Monday Morning Technologist
July 4th, 2011Happy 4th of July! This may be a quick Monday Morning Technologist because...frankly...most of you are too busy BBQing to care.
Dropbox Redux
The hot story around here the last couple of days has been the Dropbox Terms of Service kerfluffle. If you want to read about it you can just click back to one of our last two posts or visit this article ("Dropbox and Google and MobileMe Oh My"). Let me sum it up for you though since I'm still getting messages from folks who don't seem to get it.
Dropbox is no worse than Google Docs (Free) or Apple's MobileMe. I'm not suggesting that any of those folks (or SkyDrive either) are up to no good or are hatching some nefarious plot to steal your data. However, their Terms of Service (all of those companies) lays out explicitly that they can (and in some cases will) access the documents you upload to them. That makes the equation pretty simple:
- I will not upload confidential data to a service that can access the contents.
- I'm fine with uploading non-sensitive data to their service.
Dropbox (and SkyDrive and others) have a pretty nifty little service. But it would be foolish - and for some professions actually unethical (in my opinion) - to upload confidential or sensitive documents to their services unless you encrypt those documents yourself, first.
Does that clear it up?
ThunderBolt is ThunderLate
For those of you keeping score at home, the promised Verizon Thunderbolt update, which was due in the "second half of June" has not yet arrived. Seeing as how the "second half of June" ended a couple of days ago, it's officially late. Oh, Verizon? Please tell me when my Thunderbolt will stop randomly rebooting?
Word Tip of the Day
I tweeted this one the other day and got such a good response I thought I'd post it again. If you open a Word 2010 document and want to quickly jump back to the last place you edited just press SHIFT+F5. It's one of my favorite features.
Was that in previous versions of Word? Well...sort of. It was actually broken in 2007. It would work within a document - i.e. if you were editing and you paged away from that to look something up you could SHIFT+F5 to go back to where you were editing. But if you CLOSED the document Word 2007 wouldn't remember where you were when you reopened the document. It was supposed to work...but it didn't. I'm not sure what version of Word the feature was introduced in. I've heard that it DOES work in Word 2003, but I haven't tested it personally.
Office 2010 Service Pack 1
Speaking of Word, last week Microsoft released Service Pack 1 for Office 2010. If you haven't got it already, you should. There are roughly 400 updates in it including 54 updates for Word. You can read more about it (including links for download) here: http://www.officeforlawyers.com/tips/Office2010SP1.htm
Bing Maps - Gas Prices
Favorite app of the day - did you know that Bing Maps has a free gas prices tool that will show you the prices at most of the stations in your area. And it will sort the cheapest price to the top? http://www.bing.com/maps and click on the Gas Prices app at the bottom left.
Have fun and be safe out there this 4th of July. I can't afford to lose any readers.
You can reach Ben M. Schorr at bens@rolandschorr.com or by phone at 808-782-6306. You can follow him on Twitter @Bschorr
Dropbox Kisses and Makes Up?
July 3rd, 2011Link: http://blog.dropbox.com/?p=846
Over the last couple of days there has been a bit of a buzz about Dropbox's updated terms of service. Thousands of you have read the post I did yesterday on the subject for example. In response Dropbox has come back with a blog post to clarify what they're terms of service actually mean (see the link above).
So...is it all better now? Can we go back to cuddling up with Dropbox and put our worries behind us? Well...no.
While they may have clarified their language and they may have tried to express their intent the bottom line remains the same...when you upload data to Dropbox the Dropbox guys can look at it. They may read it and they may "publicly display that stuff to the extent reasonably necessary for the Service." Does that mean your files are going to end up on a billboard in Times Square? No, of course not (at least I seriously doubt it) but the point is that you're still handing your data over to anonymous staffers at Dropbox ("and those [they] work with to provide the Services") where it CAN be decrypted and read.
One of their explanations for these terms is "Services like Google Docs and others do the same thing when they get these permissions (see, for example, section 11.1 of Google’s TOS)." But the thing is that Google Docs (the free version; the paid version doesn't have the same issues in their TOS) is unsuitable for confidential data for exactly the same reason! So pointing to Google and saying "They do it too" doesn't really help that much in this case.
Yes, Dropbox, you're no worse than Google Docs. And I do not recommend (free) Google Docs for confidential data either. You're in good company.
Now I don't think the Dropbox guys are evil or that they're trying to steal your content. I'm sure they're perfectly nice guys just trying to provide a useful service. And it *IS* a useful service. I wouldn't hesitate to use Dropbox for any non-confidential data/documents that I needed to sync to multiple devices. Just as I wouldn't hesitate to use the free Google Docs to coordinate a family reunion or maintain the stats for a little league baseball team.
