Archive

Archive for the ‘Computers and Internet’ Category

Keybase Brings Free Security to Novice Users

02-Sep-17 11:59 pm EST Leave a comment
P

GP encryption is not new – quite the opposite.  But it’s always had one big advantage over its leading competitor: S/MIME.  S/MIME is used to encrypt email using certificate-based, 3rd-party authentication whereas PGP relies on dual, private/public key encryption.  And thanks both to S/MIME gaining commercial vendor support relatively early, coupled with being easier than the open-source-supported PGP (with relatively primitive tools that required some degree of technical competency to master); those wanting to encrypt email easily had to deal with investing in 3rd party certificates that could cost hundreds or even thousands of dollars before the feature was available.

KeybaseThanks to Edward Snowden, we’re all now pretty-well acquainted with the notion we’ve lost privacy and will likely never get it back.  But even so, that doesn’t mean the government (or God-knows-who nowadays) ought to have carte blanche to read chats, emails or become privy to what you’re downloading via bitTorrent or what cash you’re exchanging with parties online.  (At least not until tax time.)  And a tool that works on all platforms big and small, like Keybase, is now available to assist with all of the above!

To begin, it’s best to start on a Mac or Windows environment – somewhere where the configuration utility can operate.  The system does a pretty decent job of talking one through the process of setting up one’s first PGP (security) keys and getting the app installed.  However, one improvement for the future might be getting this utility (also called a “CLI” or “command-line interface”) to work within a web browser so one can perform the entire process using a hand-held device.  Once the software is installed, one finds installed an icon in their system tray (on Windows) which will present the list of users and some very heavily shaded icons (despite) which are used to access other parts of the Keybase app.  The CLI also has its own icon deployed to the Windows ‘Start’ menu and this is where you can quickly access many of the features associated with setup.  In my case, I already had PGP keys and so using the CLI was a necessary part of the setup.  Regardless, to get acquainted with the CLI and how it works with setup, I’d begin by loading up a copy of the “new user” docs in a web browser.  Then in the CLI utility, run two commands:

First, run “keybase help” to see what commands are instantly available to you as a new, unregistered user (there are a few), and

Second,, run “keybase signup”.

Finally, I’d quickly read through the “basic docs” you have open in your browser and drill down into any areas where you have questions.  Still more questions about Keybase and maybe PGP?  I strongly advise you get a Reddit account if you’ve not already got one and access the group called r/Keybase.  You’ll find this well-trafficked!

Although the Keybase app (accessed from the system tray) links to several choice apps, PGP is extremely versatile and plug-ins exist for Microsoft Outlook 2016 (and earlier) and is used with numerous other applications.

If there is a down-side to the app, there is a concern that — since a Keybase account can be used with several keys — it could be possible for someone to associate 2 keys (which typically involve two email addresses being known) together and thereby create an identity profile on a Keybase user.  This is a security concern, although an obvious workaround would be to register PGP keys to separate Keybase accounts and thereby never expose oneself.  Keybase itself claims it never advertises personal details, but if one connects to another user (say, for secure chat) and exchanges their public key; in such a case the potential would exist for that 3rd party to disclose your email at their discretion.  (This itself isn’t a security flaw, but it is something to be mindful of when exchanging data security regardless of the means used.)

Advertisements

Yelp E-Mails Rooking in Small Business!

18-Dec-16 10:47 am EST Leave a comment
O

perating as a small business owner, on a couple of occasions in the past I’ve encountered people that are something less than honest.  This is not the norm by any means — and yet one realizes early on to keep a wary eye for those few wolves who fashion themselves guardians of the hen house, so to speak….

yelp

A bit of research can be an eye-opener too, which is why I’m kind of kicking myself for not seeing these folks coming from a mile off: Yelp.com

 

 

I recently received a $300 advertising coupon, alike the sort I’ve received from advertisers like Google.com in the mail.  You enter a coupon code somewhere and get to try out the service.  I took advantage of such an offer from Yelp in late October of this year — only to start getting transactions mysteriously showing up on my credit card earlier this month, contrary to expectations.

I had taken advantage of the coupon at the time, which did not explicitly advertise there would be debits automatically starting once the $300 had been used up.  Nor was I able to readily determine at any point how much of the credit was used.

