NBC buys R|mail

Randy  is reporting that he has sold R|mail to NBC.  I kinda had that feeling too, but was not too sure :)-

Thats great news ..another T-Dot Startup gets bought out. Way t go  and  Con'grats Randy- All the best in your next steps :)-

BTW, long ago  I had picked R|mail as the Best innovative  product for 2006 :)-

"Best Simple Innovation :converting RSS to email. This goes to Randy and R|mail . This component Rocks, its simple and give me what I want. No WEb2.0 hype and all that shit. Simple, plain value props in the making. Learn to tweak it :)-

Vista another Zeroday Bug!!

Microsoft has confirmed new 0-day type vulnerability related to Animated Cursor handling.  When the workstation is being infected malicious executable wincf.exe will be copied to the machine. This is simliar to the bulletin MS05-002.

As Vista moves forward, there will be more bugs then features I belive.
Hat Tip:SecuBlog

Death Threats!!

I have always tracked abnormal behaviour within the Net. Early indictors can lead to some distrubing consequences. Just like " Kimveer Gill who includes a photo of a tombstone with his name printed on it - below it the phrase: "Lived fast died young. Left a mangled corpse." This was the story at Dawson College.

Today, its become a bigger issue after I read and followup on the Kathy story. Threats, trolling and worse seem to be an inate part of the blogosphere, but it should be take seriously. These are early warning of dysfunctional people.

Can someone tell me what this is ?? 

Many Special Messages from RageBoy^®
that due to certain legal considerations,
never appear on the website at all!!!

Isn't that terrific?

What is terrific ??  he started one blog, which was removed, then he started another, which was removed. I kinda feel that something  fishy happening here and Mr.RageBoy is not coming clean !!

"Ethan Kaplan of blackrimglasses has some thoughts about anonymity and cyberspace and its effect on behaviour. Danah Boyd of apophenia reflects on her own experience with cyber-bullying, and Hugh McLeod of Gaping Void has some thoughts as well, as does Karoli at Odd Time Signatures, and Cynthia Brumfield at IPDemocracy." [Via : Matt].

Its good to see the good old blogsphere kick back try to bring this into the fore front. I wonder if those who posted threats and pics' can be held for liable under criminal justice procesess ?

Update : "Should people fear becoming too public both online and offline, because they might open themselves to attacks?" -  A good question in the making

 

next gen Leadership

The great leaders of the future will absolutely know technology. Not from a geeky perspective, but from a practical business approach.
...
I'm talking about developing the strategy, recruiting and developing the people to implement strategy, developing the culture and communicating all of the above. Those are the four things a CEO does.
...
The point I'm making is that what gets an executive into technology is not a love for the technology. That's the exception. It's understanding what technology can do to achieve personal or business goals. Any CEO who is goodwill grasp what technology can do to enable their business strategy, achieve their productivity goals, their cost savings, enable their movement into new markets. They'll absolutely use it.

Via : An interview of Cisco's John Chambers by USA Today:

Wierd Update Notification !!

What's this notice doing at the top left hand corner of my of my screen eh ?? Kinda one of one errors that happen in the Windows world !! :)-

Class A Sale-nitemare !!

OK I logged into my Long standing (overdue) account to check my status and try to make a sales of my holdings of UPS.  They partner with melloninvestor.com . Now comes the headaches;

1)Site does not support FireFox only IE6 and above to be used.
2) Multiple errors while resetting my defaults like phone, email etc.
3) Their Form does not accept the Canadian Banking details (Aka routing details).
4) Customer Service Phone Call goes in one endless loop, cant reach a person !
5) Information indicates that I have shares in » E-mail UPS ; » E-mail MetLife ; » E-mail Microsoft , what the heck is Metlife ?? yeah and  who wants MSFT shares --  and NO I don't have MSFT under this folio, so why clutter my folio with this junk info ?

So this is becoming a nightmare for me to get rid of of my shares of UPS.  Usability of the site is crazy, not user friendly at all. Information needs to be repeated on the web forms practically every second page. I really wonder how companies manage to get away with this type of service to generic public.   

Is anyone else having the same experinces in canada with melloninvestors ? Care to share your story in the comments ?

"massive intentional copyright infringement." ?

"massive intentional copyright infringement." ??

"Viacom Inc. said on Tuesday that it was suing Google Inc. and its Internet video-sharing site YouTube for more than $1 billion over unauthorized use of its programming online.

The lawsuit, the biggest challenge to date to Google's ambitions to make YouTube into a major vehicle for advertising and entertainment, accuses the Web search leader and its unit of "massive intentional copyright infringement."

