You are here: Home / Archives for Inspiration / Idea Farm

For Infosec Geeks: Geographic Routing Controls

September 7, 2011 By 2 Comments

The average PC user does not need access to the entire Internet. The more they have access to the more potential sources of security issues. Consider that many high profile crime syndicates operate out of the APNIC, what if the average user could just turn off that entire address space from his computer with a click of the mouse? Imagine being able to open up a window and just select the Regional Internet Registry zones that you have a need to access from the selections below:

Regional Internet Registry Zones

Regional Internet Registry zones - Image Credit Arin.net

In an “advance mode” you could choose to drill down farther and pick other locales within the zones. For example perhaps you need access to only Japan, Australia and India but want to limit exposure to hosts in China and other ACPNIC countries. Lazy users could just subscribe to “recommended” settings for their region based on levels of security desired.

Why bother?

There are several very good reasons why this approach can contribute to making end users more secure but more importantly make it more difficult for internet criminals and countries that harbor them. This idea actually came to me as a result of writing an article about the RSA hack that resulted in a re-issue of all of their secure-ID products. I learned that the host that the Poison Ivy malware had contacted was a known source in other attacks.

Why was RSA allowing traffic to communicate with a known malicious host?

The host in the RSA hack was located in APNIC, again a zone that the average user does not need access to and probably would not even miss. In this example the attack would have failed and if the criminal was determined they would have to find another way creating more risk for them (of detection) and having to work harder at it. Potentially becoming discouraged and finding something more lucrative to do with their time (with a little luck something legal). As to the governments that allow these sites to function within their borders, they will drive themselves into further isolation. There are few nations in the world that would not be bothered by significant volumes of users bypassing sites in their country.

Corporate and Government Applications

This technology could quite easily be adapted to corporate use, centrally managed and even include a dynamic black list of emerging dangerous addresses. Say for example that a particularly nasty virus was spreading through the internet; most malicious apps have to phone home somewhere (to get instructions, etc). Push that out to the blacklist for millions of users and you have millions of users that even if they do get infected the command and control is effectively cut off instantly.

What would happen when you try to access a site in the blocked zone?

We know malicious programs attempting to access blocked sites would fail but what about when you attempt to access something you know to be legitimate? In these cases the connection would fail if it was within the blocked zone. A screen could easily be added for a web browser “this site falls within your blocked zone” with conceivably the option to allow adding it to the safe list.

It’s not perfect, how can we make it better?

I realize this solution is not perfect but I think the idea is a solid one. It introduces some new leverage to the information security problem. Ok Infosec pros, what would you do to make this an even better solution?

Filed Under: Business, Idea Farm, Productivity, Technology Tagged With: , , , , , , ,

What can we do better?

July 18, 2011 By 2 Comments

Be your BestI watched a really cheesy movie last night called “Twelve“. It had popped up in the new movies section and clicked play instead of more information on accident and decided to roll with it. Twelve is what you might call a trash movie, lots of young actors and actresses, drug use, and violence. There was one gem in the movie (for me anyway) the main character imagines his deceased mother telling him (paraphrasing):

Be the best you can at everything you do.

I really like that message for a lot of reasons, not the least of which being that it’s easy to not live up to your potential. That message stuck with me and this morning as I walked into each room I thought to myself:

What can I do better?

and I made a commitment to do everything I do this week “better”.

Imagine the impact if we all took the time, the extra few seconds to consider “how can I do this better”. This week I’m making a commitment to be the best I can at everything I do, will you join me in this exercise?

Filed Under: Idea Farm, Inspiration Tagged With: , , , ,

Save travel and searching time with a custom Traffic Map

February 8, 2011 By 2 Comments
DC Traffic

DC Traffic photo credit: Joe Shlabotnik

While spot checking traffic on Google Maps today I went to refresh the map I’d created and it disappeared. I then realized that you need to create a link using the Google maps interface in order to be able to refresh the window correctly. It dawned on me that others are encountering a similar issue and might find a simple effective link easier to use. This video demonstrates that and will save you travel and searching time. I’ve found that often here in the Bay Area you can save a lot of time by waiting 15-20 minutes especially coming out of peak times. I also will use the custom traffic map to decide which way to go depending on where the worst traffic is at the time. Hopefully this will also save you time.

More from the idea farm… what else can you do with this?

For starters you can use your URL shortener like mine to create a really simple link that you can reference at any time from any device (where you have not already bookmarked the link) For example I turned this messy link:


http://maps.google.com/?ie=UTF8&ll=37.589207,-122.140503&spn=0.582183,1.742706&z=10&layer=t

into this simple link:


http://msol.us/b

Email it to your smart phone
By emailing this link to your smart phone such as my Motorola Droid, you will be prompted to open it using either a browser or Google Maps. By selecting Google maps you will be able to quickly and easily view the map on your phone without fumbling around. You could also create and send a link to a friend or loved one travelling to the airport, etc. I ran into a similar situation several weeks ago when my Podcast guest @dcfemella was running late in DC traffic. I was able to relay a little bit of information to her. Next time I find myself in that situation, I will mail them a link to their smart phone.