But when it comes to confidential data, ESPECIALLY confidential data that belongs to clients or customers - data that, if leaked publicly, could do some real harm to my clients or customers...there is no way I'm going to willingly upload it to a service that acknowledges that their staffers (none of whom I've ever met) and the unspecified people and companies they work with can access (or even "monitor") that data. Not going to happen.
If we've learned anything in the wake of Wikileaks it should be that we should be more carefully reviewing who can access our confidential documents and when. Dropbox does not pass the Wikileaks Test.
P.S. One thing they did, which I applaud, is remind folks that you CAN encrypt your data before uploading it to Dropbox using tools like TrueCrypt. If you do that, then the Dropbox guys CAN'T read (or "publicly display") your data and I'm perfectly o.k. with that as a solution. If you really are passionate about continuing to use Dropbox for confidential data, then use something like TrueCrypt to encrypt your data FIRST and upload the encrypted "blob" to Dropbox. You lose a few of the Dropbox features, but I think it's a worthwhile trade-off.
More Information: "Dropbox and Google and Mobile Me, Oh My"
You can follow Ben M. Schorr on Twitter @bschorr.
Oh Dropbox, We Loved You Once...
July 2nd, 2011Link: https://www.dropbox.com/terms
There have been few services getting as much contention lately as Dropbox. First they implied that they couldn't read the contents of your files that you uploaded to Dropbox. Then they backed off that stance and rephrased it to mean that they're "not allowed" to read the contents. Well, o.k., a few of their employees are allowed to, but most of them aren't allowed to. As any parent knows there is a big difference between what you CAN do and what you're ALLOWED to do and that keeping people on the proper side of those lines is often easier said than done.
In any event a few security conscious users decided that trusting anonymous techies in the "Cloud" to not violate policy and peek at confidential data wasn't such a good idea in the age of Wikileaks and pulled their data back out of Dropbox in search of more secure solutions.
Well...now the line has shifted again, and not for the better. If you're a Dropbox user (or considering being one) you should take a gander at their new terms of service (link posted above). Pay particular attention to the section marked "Your Stuff & Your Privacy". There you will find this:
By using our Services you may give us access to your information, files, and folders (together, “your stuff”). You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.
Hmmm. O.K., so now they're flat out saying that we may "give [them] access to [our] information, files and folders." That pretty much kills Dropbox for any confidential data in my opinion. But let's read on anyhow...because it gets better. (and I mean that theatrically)
By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service.
Sound familiar? It should if you're also a Free Google Docs user - Google's TOS for their free Docs service contains very similar language. Even the botox fanatics among you should have a raised eyebrow at this point. The very words "distribute" and "publicly display" should be all you really need to hear.
Now some of you are saying "Oh, sure, the agreement says that but they won't really DO it." Fair enough. Many of you reading this are lawyers (I know my audience), would you encourage your client to sign an agreement that says the other side has the right to do something onerous with the caveat that "I know it says they're allowed to do it, but they won't really do it." This agreement gives them permission to do it. Do you take their word that they won't? Up to you.
Finally...
You acknowledge that Dropbox has no obligation to monitor any information on the Services, even though we may do so.
Again...random Cloud-folk MAY be monitoring your information.
Does this mean you should never use Dropbox? No. That's not what it means. As with any of these situations you need to consider what information you're posting there. If you want to post your collection of recipies or your daughter's volleyball schedule I don't think those are necessarily bits of data that you need to hold close to the vest (unless you're Rachel Ray perhaps).
But if you're a lawyer or a doctor or a mortgage broker or an insurance guy or some other professional charged with the personal, private, confidential data of your clients or patients then you should be walking briskly away from the idea of storing that data on Dropbox. (or any other service that grants itself the rights to monitor and/or "publicly display" the files you upload to it).
Just because it's cheap and convenient doesn't excuse you from the duty to protect your client's confidential information.
More Information: "Dropbox and Google and Mobile Me, Oh My"
You can follow Ben M. Schorr on Twitter @bschorr.
Monday Morning Technologist
June 27th, 2011On your marks...get set....TECH!
Got PST?
If you're an Outlook user and you don't have an Exchange Server (and even a few of you who do) then all of your critical data is contained a file called a ".PST" file. (most likely "outlook.pst"). Your e-mail, contacts, calendar, tasks...all of it is in that PST file. Considering how important Outlook is to most of you it follows that the data in that PST file is pretty important. Which is why it's surprising how few of you actually back it up.
