Comodo Personal Email Security

Until this month, I have used Thawte freemail certificates for years to secure my personal email.  This month, Thawte stopped providing certificates for personal email and have basically handed over their subscribers to Verisign as consolation.  I think they offered me a free year, but then it would be $20 or so beyond that.

I started to look around for a replacement and decided to check out Comodo since I recently switched from Verisign to Comodo for one of my application servers and I’m reasonably happy with them for service.

I was pleased to find out that Comodo (http://www.instantssl.com) offers a free certificate signed by their CA.  This last part is the important part because certificates form the basis of something called ‘trust’ on the internet.

A certificate in itself is basically just the result of a calculation performed on a big random number that is then used to encode information that cannot be modified without someone knowing about it.  The calculation is performed in such a way that only the owner of the certificate can possibly come up with the result because the owner holds on to a separate ‘secret’ that allows this to happen.  This secret is really big, very random and not likely to be guessed.  So if someone signs an email, a text message, a file or even another certificate, you can be reasonably sure that it is legitimate.

All that has to happen is that people you send stuff to have to establish some kind of comfort with what your signature looks like.  Think of it like an endorsement; you get a letter from your mom that says “I got bob to sign this” and you see your mom’s signature right underneath Bob’s signature.  Since you know what your mom’s signature looks like, you now have a good reason to believe you know what Bob’s signature looks like.  Now when Bob sends you a message and signs it, you know it is from Bob, because your mom endorsed Bob through a separate channel and you know Bob’s signature.

The Comodo certificate is trusted by everyone by virtue of the fact that the people that provide your web browser already trust them; so when they sign a certificate for you, you can then sign stuff and people can trust that it was signed by you, (or at least someone who has access to your email account).

If you want your own secure email certificate, check out:

http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

Once you have your certificate, you should be good to go, but in Outlook, you can check it out by clicking on your email options.

If your Certificate is selected in outlook you can then just choose to sign email by clicking the signature button on the toolbar. (it is likely hidden at first, you will probably have to click the little arrow button for ‘add/remove buttons’ on the toolbar).

If you want to encrypt email (make it hard for other people to read), you first have to get a copy of the persons certificate that you want to send encrypted email to.  I usually just get them to send me an email that they’ve signed (yes, they have to set up their own certificate first) and then I just reply to them and click the ‘encrypt’ button on my reply. 

Cool SideWiki posts by Google

I think Microsoft tried to do this with 'discussions' that required a huge back end and nobody used it. This seems seamless and useful. Its like annotating web pages.

in reference to: Sidewiki - Toolbar Help (view on Google Sidewiki)

Google Street View

I was on my way to Halifax heading up Robie Street one day a few months back and I saw the “Google” car passing me Dartmouth bound.  So now that street view is up and running, I thought I would go back to the spot I saw them and see what they saw.

Yes, that’s my car…

View Larger Map

Billing for your time

Does anybody else hate doing timesheets?  Before I started in the IT field, my life was that of a bookkeeper.  I lasted all of 2 years before the monotony got to me and thought that I had better get into something else before someone had to talk me off of a ledge somewhere.  Keeping records was never something that held my attention for very long.

The trouble is, without some kind of record keeping, nobody will pay you to do what you do.  Somebody, somewhere is going to ask where their investment dollars are being spent, and when they do, you had better have some documentation to back up your story.

I came across this little web application recently and so far, I’m pretty impressed with it.  I had an idea that I would build something, but being busy (catching up on my timesheets for one) I decided to see if there was something available at a reasonable price.  Free is always an eye-catcher for me.

SlimTimer is a little REST application that you can sign up for a free account which allows you to create and share tasks and then use a lightweight client to use as a stopwatch while you work at your desktop.  This is perfect for a developer that does most of their billable time on a computer, not so much for a field engineer who travels around all day long.  That said, I’m already feeling more billable every minute.

Having a web browser open all day long sounds good, but in practice, being a developer, the crashing browser is part of my day.  Not really an issue though for SlimTimer if you use Bubbles which is a free little web platform that allows you to run simple we applications from your system tray in Windows.  Using bubbles allows you to open the client with a single click without running your browser…neat.

Lastly, the reporting capability is very flexible and allows you to query your tasks by date, tag, user (if you are sharing tasks) and task.  You can print timesheet reports or invoices right from the application.

As I mentioned, the basic account is free, however, you can name your price and pay for premium services such as weekly backups and exporting.

If you are a developer, the service has a documented API that will allow you to interact with the service from your own applications.