Do you have other ideas about how you could re-purpose this Traffic Map link?

Filed Under: Idea Farm, Productivity, Video Tagged With: , , , , , , ,

Monitor any Facebook Page for Posts, Comments and Content

January 28, 2011 By 20 Comments

As someone who manages and participates on a number of Facebook Pages, I have always wondered why Facebook does not give us the means to monitor user activity on pages such as posts and comments. Until recently I used a Google Reader entry that uses Feed My Inbox to deliver this content from other pages, but I’ve been stuck with manual visits for user comments and posts. Earlier this week I saw a wall post from my Friend Shonali that pointed to the Facebook Page Alert App SmackDown. The authors statement really sums up which app was worth even trying:

All I’ll say about Hyper Alerts is this: it is THE BEST THING EVER. It’s free and sends you real-time updates when people post AND comment on your posts. I’ve been managing Facebook Pages for two and a half years and I’m telling you right now, the past week since I’ve started using Hyper Alerts, have been a freakin’ cake walk. – Maggie at Mizzinformation.com

That was the kind of reference that I can appreciate, so I tried the app out. Since using it I have been anxiously awaiting the opportunity to share how much butt it kicks to anyone who does not want to constantly “spot check” pages for updated content, comments and posts. You all know who you are, you are the ones who are getting excited right now.

How to use Hyperalerts

Using Hyperalerts is extremely simple, you navigate to their site and setup an account. Once your account is created you are able to add alerts. I started by adding what was the most critical page for me to monitor, my businesses Facebook page. While creating the alert you are able to choose how frequently you will receive alerts and what type of content you will receive alerts about. The user interface is very simple, but I will of course be happy to provide a video tutorial for anyone who’d like a little extra help. For demonstration purposes I setup a second alert for my Rotary Club’s Facebook page, because unless I am posting something there I don’t want to visit it unless I know there is something to comment on (or delete if someone has spammed the wall, though this is becoming less common). My alerts are now setup, this is what the page looks like where I can edit them or add more:

hyperalerts edit screen

Now that the alerts are in place I receive notices when the criteria I have setup are met. This saves me from those periodic “spot checks” that I was doing previously. Now that it is setup there is nothing else required. Here is an example of an alert:

Hyperalerts Email Notice

Fresh from the idea farm

Since this program uses Email and you can monitor essentially any Facebook page, it could easily be used in to achieve some heavy lifting. In conjunction with an Email list you could distribute content notices to a number of users. For example, with a club you might be a part of you could with a little tinkering allow the entire club to receive notices when a particular page had been updated. Or you could even have alerts from your businesses (or a customers, competitors?) page go to a team of people who are at the ready to respond. You could also feed the notices into a system that creates tickets for a team to assign and respond. These are little hacks that might make this already powerful and useful application even more so. Do you have any other suggestions?

Update: 2/5/2011 – Hyper Alerts just got easier!

I was pleased when I logged in to Hyper Alerts today to notice a new button “Add alert from your Facebook user” this makes adding alerts so much easier. Nice to see great changes so soon!

Add alert from Facebook user

Update: 2/11/2012 – Facebook Pages now do alerts but they stink

Facebook included an alerting function with their big changes to Pages but it is not very user friendly. I still strongly recommend Hyper Alerts.

Filed Under: Idea Farm, Productivity, Social Media Strategy, Tools Tagged With: , , , , , ,

Howto create your own url shortening service (Video)

December 10, 2010 By 11 Comments

Earlier this week you might have read my post about why it might be time to create your own URL shortener. Today I am responding to several reader comments and providing a detailed video on how to do it. If you are looking to create your own URL shortening service you may want to watch both of the videos in this post, this video is simply a test drive of the URL shortening service interface. I suggest you watch this one and decide if it is worth the trouble, or if you’re already convinced just skip it and view the second video below.

If the service passed muster and has the features you need, you will want to make sure you meet some pre-requisite items:

  1. Hosting account somewhere that supports MySQL databases and PHP (almost every host does).
  2. Domain name (the shorter the better, in this case I use 0b0.us)
  3. FTP Client (I would recommend Filezilla to Windows users)
  4. Will power to carefully watch the video below and potentially adapt the procedures to your own hosting companies MySQL setup.