I do a LOT of Outlook support. Heck, I've written books on Outlook. And it never ceases to amaze me when I ask somebody to recover their PST file from backup and they just give me a blank stare, like I've asked them to get a hippo out of their backpack.
Folks - if you have an Exchange server then you should be using your Exchange mailbox as your primary data store 99.99% of the time. I say "99.99%" because I could probably envision some extremely rare scenario where a PST file would be the best way to store the data. Well, maybe I could.
If you don't have an Exchange server then you're going to be using a .PST file (or in a few cases an .OST file but it's close enough to the same thing for this discussion). To find out what you're using as your primary data store go into Outlook, right-click the root of your folder list. It probably says "Personal Folders" or "Mailbox - Joe Smith" or something like that. Choose "Properties" or "Data File Properties" (whichever your version of Outlook exposes) and then click the "Advanced" button.
If you get a screen that lists your Microsoft Exchange Server and mailbox then you're using Exchange. It should be on redundant hard drives and your mail server administrator should be backing that up every day so you're fine. Nothing there for you to worry about.
If you see a screen that lists a filename and a "Format" like "Outlook Data File" then you're using a PST or OST. The file specified in "Filename" is the file that contains all of your data. Back that up.
How? Simplest way is to close Outlook and make a COPY (don't move) of that file somewhere else that isn't the same drive where it lives now. It's probably on your "C:" drive now. Make a copy of it on a flash drive or an external hard drive. Burn a copy to a CD. Upload a copy to a network location or a secure server on the Internet somewhere. Just make sure you have a copy.
The BETTER solution is to use a proper backup. Microsoft Windows has backup software built in or you can buy a third-party solution if you like. Use that software to schedule a regular (nightly?) backup of your data (including your PST) to an external hard drive or outside location.
Whatever solution you choose, make sure you have a backup of your Outlook data. Someday you WILL need that backup, I guarantee it.
More information on how to do backups right...
Bad Boys, Good Boys, Watcha Gonna Do...
One of the problems with a multi-tenant system - that's a system where multiple companies ("tenants") share a common server/platform - is that what happens to one often happens to all. I've long listed that as one of my concerns with most "Cloud" solutions because you're sharing a physical platform with companies and individuals that you're not only unrelated to, but in most cases you don't even know. Well last week that scenario jumped up to bite some innocent companies in the butt. The FBI moved in and seized "3 enclosures" containing one or more servers from a hosting facility in Reston, VA. What they were after was the servers run by one particular organization but what they took were servers containing the data of dozens of organizations - most of whom had nothing to do with what was being investigated.
Did those companies eventually get their data back? Apparently, yes. But in the interim there was a period of hours or days when that data was inaccessible. Was any of that data accessed (or even copied) by federal investigators? We don't know. Consider for a moment, especially if you're a law firm who defends clients in cases against the federal government, how you might feel knowing that your data was currently in the hands of federal agents. Again, most of these firms were NOT the target of the investigation, they were just innocent "bystanders" who happened to get trapped in the same net. But they were trapped nonetheless. At best they had no access to their data for hours or days. At worst...well, we might not know what the worst is just yet.
"Oh, that won't happen" they told me, rolling their eyes. Well, it did happen. And it could happen again. Keep that in mind when you're evaluating Cloud solutions.
Does it mean you should never put any data in the Cloud? No. It just means you should be careful about what data you put in the Cloud and understand that most Cloud providers are going to host your data on the same servers with other customers. Understand the term "multitenant" and make sure you're comfortable with the data you host being "intermingled" with the data of other, usually anonymous, tenants.
Fax? Really?
Whenever somebody tells me they need to fax something I look at them as if they just said they need to send a telegram. Really? Fax? How 1995 is that? In an age where scanners are nearly ubitquitous (looked at your copier lately?) and most files are generated electronically anyhow, it takes me a bit aback that anybody wants or needs a fax anymore.
Keep It Clean
Somebody recently said to me, talking about smartphone apps, "Hey, it's free". The thing is...if it's on your device, it's NOT free. It's taking up space. If it's running in the background then it's taking up memory and processor. The more apps you load your device up with, the slower it's going to run and the more likely it will be to crash. Want your smartphone to run fast and stable? Don't load it up with junk.
That's true of your PC too by the way.
You can reach Ben M. Schorr at bens@rolandschorr.com or by phone at 808-782-6306. You can follow him on Twitter @bschorr.