• http://slimtimer.com/
• http://groups.google.com/group/slimtimer?pli=1
• http://www.appappeal.com/app/slimtimer/
• http://www.techcrunch.com/2006/07/20/slimtimer-makes-task-timing-easy/
• http://download.cnet.com/SlimTimer/3000-2064_4-10576307.html
• http://bubbleshq.com/

Cover your …um… PIN

I was disturbed the other day on my way home from work, to listen to a radio interview on CBC that depicted one lady’s experience with debit card fraud.  The fact that somebody illegally copied this person’s debit card is one thing, but the fact that she didn’t have a clue about how the technology works is frightening.

The annual re-imbursement for debit card fraud is somewhere in the range of $100 million dollars each year, and growing.  The corporate response is to replace the traditional magnetic strip with chip technology.  Chip technology is harder to copy then magnetic strips and provides an embedded encryption technology to allow for secure communication of the card data to your bank.

I did a little Googleing on the technology and found lots of corporate propaganda about how it is ‘virtually impossible’ to copy and ‘more secure’ but was unable to find out any of the specifics on how it works.  Presumably, the chip works like your web browser and does some kind of point to point encryption to send the card data to the card reader.  Then your PIN is entered into the card reader to validate the transaction.

This lady on the radio had it in her mind that the mere presence of the chip on her new card made her transactions more secure.  This may be true to a point, but ‘virtually impossible’ to copy and ‘impossible’ to copy are not the same. 

For starters, the use of the magnetic strip isn’t going away completely.  It won’t be until 2015 that the chip will be fully implemented in Canada.  Even once that happens, if you use a card reader that takes a Magnetic strip, it can be copied at that time…not the chip mind you (yet) but the same information that technology today allows to be copied.  A transaction can still be made from this if your PIN is compromised.  Many countries have no plans to move to chip technology and have access to the interac network.

The only real protection you have is to protect your PIN.  This means that you need to make sure that nobody ever gets access to both your PIN and your card.  Since you can’t guarantee that nobody will get access to your card information, it’s up to you to protect your PIN.  Here are some suggestions:

1. Don’t use and easy to guess PIN.  Your birthday, your anniversary, kids birthdays, etc. are a mistake and can be easily guessed by bad guys.  Use something random.
2. Don’t write down your PIN…anywhere.  There are only so many things that a 4 or 5 digit number written on a discarded post-it note can be.
3. Don’t tell anyone your PIN.  Your wife, your kids, anyone.  You may be able to control how you protect your PIN, but if anyone else knows, you have no control over what they do with it…don’t fool yourself.
4. Cover the PIN-pad when you enter your PIN.  This may look a little silly at times, but be paranoid about it.  Pin hole cameras and shoulder surfing is the norm for this type of crime.
5. Change your PIN often.  Go to the bank and they will let you change your PIN.  Do this at least twice a year, then if someone gets your PIN and card info, you cut them off at the knees as soon as you change the information.
6. Get a new card periodically.  If you get a new card, the old one is no good anymore, if someone has stolen it, they get nothing.
7. Watch your statements and question every transaction that you don’t recognize.  Use common sense.

Are you Tweeting Yet?

I have to admit, when I first heard about Twitter, I immediately conjured the image of hundreds of my new ‘friends’ bombarding me with notifications about how bored they are or how much housework they managed to accomplish that day before droning onto the Internet.

For those that don’t know, Twitter is referred to as a micro-blogging utility that is part of the new social media craze that was made popular by sites like MySpace and FaceBook (to name only a couple).  The difference with Twitter is that you are limited to a very brief (140 characters or less) post but the idea is that you post more frequently and since messages are short, it favors mobile use via SMS.

Since I have been guilty (once or twice) in the past of driving my head in the sand when it comes to the evolution of the Web, I decided to take a closer look into this new micro-blog service and see what the point was.  What I found was a bit surprising.

The Timeline

Basically, the timeline shows all of your updates, and those updates which you have chosen to ‘follow’ in the order that they were posted to the twitter servers.  If you are keeping up with lots of people and have a lot to say yourself, this could be a very long list.  Not to worry though, you’ve only got 140 characters per friend to read through.

Following and Followers

I guess the main point of Twitter is to collect as many followers as possible.  I had heard about the battle between Ashton Kutcher and CNN to be the first twitter user to reach 1,000,000 followers.  I guess this was where I first got the feeling that twitter wasn’t really for me…I mean, after all, what the hell do I care what the Punk’d artist is doing right now.  CNN tweets might be interesting, but I envisioned a barrage of messages about OJ Simpson and Barack Obama news that isn’t all that relevant to me.