Now that you’ve covered the checklist and without further ado, the goods:

I would love to hear if you completed this process yourself, let me know how it worked out. If you still need help feel free to post your questions in the comments below.
YOURLS Logo

Filed Under: Idea Farm, Technology, Twitter, Video, YouTube Tagged With: , , , , ,

Why it might be time to host your own url shortener

December 6, 2010 By 31 Comments

Have you ever vested time and energy into something only to have someone else let you down and abandon, sell or give up on it? Not long ago I was a big advocate of drop.io I had used it extensively, became an affiliate, created youtube videos and much more. You might have read recently that drop.io was acquired by Facebook and will no longer be providing service effective December 15th of December 2010. This left me high and dry with a few clients, scrambling to fill the holes. Perhaps this is the same reason why many top new media advocates recommend that you control your “home base” wherever that might be. Note this candid advice from @Shonali Burke a friend of mine:

IMHO no matter how many changes Facebook makes, many of which can be great promotional tools for people as well as businesses, nothing can compare to having your own base on the web. That is the one place you “own,” which you don’t on Twitter, Facebook, Amplify, etc. As the old song goes, “they can’t take that away from me”…!

Home of bit.ly namespace declared unsafe

Shortly after that I was reading how .ly was owned by Libya and they are arbitrarily disconnecting some domains without so much as a bit of notice.  This is a problem for me because nearly all of my current shortened urls are stored on bit.ly using the main bit.ly domain. If for whatever reason or whimsical decisions Libya decides to kill bit.ly I would be in a world of hurt with hundreds of links orphaned. What happens when a domain name falls off the internet? Anything trying to access that website will probably end up on the now familiar Opendns page and not the website they had planned to access:

What you get when you access a non-existent domain

Joe’s own URL Shortener is born – msol.us

I decided to try to setup my own url shortener as a hedge against the possibility of orphaning a bunch of links. While doing research I came across a nice article on Lifehacker about how to create your own URL shortening service. Being a regular reader of the site, I knew that it was probably a quality solution so I tried it out. The shortest domain that I own is msol.us, one digit more than bit.ly not bad. Especially not bad considering 1 and 2 digit sub urls will be available (i.e. http://msol.us/ms goes to my company’s website, versus http://bit.ly/17CUAH on bit.ly saving 3 digits overall). As another example I also created a very simple shortened link for this article, it will forever be http://msol.us/1 which sure beats http://bit.ly/fwuIfe (the bit.ly equivalent).

DIY Difficulty level – Moderate

I would say creating your own url shortener site is not for the faint of heart. I would recommend it to people who are fairly tech savvy and have some under the hood understanding of mysql databases. While this article is not a how to, the one thing I would suggest to add to the Lifehacker article about YOURLS is that you should put the files in the root of the domain you want to use. I started using /urls sub directory and that added 5 digits to the shortened links. How often do you wish you had 5 more characters while posting to Twitter? I know I do quite often!

Adding my first url

I decided to make my company’s website the first url because I could use /ms and have a very tight/short url to use, here is a screenshot of the created link:

My first custom hosted url

Not unlike bit.ly I had the option to share and since I was authoring this post, I customized and tweeted it out:

My first tweeted custom shortened link

A James Brown Moment?

I am not dancing like James Brown singing “I feel good” but I am feeling quite comfortable that in addition to controlling my company website, dns and blog I also now control my own url shortener. Blame the IT control freak in me, but I would definitely recommend you consider bringing your url shortening in house. You will not have to worry about all your link assets being compromised.

A Word of Caution

It’s great to have your own url shortener but realize that you do need to backup and maintain it. There is a mysql database as well as some files that will need to be backed up periodically to protect this asset. If you fail to protect the asset you could end up orphaning all the links you created with it! The most important thing to do is to regularly backup the mysql database, here is an article that explains mysql backup methods. Another area of concern is if you do not setup the users and passwords your shortening service could be publicly accessed. Alternatively if you do not enable SSL your password could easily be compromised by a Firesheep user while accessing it at your local Starbucks.

Make this post better

I realize that this is a very important topic, what else would you also like to see on this topic? Here are some ideas I had, please vote for one or suggest your own via comments.

  1. A screencast of the full process start to finish.
  2. A tour of the YOURLS interface, capabilities.
  3. More on the “home base” concept, controlling your own/company presence online.
  4. Explain the technical challenges for SSL, Passwords and Backups more thoroughly.
  5. Something else? Leave a comment. Thank you!
Filed Under: Business, Idea Farm, Productivity, Social Media Strategy, Technology Tagged With: , ,

How to Solve the Information Overload Problem

November 17, 2010 By 2 Comments

There has been a lot of discussion about the Facebook announcement on Monday November 15th. In fact there was a lot of hype leading up to the announcement. I can’t help but think it was sort of like the run up to the Google Buzz announcement and I could imagine the people at Facebook HQ saying amongst themselves:

“Oh boy, there is an awful lot of hype out there. Are we going to be able to live up to it or will we be the Google Buzz of unified communications announcements?”