Monday Morning Technologist
June 20th, 2011It's a beautiful day here at our Flagstaff Office and it's time for another edition of The Monday Morning Technologist.
To Xobni or Not to Xobni?
A few years ago Xobni ("Inbox" spelled backwards) became one of the most popular add-ins for Microsoft Outlook. I've seen consultants who preach that every Outlook user should just install Xobni automatically when they install Outlook. With Outlook 2003 that wasn't bad advice - Xobni excels at searching Outlook messages and producing a lot of interesting data about your e-mail and the people that you e-mail.
With Outlook 2007, however, Microsoft introduced their Instant Search technology and with Outlook 2010 the Outlook Social Connector debuted (and you can retrofit the OSC onto Outlook 2003 or 2007 for free). For most Xobni users the instant search and Social Connector functionality does just about everything they were using Xobni for anyhow so there really isn't any point to installing Xobni.
If you're one of those users who uses the more advanced functionality of Xobni then you probably should install it, yes. In my experience it's a pretty small subset of users who actually make use of all of the functionality that Xobni brings however.
Why NOT just install it automatically? Because Xobni works by indexing all of your e-mail items and that takes system resources. If you want your machine to be fast and reliable you should minimize the number of applications and add-ins that are running in the background and apps that index all of your items on a nearly constant basis can be a pretty significant performance drag.
FireFox Add-ins
As long as I'm talking about add-ins...when people complain to me about FireFox stability or performance problems they almost always have WAY too many FireFox add-ins running. Good rule for ANY app or technology platform: keep the add-ins down to the necessary mimimum. Don't have a bunch of junk you don't need clogging up your system. Things will run faster and more reliably, I promise.
TASK: When's the last time you went through your Add/Remove Programs applet in Control Panel (or similar on your smartphone or Mac or tablet) and uninstalled applications that you no longer use? All those toolbars you installed in your browser way back when? If you don't use them, uninstall them...they're dragging you down. Do it today.
Blocking the Bimbots
Build a platform where people go and the spammers will surely follow. One of the big trends currently on Twitter (and Facebook, to a lesser extent) is the proliferation of Bimbots. What's a Bimbot? It's a bogus account, monitored by a "Bot" (an automated script or process) which looks for people using certain keywords in their posts ("iPad" is a big one right now) and then sends them a message offering a link where they can "Win a free iPad2!" or other such. The links are almost always bogus; phishing attempts or scam marketing things. In an effort to encourage users to accept/follow them the accounts almost always feature an avatar of an attractive young woman, usually scantily dressed. The idea being that men (their primary target, let's be honest) are more likely to click on a link offered up by a pretty young thing than by some random avatar.
The bimbots are pretty easy to spot and as soon as I get a message from one I instantly "Block and Report as Spam". I know it's a losing battle, but if everybody did the same we might at least slow the bimbots down.
Kindle
I'm really impressed with the work that the Kindle team at Amazon has done. There are free apps that let you read your Kindle books on just about any device you can imagine - from Android to PC. Not only that but if you have multiple devices (I read my Kindle books on my actual Kindle device, on my HTC ThunderBolt smartphone, on my Netbook and on my PC) Amazon can keep them all in sync so you don't have to try to find the page you left off on. I can read 20 pages on my Kindle in the morning and later that day when I'm in line somewhere and fire up the Kindle app on my smartphone it will automatically know how far I read that morning and offer to jump me straight to where I left off. Awesome.
That's smart of Amazon because I'm sure they make a lot more money selling Kindle books and magazines than they do selling Kindle devices. To find and download a free Kindle reading app, just click here.
Outlook Phishing Scam
Outlook users beware. There's a new phishing scam that works by sending you an e-mail, with an attachment, that tells you that you need to open the attachment and provide the requested information (e-mail server, username, password) in order to "reconfigure your Outlook information again". It's bogus, of course, and all you'll do if you comply is send your user information to a scammer who can use it to access your e-mail account.
BONUS: If you use the same e-mail address/password to access other accounts they can use it to get into your other things too - like Facebook or your Internet banking. Also if they have access to your e-mail account they may be able to use the password recall/reset feature of certain websites to find or reset your passwords and gain access.
NEVER give your password to anybody. Especially not an anonymous person who sends you an e-mail link.
Spring Cleaning
Speaking of Outlook...spring is in the air. Good time to get your e-mail Inbox under control. Here are a few tips for whittling it down to a managable size.
See ya next week - happy computing!
You can reach Ben M. Schorr at bens@rolandschorr.com or by phone at 808-782-6306 or via twitter @bschorr.
XML Feeds