WTF does that mean ??  Its basically a deal gone sour and Viacom is now playing sour grapes and wants to sucker it to Google !! Forrester reported some time ago that recent negotiations with YouTube to arrive on a “fair” way to receive compensation for its intellectual property did not progress and the demand was the only way to prevent further losses.

DemoCamp Value (?)

David Crow our good old T-Dot trouble maker has once again raised a very valid question. What is the value to the Audience in a DemoCamp.

"I’m sick of product pitches. [..] I am interested in their design process, technology lessons learned, new techniques and tools that improved development, etc."

I kinda agreed with Dave Statement and continued to  following the conversations happening on his post. Here's a couple of comments that worth considering;

Rob Hyndman : Is there value in showcasing to people who aren’t?  Media, VCs, potential strategic partners, and the like?

John Kopanas  : I MCed DemoCampMontreal and felt the local did not really create, for me, the right ambience.

Ryan : Another option would be to reserve a spot for a theoretical presentation by a prof or other luminary that would address larger issues that are (or should be) relevant to this community.

Derek : To keep the quality of the demos high and on interesting topics, you could let the community vote and pick the demos they want to see from a list of proposed presentations.

Mark Kuznicki : The authentic sense of wow comes from a show of acrobatic ingenuity, the dramatic stories of challenges overcome.

Thomas Purves : I still prefer the idea to let the community vote on presentations digg style in advance of the event.

Kieran Huggins : reformat it to more of a BarCamp format where we have several (or all) demos going concurrent and for longer periods of time.

I have been to a couple of these camps. At times participated in sleuth mode, just stand at the back and listen. Other times, hang around and chit chat over beers. I have seen some incredible stuff happening and great interaction with the tech community at these events. However, after  nearly 1 year of  democamp's, there is a tone of discord begining to araise.

I normally   do my own diggin in terms of what demo's are slotted. If there none that really interest me, I just don't go to the event. I really think that demo's should be left to the side and not included.
Rather just "A talk"  on technology by somebody - a good solid 30 minutes spill. If ppt needs to be used so be it. Another thing that I would like to see, is an open floor for questions from the audience to the audience. At times, its easier to get the ears of 100-150 peeps with simple open questions.  Create a discussion, at the event. There is no such thing as a silly question. Just give a 45 min slot and pass the mike around.. people raise their hand to ask the question. Let the audience respond. If the discussion becomes to heated. A Mod cuts in and a gong gets hit !! yeah, we dont need a Jerry Springer show happening correct ?? Or Just have the audience throw in their questions into a hat and then they get pulled out read out to the particpants. This may ensure anon mode of raising issues/ questioning too !! 

Q: Why don't more people contribute?

A: They either (a) want to withhold value that they may cash in later or, (b) they are not sure if they will get credit for their contribution. One of the most important things you can do if you manage community-based ecosystems is to highlight and thank those who particpate and give credit where credit is due.

Right now the audience believe , they are present to see a demo and hear another person's spill /pitch.  Whereas, they are have to come to the event thinking-- here is what I need to share, or here is what I need to ask. The value is the audience. IF they  interact in a manner and mode which creates value,then that becomes their take away !!

 

 

Vulnerability automation and Botnet's

Gadi has an excellent review. I'll cut and paste because its good :)-

"So, what I am going to talk about... A tad bit of history on vulnerabilities and their use on the Internet, and then, what we are going to see on corporate, ISP and Internet security relating to botnets thiscoming year.

Vulnerabilities don't exist for the sake of vulnerabilities. They are used for something, they are a tool. Botnets are much the same, using vulnerabilities on the next layer.

This past year we have seen how disclosed vulnerabilities, patched vulnerabilities and 0days have been utilized by automated kits. An inter-linked system of websites which download malicious code (update the kits), try to infect millions of users from just a couple dozen main hubs, and react to the environment.If a certain vulnerability is seen to be more successful on certain OS types or if one is found to not work, the kit will be fixed accordingly and distributed. Often immediately after a patch Tuesday, likely that same Friday evening.

This way, income can be maximized with the number of infections, data stolen and thus ROI. Both from the expected response time of the vendors as well as how many victims can be reached in that window.

One such kit is Webattacker, which has recently been getting more known in public circles.

Where we are

That does it, botnets are mainstream. People did not yet understand the idea that software vulnerabilities facilitate an attack (=are not the attack) and botnets facilitate much the same, only on a different level. I will discuss that further after what interests everybody.

Solutions in the coming year!