I don’t think they can live up to the hype and let me explain why. I can really summarize it to a single sentence:

“Facebook is (mostly) a closed system.”

So how does a website that controls everything become a power player in something as open and free as communications? To be the key player in this space I believe there will be several important criteria:

  1. Be a fairly open system with open standards and APIs.
  2. Provide for connections to cutting edge, legacy and strategic systems.
  3. Rich filtering and logic algorithms.

The importance of an open system

The swell of opportunity created through the open source movement has created great opportunity for an evolution of ideas and made many great things possible. Just look at the extreme contribution of some major open source projects from the last 10+ years (my top 10 list):

  1. Wikipedia
  2. Linux
  3. MySQL
  4. PHP
  5. WordPress
  6. Apache
  7. Mozilla
  8. Open Office
  9. Creative Commons
  10. Filezilla

The API issue is really a no brainer, to get a better idea of why read this article “Top 5 Reasons Why Your Startup Needs an API” while written for startups I think it is a great overview of the importance of APIs without getting too technical.

So if you’re going to make the big messaging play, you better be focused on being open and accessible already.

Being cutting edge while walking with the Dinosaurs

There are so many forms of communications that are viable and would be a part of any true unified communications system. Facebook is still a cutting edge platform in 2010 but they lack key strategic and legacy support that would be essential as the player in the next big messaging platform.  Here are a few examples of the different systems:

Cutting Edge (current/bleeding edge tech)

  1. Cloud Technologies (Google Docs, Dropbox)
  2. Social Networking Sites (Facebook, LinkedIn)
  3. Streams (Twitter, Buzz)
  4. Voice over IP (Skype, VOIP carriers)

Strategic (established tech that is likely to be around for a while)

  1. Instant/Text Messaging (AIM, SMS)
  2. Blogs
  3. Email
  4. HTTPS (Encrypted Web Protocol)

Legacy (older technology that will largely fade away in the future)

  1. Internet Relay Chat
  2. FTP
  3. HTTP (Web Protocol – yes, Legacy)*

*HTTP should be on its way out, this is a little bit of writer activism on my part. Many would argue it is a strategic technology.

If you review that list and ask yourself, who understands and communicates effectively with everything on that list (and more importantly all the other important resources not on the list)? I guess at this point the answer is no-one, and that is the “what” in unified communications.

The importance of curation, human or machine.

Information Strainer

The importance of curation, narrow the stream or face information overload.

Photo by verbeeldingskr8.

If I were to combine all the communications I receive and process into one place it would be a big ugly mess. This is where the curation of the content will become essential to a unified communications platforms success. Curation will be the “how” in unified communications. The key will be to adequately search, filter and customize the data so that only the most important information is the most readily available. Allowing different ways to respond, perhaps knowing that for example a certain user prefers and responds better to Email, while another user responds more readily to Twitter, and so on. This will provide value on a number of levels. This will be a delicate balancing act because it must be easy for the end user to achieve high adoption rates, while technically pushing the envelope under the hood.

I think in 2010 many people are feeling over-whelmed by the data that they have to process. If you can cut through that mess, you will have a very satisfied customer. This is the “why” of unified communications.

This is my opinion, what do you think?

Filed Under: Blogging, Business, Facebook, Idea Farm, Productivity, Social Media Strategy, Technology, Twitter, Wordpress Tagged With: , , , , , , , ,

Joe’s Idea Farm – Proposing a new Web 2.0 Idea

August 17, 2010 By 3 Comments

The Idea in a Nutshell

It is a simple idea, I promise. You propose changes to any website, the intermediary website will allow commentary and a preview of what the proposed changes would look like. That content can then be used by the target of the proposed changes.

An Example

For example, let’s say you visit a blog and you read an article and really like it but have ideas how it can be improved. If you provide proofing services this could be career oriented outreach. You use the browser add on for the proposing website and it brings you to an editable version of the page. You make the changes you would like to “propose” then tweet it out to Twitterverse, Share via Facebook, clip via Amplify, etc. The blog owner may notice a trackback, a google alert or some analytics data. They can organically discover the modified version of the article. They can even grab the proposed changes and insert them in the blog, preferably including some citation to the individual that modified the content. This could be enforced via some type of embed option. There could be a social network built out of the proposing website, voting on the best changes, recognition, prizes and awards.

Provide input

Now that I’ve shared the root idea, would you like to propose features to improve this idea? Or maybe you want to ship me chests full of money, armies of interns and great advisers to try it out, either way I’d love to hear your thoughts.

Filed Under: Idea Farm, Technology, Tools Tagged With: , , , ,