The long and short is, when you start to follow another Twitter user, you are then notified every time that they post something to twitter.  If you follow 100 people and they all post something every day, you will see what all 100 people are doing every day.  The flip side of this is that if they follow you, and you post something every day, 100 people will see what you are doing ‘right now’.

Sounding a Re-tweet

Unlike the ‘head for the hills’ call that you may be thinking of right now, a re-tweet is like the quintessential ‘grape-vine’ of the twitter world.  Very simply, if one of those 100 people who are following you decided that you posted something useful, they can simply re-tweet your message so that people who follow them will get your message too.  If you assume that each of your followers has 100 followers and 5 of your 100 followers re-tweet your post, then you can reach 600 people with your short 140 character message in very short order.

Usually when someone re-tweets one of your messages they will give you a ‘mention’ so that their followers can decide if they want to follow you directly or not.

Di – @Mentions

Think of a mention as an introduction of sorts.  Twitter’ers (or is it tweeters) will often include the username of someone they are somehow linked to when they are basically inviting their followers to check someone out.  If you see a tweet with @shawncrosbys in there somewhere, in most cases you will get linked to my profile where you can then choose to follow me.

Essentially when a tweeter puts a @mention in a tweet, they are basically saying, “meet my friend @shawncrosbys, perhaps you might like to follow him too”.

Saved Searches

I finally ‘got’ what twitter was all about when I started using TweetDeck as a front end for twitter.  It wasn’t the program itself that made the difference, but what it did do was allow me to arrange a number of searches on one screen and keep updating the results in near-real-time.

You see, when you’ve only got 140 characters to put out a thought, people tend to be very specific and clear with the words they use, this ‘frankish’ manner of posting makes for surprisingly relevant searches.  Try searching for your company name or your industry, there’s some tricks to searching, but since these updates are frequent, you can get the latest information on your search term by searching the public timeline and saving the search to refer back to later.

The flip side of all this is that other people use these saved searches to keep track of keywords that they want to keep up with.  Any time you tweet with a keyword they may be watching they may see your tweet (so long as you leave your profile public) even if they aren’t following you.  Chances are good that if you tweet something useful, you will pick up a new follower.  There are some special types of keywords that you can use that are basically ‘accepted’ as keywords throughout the twitter-sphere (does this ism exist yet?).

Hash Tags

These are special ‘keywords’ that may or may not show up in saved searches with other twitter users.  They are intended as a way to group tweets informally so that if people typically keep up with a particular hashtag (as opposed to specific people) then you can add these hash tags to your tweet and people will see them when they search.  If you check out wefollow or similar websites, you will see a listing of #hashtags that people say they are keeping up with.

Say for instance, I want to tweet that I will be attending the ITANS meeting in Halifax this thursday night, I may tweet something like:

I’m heading to #ITANS in #Halifax this thursday, anyone else?

The idea is that if people are following the #ITANS or #Halifax hash tags in a saved search, they will see you message even if they aren’t following you specifically.

Address Shortening

Something you will see quite often in twitter is little, basically un-readable internet addresses.  When you click on them, you get redirected to another longer URL.  Supposedly the idea is to conserve the number of characters it takes to post an internet address and there are a number of free services that allow you to do this.

An added side benefit to this is that there is some tracking put into some of these services so that you can then go back and track how many people actually clicked your link.  For instance, if you click http://bit.ly/NWMmT you will get to my blog and I can log into bit.ly and see that someone clicked this link from this blog post.

For someone like me that publishes a blog, this is a neat way of promoting my blog and then seeing how useful twitter is for getting my blog promoted.

Putting it all Together

So there you have the basics, I’m sure there is a whole mess of other Twitter-isms that I haven’t covered here, but the basics are simple.  You can use these little 140 character posts to reach lots of people very quickly.

I’m sure that many a teenie-bopper may find ways of keeping in touch with all their peeps or the latest actor/actress gossip, but there are many benefits that allow businesses and professionals to reach many people very quickly.

Beware of Registry Cleaners…

I recently helped my parents with their slow computer by running a registry cleaner I found on the internet on their computer.  As it turned out, it seemed to fix their problem and sped things up remarkably on their system.

Thinking I could make my home computer work better, I downloaded it and ran it on my system as well…bad idea.  I didn’t make it any faster and to top it off, my network connections went haywire and ended up killing my Remote Access Server that I used to connect to my home PC when I’m at the office.

Luckily I found this which fixed the problem.