Finally, when a December bill appeared, I immediately contacted Yelp to cancel any advertising services that might have been procured.  I was concerned that it wasn’t generating any business for me and that they were keeping records of user credit card numbers (a practice with which I have issues for both reasons of personal security and privacy).

Contact with Staff was Terse and Unhelpful

The amount of the bill wasn’t too substantial – less than $100 in Canadian funds.  However, despite taking this as an opportunity to build a positive customer experience, they responded to my concerns as “threatening” them (when I mentioned I would be describing my interactions with customer service here on my blog) and trying to get out of paying the bill, stopping short of calling me a thief outright.  This attitude was evident despite my attempts to voice my concerns to two different parties by phone – the only emails I could receive from them seemed to be automated messages aimed at billing.

After encountering two highly confrontational staff I thought it incumbent to characterize my experience as objectively as I could for the benefit of others seeking a review of the Yelp service.

 Doesn’t Follow its Own Advice on Handling Complaints

Yelp’s own advice on the subject of end-user reviews is as follows¹:

Either way, when responding to reviews it is important to have good practices established to make sure your organization and your [customer]’s privacy are protected. In both scenarios, the goal should be to take the conversation offline and to a private channel.

It’s my considered opinion Yelp did not follow it’s own advice in my particular case, nor does it do so when it comes to the privacy of others; whether they are customers or simply users of its service(s):

  • retaining credit card information can be a license for the unscrupulous to simply debit amounts indefinitely regardless of customer intent; such as when a company doesn’t bother to take the spending intentions of customers into account and charges for services they don’t want; effectively taking a nickel-and-dime approach to earning profit rather than promoting & selling services on the strength of their own merit, and
  • allowing customer service staff to become confrontational with customers is both unnecessary and inexcusable.  Worse still, Yelp made virtually no effort to “take the conversation offline”, instead calling my intention to review my interactions with them a “threat” and insisting they’d continue with the charges.

It’s certainly accurate to say I can’t describe my own experience with Yelp as necessarily representative of those one would have with the company and it does appear many have had positive experiences with them.  However, I can equally accurately say that my experience was anything but positive from the perspective of a customer and there are many on Facebook and other alternate online sources who report difficulties as well.  I can also state with certainty that given my concerns, treated as they were, will result in my never considering business with them again in the future.

Epilogue

My experience also left me with the impression that Yelp is a company governed less by technology innovation and more by a very single-minded focus on earnings from its advertising business.  (Although it was not necessarily my intention at the outset to demand no-cost settlement of the bill they sent me, this became an issue when they declined to discuss my concerns in good faith.)  In the future, I’m likely to seek out Microsoft, Google or WordPress when considering online advertising.  Even should this prove to be more expensive, both companies seem to be paying a lot greater attention to their advertising clientele.

Follow-ups to this story may appear here, should any occur.

¹ See https://www.yelpblog.com/2016/12/experts-guide-patient-privacy-online-reviews near the subheading “Example 1” for source.

Police Requests for New Internet Powers Could Cost You Big

19-Nov-16 07:29 pm EST Leave a comment

datalegislation

C

anada’s CBC (a leading media and news organization in the country) promoted a story this past week concerning a very public request to the senior politicians for greater investigative powers.  This was followed by a poll that showed a degree of support for the police requests – seemingly predicated on a desire to curb child pornography among other crimes.  While civil libertarians and technology professionals raised the alarm on hearing this request, there was only limited consideration given to the cost of granting powers of this sort to police – tied largely to the cost of potentially onerous data warehousing by ISPs.  (As a footnote here, I want to cite the case of the UK which, this past week, saw Parliament enact legislation that would be largely in-line with the kinds of legislative change the RCMP would like to see enacted here in Canada.)

“Two parliamentary committees examined this issue.  Then there was the unanimous Supreme Court [of Canada] decision.  What part of ‘unconstitutional’ doesn’t [RCMP] Commissioner Paulson understand?”