First, many products in the industry have been implemented successfully in the past, just as solutions of necessity, not "products". Some were successful, some failed. Some (services) have been supplied to the rich and connected, some haven't. Botnets are now main-stream, which means other lesser beings and corporations want these services. They want to be protected in a hostile world. They realize the Internet is not a safe place, and plan accordingly.

Services we will see more and more of: *. Intelligence (very limited), showing IP addresses for botnet command and control (C&C) servers, which your computers may be connecting to
(i.e. compromised).

*. Intelligence (very limited), showing IP addresses that you control which show in spam (meaning compromised hosts) or show in other ways in botnet data being collected. Mostly, this is spam-oriented and the rest of the intelligence is barely noticeable as of yet.

*. Intelligence (very limited) on the millions on millions of credentials (for sites, credit cards, banks, eCommerce systems, etc.) and identities being stolen every single day by massive phishing man-in-the-middle trojan horses.

*. Intelligence (very limited) other black listing services.

In the past, a limited version of these services was provided, but very secretly, and at a very high cost.

Products:

Botnet products on the network can either detect internal problems (such as bots on the corporate or ISP network or the spreading of infections) or external problems (such as C&C servers or attacks from the world). These can be based on behavior or intelligence.

Solutions, which we discussed in the past and are now going to manifest:

Intelligence-based (until now only supplied by select groups to select
groups) -
*. Known bad IPs. Etc. Much like in spam, only for other realms.
*. Known bad URLs or domain names. Etc. Much like in spam, only for other realms.

Detection -
*. IDS approach (decent but not even close to cutting it),
*. DNS monitoring approach (very cool, but is just one approach in a layered solution).
*. Netflow approach (proven for years now, only one approach, however
useful, which is growing more limited every day).

Respond and quarantine -
*. Walled garden approach (close off/limit suspicious or confirmed
compromised computers until they clean themselves. NOt successful  in current solutions, shows promise).
*. Try to fix the situation remotely (solve the vulnerabilities, etc. ahead of time or remove after the fact).

There are several others, but these are the main ones describing the 10 or so products we are about to see (all of which are already available publicly as open source, privately developed tools or unsuccessful solutions due to lack of client awareness and interest).

QoS, virtualization and half decent intelligence gathering will come next. Other solutions I will not waste breath speaking of right now, they will appear for public consumption once the effectiveness of the solutions above (or the better ones there) is done to dust.

What's next?

Decent, real decent, intelligence, and support response tools to mitigate what you find in conjunction with a response team trained to deal with thousands of real incidents rather than mark check-lists on a couple an hour to a couple a month. That's simply not being aware of what's happening in your network. Many of the CERTs and SOCs are very trained and high quality, they are not equipped or don't see what they need to react to nor in most cases are built to deal with this threat.

What's never going to happen?

With security done right, on a wide-scale, with a decent systems design, network, policy, monitoring and responce - a lot can be done and 0days can also be avoided, even (and especially) with business concerns being put first.

Tara - Voice of the Community

Nice, Sweet - distractors is her style. I quickly jotted down some thoughts  via my handheld as she went thru her mesh conference presentation. A bit more posted now !!

Tara did an excellent job of skewing  my thoughts in a totaly laterall manner - yeah  its like getting pulled by the short hairs and dragged across the floor type of syndrome.

The two terms Tara used are "authencity" and "voice of the community -VoC" which converges my thought onto the matrix change theory, and my TIB#2 - knowledge management manifesto

Both thoughts and counters thoughts is resonating well with me on this round, especially the "voice of the community" -

If a marketing paradigm is slightly shifted --as in a pinko style thoughts, then I am seeing that the concept of "VoC" maturing. It's like a  canopy opening over the the communites of issues, practices and learning. Is this the unknown parameter, that we researched , --debated, disected  and tried to bring about thought convergence on the Xerox- Gurteen Knowledge letter of 2003 ? 

(SideBar : take time to go thru the powerpoint KM manifesto - yes its short-I promise :)-.

However, for these emergent processess to actually mature, then a "briefing of radicals" needs to take place and then only will understanding on "The difficulties many organizations have had with change management depends in large part on an inadequate recognition of interdependencies among technology, practice, and strategy. Recognizing the critical role that interdependencies play in affecting outcomes leads to new analysis and theory".  [more here ]

Geeee.... its time I cut another "This I Belive" and sharpen the saw on this concept. Thanks Tara, much appreciated, for locking down my thoughts in a nice way !!!

Looking forward to seeing you more often in Toronto .