted journalists or Google officials generate lots of chatter.

Posts that garnered the least reaction were about the business value of Google Plus, the content and the style of use. For example, one referenced an article citing how Google Plus brings more and better quality traffic to business and it hardly got any reaction. Google Plus early adopters, or Pluserati as I call them, don't seem to care a lot about making money. The other commented on how a few people were writing their entire blog entries in Google Plus instead of posting a link to blogspot, wordpress or other popular blog sites. Not much feedback on this one either. Personally I prefer posting a link since these blog sites have (at least for the moment) much richer creative tool sets. The Google Plus text editor is very limited at the moment.

Posts that offer new tools, extensions or neat tricks had on average 50 comments, though most were one sentence long. Frequently they were expressions of gratitude: Hey, thanks a lot, acknowledgement of value: This is really neat - going to use it a lot and instant feedback or impressions after putting it into action: Worked exactly as advertised - simple,fast and clean. These new Pluserati don't waste any time. 

When the politically charged topic of freedom of speech appeared, I knew the comment stream was going to be long. But I did not expect the number of lengthy and rather well written essays that appeared debating how Google could or should deal with content posted by hate groups, pornography, insurrection and other controversial topics. When the comment stream topped 100, I stopped counting. 

Much to my surprise, though, it was not the topic that won the comments contest. It was the mere mention of the impending introduction of games to Google Plus that sent the Pluserati into overdrive. Not a lot of well thought out, well constructed, cohesive and coherent arguments here. Just well over 200 short but clear expression of dismay.  

Keep an eye on your Google Plus stream and see if your impression of the Pluserati matches mine. 

Captain Joe

Follow me on Twitter @JPuglisiLLC