Michael Harris, iPolitics.ca, November 25, 2016

Privacy and Internet Commerce

C

anadians (and people generally) can still be very reluctant to share their personal information online.  A recent website delivered by The AppRefactory — the Edgewater Tenants’ Community Website — has been off to something of a slow start with the administration fielding questions about why an end-user’s address is needed as part of the signup process.  This is done with the awareness and limited support from the property management company that acts as the landlord which has data about every tenant’s address, yet that same information is not so readily volunteered when it takes digital form.  The information in this case is used to simply verify that an end-user signup request is for a tenant as opposed to some random user from the Internet; in order to ensure that any information a tenant elects to access or share on the site is kept within the tenant community only.  As such it is a measure intended to protect tenant privacy, but there can still be reluctance about sharing it.

This is just an example of how users have adapted over the years to safeguard their privacy.  Yet now the police want measures taken by Internet Service Providers (ISPs) to circumvent privacy to such a degree that they will never again be aware of who exactly has access to their information.  (We saw in another article posted this past week how police could access computer records without appropriate authorization or authority.)  And should police officers once again demonstrate how human they can be and make a mistake, suddenly the information they’ve been entrusted with is available to parties unknown.

Such cases, once known to the public (as they will tend to be, thanks to our free press), could easily put end-users further on the defensive about their information.  And, despite poll results suggesting some support for increased police powers, there remains the likelihood the average person in Canada (which, historically, tends to be a person that trusts police authority) hasn’t thought the issue through very thoroughly and certainly not technically.  The regime Canadians will be confronted with, whatever their decision about the powers police should have online, could easily be one business is less well-able to thrive in and would find it harder to operate in without being less able to solicit end-user consent and confidence meaningfully.

And they wouldn’t know it until it really was too late.

New Powers Add Onerous Burdens on All Business (Not Just ISPs)

T

he legislation in the UK does not specifically distinguish nor give license to ISPs to operate or grant any special legal distinction to them apart from providers of Internet-facing services generally.  As such it would seem to stand as a matter of law that anyone providing Internet-facing services could be compelled to maintain logs concerning end-user activity.  From a technical perspective, the law wouldn’t be all that meaningful if it couldn’t extend, for example, to providers of Virtual Private Network (VPN) services which are frequently used to both secure corporate communications online as well as anonymize network access to  BitTorrent media sharing sites or “Deep Web” network traffic.

msazurelogoSo the law must apply to businesses using the Internet equally (or at least be seen to apply as such).  And how will the small business be impacted when they’re suddenly required to maintain a database documenting (as the RCMP want) up to two years of end-user activity?  One approach we could use would be to use Microsoft Azure’s service calculator to take a service that uses a very modest 5GB of data monthly to track data transfer activity for a service, numbering just 10,000 transactions.  Without any service connections, charging just for the storage of table-based data only, we get an added cost of $409.00 per month, including a $364.00 Standard Support feature on local redundancy only.  (Nothing could immediately be found on legislative requirements for backing up this data, but a vendor support feature seemed logical to imagine in this scenario.)  That’s a not-so-inconsiderable $4,900 per year and is getting pricey for the average small business.

Now if you run a big business, things get interesting: scaled up to 5TB of data and 1 million transactions, the costs at the same level of support (with local redundancy only) balloon out to $5,223.68 per month or a whopping $62,684.16 per year.

These costs are certainly something to consider when it comes to determining who is paying for all this extra monitoring.  One thing is clear, it won’t be coming out of the RCMP’s budget!

And although this is the costs according to one vendor, it is an industry leader in a space oft-credited with reducing the costs associated with maintaining large warehouses of data (a main selling point behind “the cloud” movement).  One shudders to think how much more onerous these costs could become if one is required by law to maintain hardware and software of their own, in a facility that is solely under their own control.

Final Analysis: Restrain Police Powers Online

W

ith passage of the UK legislation this past week, the Government of Canada may be best-advised to stay the course for now and weigh its options again at a later date if it chooses.  While I suspect both in the wake of Brexit and their now police powers law (called the “Investigatory Powers Bill”) will lead the UK (and England in particular) into a self-made socio-economic crisis, there remains the question as to what exactly the impact of their measures will have.  The opportunity here isn’t to regulate early and hopefully stop child sexual abuse — a cause I’m very sympathetic to and have even had occasion to assist police with.  Rather, it’s to gain the wisdom about whether the impacts of these measures will simply drive it further underground or make a meaningful difference (as opposed to being an issue cited simply as a political red herring to grant powers that will be used for other purposes).  To discover whether the economic impact is too burdensome.  And to learn comprehensively if there will be the promised ‘greater good’ worthy of the limits a free and democratic society — a just society — places on itself and its citizens.

