• Jul 4, 2009

    This is my blog

    Recently I've received some pretty mean spirited comments about what I've posted. Well, this is my blog and it serves as a means for me to express my opinions; if no one read it, it wouldn't matter to me. This is a journal for me. Maybe I should simply make it private, but there is some information in it that is useful to others and some people have really good comments.

    One commenter said that I delete comments I don't like. Well, yes I have deleted posts, but these posts contained objectionable language or were just mean. If someone has something to say that I don't agree we, I don't delete the comment if it is well written. I really don't agree with this comment, but approved it. The same commenter that said I delete comments also called me a whack and said that maybe someone should call child protective services because I'm raising my son with my liberal views. That's a pretty mean thing to say; my wife and I will raise our son to think on his own; if that makes us or him liberal, so be it.

    Another commenter called me an Apple fan boy. Well, yes, I do like Apple products, but the comment was attached to my post about a recent security alert. The security alert wasn't issued by Microsoft or Apple, so it was completely off topic. (Even though I like Apple products, read what I say about Mac OS X Server and you'll see that I don't just use everything Apple because it is Apple.)

    In any case, I'm going to keep letting people comment on most posts, but will always moderate comments so that they remain clean and don't take pot shots at me because of my posts. Go ahead and comment on my posts and if you disagree with me, that's fine, just act like an adult when writing comments.

  • Jul 1, 2009

    How not to send a security alert

    Today at around 5:30 pm, I received an email from one of our software vendors (I won't mention their name so that their other customers can apply the software patch) notifying us of a critical security vulnerability. The message looked very official from their support department. It was quite detailed about how to patch it and described the different versions that are still being used. As I'm a bit paranoid about security, I checked the email headers and then became quite concerned about the message.

    The vendor made the following mistakes in sending out this vulnerability:

    • The message was sent from a third party mailing list provider so the return address couldn't be verified.
    • There was a direct download link in the email message; since the message was sent through the third party provider, the link was actually back to the mailing list provider so that it could be tracked. I did click the link and downloaded the file, but didn't run it. It did come from the vendor.
    • There was no link to a support site to directly download the patch.
    • There was no mention of the vulnerability on the web or in their support forums.

    After a frantic message to their support folks, I was advised that it was legitimate and was able to verify that the message came from the vendor. In addition, I was told I could download the patch from the support site (I had never logged into the site before). At the same time that I sent a message to their support, I posted a message on their forums asking about this and before they deleted my message, I received a response with the same concern.

    I chatted with the person that sold us the software (a reseller for the vendor) and he indicated that I should apply the patch ASAP which I did. He agreed that this could have been better handled.

    I hope in the future, this vendor learns a lesson about how to notify its customers. I'm probably one of handful of people that didn't just click the link and apply the patch; I guess it's part of my job to be paranoid about security.

    All I can say is wow!

  • Jun 23, 2009

    Looking for organization

    I've been looking for a way to keep everything I have to do organized for years. I flip flop between systems, sometimes online, sometimes paper, sometimes just desktop based. Unfortunately I never use a system for more than a few weeks before I forget about it. I'm taking another stab at this and have started using a program called The Hit List which I got as part of the MacHeist bundle I bought. It's simple to use, lets me have multiple lists, organize my lists into folders, and syncs with iCal. The thing about syncing with iCal, in theory, is that I could sync my tasks from my Pre to our Zimbra server and then to iCal which would dump them in my Inbox in The Hit List. If I was not home, I'd enter a task and it would appear in The Hit List; that could work. However, the Pre doesn't seem to want to sync Tasks with our Zimbra server.

    Let's see if I can stick with this for awhile; it definitely won't be a shortcoming of the program if I can't stick with it as it has all the features needed for a good task management program.

    On a side note, Andy Kim, the author of The Hit List, created the Potion Store application that I used to sell ReceiptWallet for about 2 years. It had such a great, simple interface that I instantly fell in love with it. Within about 2 days of finding it, I learned enough Ruby on Rails to modify the application, integrate my registration system, and had it running for sales. Thanks, Andy, without Potion Store, I don't think ReceiptWallet would have been so successful!

  • Jun 23, 2009

    Sucked into Twitter

    I'm not much of a social networking kind of person, but signed up for Twitter in October of 2007 to get the updates that KPBS was putting out for the fires. Since then my account has been pretty idle, except for the few "tweets" I posted to get free software (some call it spamming, but for my 1 or 2 followers, no one really cared).

    I asked a friend of mine the other day how to officially report Palm bugs and he said to post on PreCentral or Twitter to @palm and I might get a response (turns out the correct way seems to be to post on the Palm forums). So now that I've posted a few "tweets", I'm kind of drawn into reading some of the quick things that a few people have to say. It kind of seems like a waste of time to use Twitter, but it's providing me with some useful information about the Pre and Google Voice (2 of the topics I follow).

    Will I start using Twitter instead of blogging? Unlikely as my blog serves as a journal for me and I'm not usually that concise that I can put my whole though in 140 characters.

    I still haven't been sucked into Facebook, but the Pre's Synergy could make it interesting. Just what I need, something to make me spend more time on the computer!