Project “ARTeRMis” Site Published

15-Nov-16 12:25 am EST Leave a comment
spedgewaterico1024

Link to “Edgewater” Tenant Site Prototype

P

roperty Management Application(currently code-named Project “ARTeRMis”) moved a step closer to delivery of a much larger property management tool based on Microsoft SharePoint today with publication of one of the trial components: “Edgewater“. This component is simply an amalgamation of a number of different elements native to SharePoint, but hosted in the Office 365 environment and is setup to product test the suitability of them for inclusion in the TRM (Tenant Relationship Manager) application delivery going forward.

Artermis will ultimately be heavily dependent on Office 365, SharePoint and ASP.NET MVC when it ships; currently forecast for initial delivery sometime in 2017.

Facebook Move May Cause Greater Secrecy About Data (Ab)Use

08-Nov-16 04:04 pm EST Leave a comment
D

ata use in violation of Facebook’s licensing agreement for developers has prompted the company to intervene to halt distribution of an insurance industry app that would have used end-user data (shared by consent) to track social media behaviour and qualify some for discounts on insurance rates.  Facebook claims it has a policy to prohibit such use — but the move raises questions around privacy and whether or not Facebook acted in its own interests; possibly masking a hidden intent to mentize similar apps later itself.  Regardless, one consequence is likely: nothing stops an app developer from not disclosing the true intent behind acquiring user data nor even offering a misleading or untrue rationale for data capture.  This could simply mean England’s “Admiral Insurance” is last case of this kind we hear about.

For more information, see the attached segment from Canada’s CBC News:

Fresh New Look for The AppRefactory Inc.

03-Nov-16 09:23 am EST Leave a comment
A

fter 3+ years hosted at Weebly.com, it was time to finally take The AppRefactory Inc. company website into a modern hosting environment with features and integration potential that would allow us to demonstrate, albeit in brief, what ASP.NET MVC could offer.  Dynamic product listings with breadcrumb sub-navigation, upload sections for partner contracts and résumés; and database-driven contact forms that make it easier than ever (and convenient) to stay in touch are all just the beginning.  In the days ahead we still expect to add:

o

The AppRefactory Inc. website redeployment announcement graphic: http://apprefactory.ca

  • Links to customer features site (requiring login) via Office365, Visual Studio (online ed.) and SharePoint,
  • Highlights and links to ongoing software development currently being undertaken by the company,
  • Book time online with a consultant to review your software service needs or setup an in-depth remote service session online through HackHands.com,
  • Subscription for partner companies and contacts looking for email updates consultant availability and/or major site & service offering revisions, and
  • Links to WindowsStore.com and related sites for specific product integrations (Windows desktop, server and phone all to be included).

So stay tuned!  There’s much more yet to come….and you won’t want to miss any of it.

(Additional graphics related to the new website can be found on our Yelp.ca listing.)

Terry Glavin

CHRONICLES

Techno Manor

Geek's Corner

VM.Blog.

an IT blog.. and an occasional rant

Yammer Site Status

Is Yammer down? Offline? Broken? Undergoing scheduled maintenance? When will it be back? Find out here.

jalalaj

A journey full of wonderful experiences

Azure and beyond

My thoughts on Microsoft Azure and cloud technologies

TechCrunch

Startup and Technology News

Ottawa Citizen

Ottawa Latest News, Breaking Headlines & Sports

National Post

Canadian News, World News and Breaking Headlines

Targeted individuals's

One Government to rule them all.

Joey Li's IT Zone

Everything about IT

jenyamatya

Unravelling the magik of code...

The Bike Escape

Because Cycling is Life

The Ross Report

Now you know where you need to know more...

Lights in the Dark

A journal of space exploration

Strength Rehabilitation Institute

Bridging the gap between physiotherapy and exercise.

The Ross Report

Now you know where you need to know more...

Little Girl's Mostly Linux Blog

Nothing to see here. Move along...

David Eedle

Geek, tech, programmer, business owner. Serial starter of things. Occasional finisher. Oh, and please don't call me Dave.

%d bloggers like this: