Content Management, Security, Virtualization

Why I changed my mind about the cloud

Leave a comment

I was very skeptical about cloud deployments for quite a while. I had seen the failed promise of application service providers (ASPs) and virtual desktops in the late 1990s and early 2000s and was very cautious about committing our company’s or our clients’ most sensitive data to “computers that belong to someone else”.

What changed my mind? I think it was primarily security and management and I remember being at an AIIM meeting in NYC (at the Hotel Pennsylvania, across 7th from Penn Station and MSG) and the speaker asking people if they thought their own security people were as good as those that Amazon and Microsoft could attract. Like all good scientists, I knew to re-examine my assumptions and conclusions when faced with new data and that comment really resonated with me.

I thought about where the vulnerabilities and issues were with self-hosted systems. How their ongoing stability often relied on heroic efforts from overworked and underpaid people. How I had started my tech career at a 2000-era dotcom and had been the manager of the team desperately trying to scale for growth, manage security and also fix email and phone issues in the office. I remembered the ops manager at doubleclick (when they were based at the original skyrink building in Chelsea) telling me how they treated their commodity servers to reboot after an error, then a reimage, then straight to the dumpster if that didn’t fix it – the earliest instance I had come across of treating servers “like cattle not pets”.

Over time, my thinking changed and I now think that cloud server deployment is the best solution for almost all use cases. We’ve deployed complete cloud solutions for ministry clients in NZ on private cloud engineered systems and on government cloud virtual servers. TEAM IM moved all of our internal systems to the cloud and gave up our data center 6 or 7 years ago – now everything is Azure, AWS, or Oracle Cloud.

Is it right for everyone? No; here are some examples I’ve encountered where it is not:

  • Insurance client that does 40+ data validations against internal (AS400) systems with every process
  • National security client managing extremely secure archival data in house (although that may change in the future)
  • Oil exploration company deploying to remote sites with very limited bandwidth (although we did some backend sync nightly).

But for most of you? Can you hire better engineers and security staff than Microsoft or Amazon? Can you afford to deploy servers around the world in different data centers? Can you afford to have additional compute and storage capacity sitting in racks ready to go? Do you operate in an environment where connectivity is ubiquitous and (relatively) cheap and fast?

Rethink your assumptions and biases. Change your mind when presented with new data. Make the best decision for your organization or clients. Good luck!

Content Management, DevOps, Security

What is Microsoft doing?

Leave a comment

My opinion of Microsoft had been going up and up over the past 12-18 months.  I’d heard good things about Windows mobile and Windows 8.  The decision to make Windows 10 available to everyone (since walked back) was smart.  Sql Server 2012 seemed like a real database.  And, most surprising of all, I had installed Outlook 2016 on my Mac and preferred it to Thunderbird and made it my email client of choice.

But then I had to test Office 2013 for a client (or more precisely the interaction of Office 2013, Oracle’s DIS, and WCC 11.1.1.8).  I found a 60 day trial on Technet and downloaded it to my work laptop (the rarely-used, lead-lined, Dell PoS).  So far so good.

Actually not so fast – even though this is a 64 bit OS apparently my old version of Office 2007 was a 32 bit version – well, of course it was since Windows barely knew 64 bit existed in 2006.  In that case the 64 bit version of Office 2013 won’t install.  OK, that’s weird, since the OS is 64 bit, but OK – back to download the other version.

Install goes reasonably fine, although why you would distribute a downloadable trial version of a suite as an iso image I have no idea. Oh and Windows 7 no longer has the ability to mount disk images, so you need to wade through the sewer of infected freeware to find a solution that doesn’t require burning a goddam disk.

Then I open up Outlook 2013 and it wants me to log in to my personal microsoft account.  Not going to do that.  But it tells me now that my trial only lasts 4 days not 60 days.  Oh and it has completely destroyed my existing Office 2007 install.

No help or contact possible through Technet.  Online chat is a waste of time as the person has never heard of Technet – tells me to call.  I do and then speak to four different people over the next 90 minutes.  None of them has ever heard of Technet nor do they even attempt to try and solve the issue.  They all seem to be convinced I have tried to steal the software.  One keeps asking me to read the code off the disk that came with the software.

There’s a Twitter account on the Technet page and in the “welcome email”  @MicrosoftTrials.  Posted to that a few times but resounding silence.  No surprise since it’s no longer active.

Uninstall the Office 2013 trial and it nukes my entire Office 2007 install on the way.

Thanks Microsoft and Technet, what a great experience.  Back to the Mac for me.  You are making OpenOffice seem professional – and believe me that’s a hard thing to do.

Monopolists gonna monopolize, I suppose.

Mobile, Reviews, Social

Bluetooth woes

Leave a comment

After spending the best part of 4 hours trying to get Bluetooth to work on my Dell Win 7 laptop, I gave up and went to Best Buy and bought a MS mouse that uses some proprietary protocol.  I have shit to do and I can’t spend hours trying to track down why Bluetooth stopped working at some point in the past week following the usual 40 or so updates.

I was initially going to complain about Microsoft’s piss-poor implementation of BT, but then I remembered that while the BT mouse works fine on my mac, the BT audio to my 30-pin iPod dock has become so lossy and unreliable to be unusable.  So neither Microsoft or Apple can apparently deliver basic functionality and reliability to Bluetooth – which may explain why momentum is dying.

The only thing that “just works” is BT pairing between cars and phones and between phones and hands-free headsets, so perhaps that’s where this promising technology is going to remain.

Reviews

Aether Apparel Highline jacket review

9 Comments

I first saw this jacket and tried it at the Aether Apparel store on Crosby in SoHo.  It was last spring and because it was so late in the season they didn’t have the size and colour I wanted.  I’d been hoping there would be a summer sale where I could pick this up at a discount.  Unfortunately that didn’t happen so I paid full price in late September (and then, of course, there was a Black Friday sale, but I was already using the jacket in Newfoundland when that happened)

1 copy

Cost is definitely a barrier for the jacket as it goes for $550, but I believe it’s decent value given the quality of materials, workmanship, and design.  It’s been my go-to jacket through the late fall and early winter and because I tend to keep quality gear for a long time, I’m happy.

2 copy

The key differentiator for this jacket is that it has a much slimmer, more “urban” style than most down or primaloft jackets.  It looks more like the quilted Barbour jackets that everyone wears in Italy in the winter, but has the functionality of most technical down jackets.  The outer material is Schoeller microfiber which is a big plus for me because I’ve been very happy with other items using Schoeller fabrics in the past.

Overall it’s been warm enough for use into the 20’s F (-6º C) and I expect it will still be practical for 10-15º cooler.  Water resistance is good although it’s not a rain jacket.  My only observation / complaint is that the water repellent treatment on the lower sleeves has worn after 3 months use.

Fit is great for tall people like me.  The body is long, and I love that it’s longer at the back.  The sleeves are also a perfect length for me – I wear 35″ in dress shirts. One of my favorite touches is that the inner lining on the grey jacket is bright red.  I also really like the multiple pockets on the chest and hips.  One of the inner chest pockets also has headphone cord routing.  There are many other great small details like this.

You do pay a premium for the style compared to a similar jackets from, say, Patagonia, Marmot or Arc’teryx but this is definitely a tough, warm, dry technical garment on a par with offerings from those brands.  If style is also something to think about – i.e. you don’t want to look like you just got back from skiing or ice-climbing when you are in the city – then I would certainly recommend this.

(Images above are grabbed from the Aether Apparel web site – all rights are theirs.)

Mobile, Security

Apple “just works”?

Leave a comment

Marco started the conversation with his posting questioning whether Apple had lost the plot – an article which he now says he wishes he hadn’t posted.  I can see why he would rethink the language and tone of the piece, but he does raise an important point that the quality of software execution at Apple has been markedly poorer in the last 1-2 years.

I’ve been an Apple user since 1988 and shareholder since 2000.  I sold most of the shares I bought at $15 in late 2000 when the stock split and then hit $100 in 2007; it covered most of the downpayment on my apartment (may have been a poor choice in retrospect, but I needed a place to live).  Historically Apple didn’t release major OS updates very frequently and that frequency of release has accelerated since Lion in 2010.  It’s clear to anyone who pays attention that software quality has been problematic since then and is getting worse.

  • iTunes has major issues that haven’t been addressed for years
  • Yosemite had major functional problems in the initial release, and many serious OS X users have still not upgraded because of this (including me)
  • Apple Mail is outdated, inflexible, and barely functional
  • User security for iCloud is terrible and risks damaging Apple’s reputation altogether.

I could go on.

Five years ago I would have recommended OS X and iOS to friends and relatives because things were simpler and easier to use.  The hardware is higher quality and the integration between devices is still better than the other options, but this is mainly because the other options are so terrible. Microsoft lost the plot with Windows 8 and I almost never see it in the wild. Desktop linux is still reserved for enthusiasts and is still not an option for most users. I spend too much time in the work day wrestling with linux and solaris servers, I don’t need that for a desktop platform.

Apple is still my OS of choice but I worry that they really need to improve their software development and release process.  This probably means slowing major releases to 18 or 24 month intervals, but who would complain about that?

 

Mobile, Reviews, Social

Update and clarification on my WinMo phone posting

Leave a comment

Here

That last blog posting generated the most traffic of anything I have ever posted here.  I certainly did not intend to enter the religious wars of the middle ages.

People certainly are invested with their choice of mobile device OS.  I didn’t think of that, because I don’t feel strongly either way.  I like my iPad and iPhone, but I don’t think it would be a great hardship to switch platforms (apart from the learning curve and repurchasing costs). I certainly don’t identify myself by those choices.

Happy New Year!

Content Management, Security, Virtualization

Alfresco integration with Salesforce

1 Comment

Back to meat and potatoes – or their vegetarian equivalent in my case.

We are working with a client to deploy Alfresco One as a content and records management platform for their business.  An important requirement is that we be able to integrate with Salesforce as that’s where their contracts are currently stored as attachments and where their workflow exists.  During the scoping process we knew that Alfresco had created a Salesforce integration app that was available on AppExchange.

However, there are some limitations and “gotchas” that are good to know about  when designing a solution around this integration.

  1. The integration is only supported for my.alfresco hybrid cloud integration.  This is driven by Salesforce’s security requirements.  If you have an on-prem or hosted Alfresco installation you will need to synchronize with the cloud extranet.
  2. The integration is really designed to be initiated from the Alfresco end rather than (as in our case) putting attachments from Salesforce into Alfresco.  The developers at Alfresco have been very helpful in giving us guidance on how to work with this, but understanding this “normal flow” would have helped us earlier in the process. Learn from my mistake!
  3. All the content from Salesforce is put into a single “attachments” folder in a single site. However, if the SF record has an account record as parent record it becomes the root for that structure and then each object becomes a child of that folder.  For example: Attachments ->ClientA->OpportunityZ                                       Attachments ->ClientB->CaseY
  4. You can use Alfresco rules to move content around if it makes better sense in your existing organization because nodes are tracked no matter where the files are moved to.
  5. All the content in the SF site will have common security, so you will have to assign security to content.  Again, the integration is built from the PoV that content is initiated in Alfresco, synced to the cloud, and from there to SF. If you are reversing that flow, things become WAY more complex.
  6. The current release of the Alfresco integration app only supports a default set of metadata for Accounts, Opportunities, Contracts, and Cases – these need to be mapped to Alfresco properties. However, we hear that there may be support for custom metadata in the next release.

Overall the integration is great if you are following the use case it was designed to address.  The documentation is good, installation is easy, and the developers have been helpful and responsive to questions. But we may need to look at other ways to extract the existing content and populate our Alfresco repository.  I’m currently looking at Data Loader as a tool to extract existing objects for import into the Alfresco instance.

(Thanks to Jon Chartrand, Jared Ottley, and Greg Melahn for their help in gaining this insight – all mistakes are mine)

Mobile, Privacy, Security

Encryption – iOS8, Google, and OSX

Leave a comment

When Apple announced that iOS 8 would enable encryption of the on-device files by default, there was a lot of ill-informed outrage by various pundits and law enforcement types around the world.  After Google also announced plans to follow suit in the next release of Android, FBI director, James Comey, described this as allowing “people to place themselves above the law.” Predictably, various politicians, police, and spies complained that it would make their lives somewhat more difficult and trotted out the standard disinformation tactic that only terrorists and paedophiles would need this capability.

The trouble with the argument that only people of bad intent would need to encrypt their phones or computers is that there is clear evidence in recent history of who considers themselves to be “above the law”. Hint: it’s not consumers. Could it be the FBI illegally searching call records for years without warrants? Perhaps the NSA’s illegal surveillance of US citizens? Even the Daily Mail was driven to report that over 25% of searches by UK police were illegal. There are similar stories in Canada, Australia, and New Zealand, not to mention all the countries we were supposed to be better than because their police and government undertook this kind of surveillance.

Not content with state actors breaking the law, we find that companies are also stealing data and information from individuals.  Not Chinese state authorities, but stalwarts like Verizon who were hijacking and tracking all traffic using a “perma-cookie”, LinkedIn illegally slurping users email contacts against their express wishes, Google illegally collecting wifi network info, and AT&T illegally copying all internet traffic and passing that traffic to the NSA.

So who are the bad people in this equation? I have to add the various police and security forces of most of the countries in the world to the list of people who will break the law to steal my personal data and files.  Faced with overwhelming evidence of illegal activity going on all around me, I’m currently in the process of encrypting all my external and internal hard drives (using FileVault on OS X).  I’m very happy to see that this is default behavior in the latest Yosemite release of OS X – although I’m holding off upgrading for other reasons.  I will happily embrace two factor authentication wherever offered and encryption of all traffic and stored files as far as practical.

If the police or legal authorities of whichever country I am in at the time wish to follow the laws of that land and swear a warrant for lawful access to my machines, I will respect that process. Until then I’ll be using 256-bit encryption as widely as possible.

As an interesting aside, the RIPA (Regulation of Investigatory Powers) Act  in the UK makes it a criminal offence, punishable by up to two years in prison, to refuse to provide encryption keys to police. Many other countries have similar laws, but the USA appears to be currently upholding the 5th amendment.

Reviews

First review – Patagonia Super Alpine jacket

Leave a comment

In addition to general technology topics, I also wanted to review various items on the blog – there are no affiliate links here, these are just real reviews based on extensive experience with the various items.

I’ll start with the Patagonia Super Alpine jacket that I’ve had for a little over a year now and used extensively in the UK, Canada, and the US.  It’s Patagonia’s top-of-the-line Gore-tex hard shell and the price (retail is $599) reflects that.  I didn’t pay close to that, and I’ll tell you later in the review how that was.

super alpine

Overall this is a really well-designed jacket and it hit all the major points I look for in a technical jacket:

  • Good length – not too long, not too short.  My previous jacket was a Mountain Equipment climbing jacket that was barely hip length, designed for climbing in a harness in British downpours.  It’s a great jacket, but the short length directed water to your upper legs when not wearing waterproof pants which is very annoying.
  • Beefy fabric – my first gore-tex jacket (that I still have in a box somewhere) was a Berghaus Cordura gore-tex and was super beefy and strong.  Some time in the 1990’s they stopped producing cordura gore-tex laminates (not sure why) which is a loss as far as I am concerned.  This jacket is 3.2 oz and 3.7 oz three-layer which is what you want unless you are really obsessed with light weight (and are willing to deal with the tradeoffs).
  • Hood – must be able to zip the zip all the way up without feeling choked when the hood is down – pass. Hood must be adjustable to actually work in high winds and blowing rain/snow – pretty good, not the best I’ve used, but the best I could find in the current market.

Extra credit: has a waterproof, sealed interior pocket – big bonus.super alpine interior

Killer feature – and the one that sold me on the jacket above all the others – is the neoprene cuffs.  When it’s pouring and you have been out for hours and are working, raising your arms usually means water runs up the sleeves and soaks the cuffs of whatever you are wearing underneath.  These flexible cuffs (which I believe are adapted from offshore-sailing wear designs) prevent that and are fantastic!

super alpine sleeve

How to get it cheaper – I got my jacket from the Patagonia outlet in Reno.  Just call them up, and if you are nice they will check stock and mail it to you.  I’ve got phenomenal deals this way in the past (60-75% discount), but respect that this is not their usual way of doing business so be nice to the people who answer the phones (who have been 100% helpful and pleasant in my experience).  Downside (for some) is that I got my jacket in the old mango/lime colourway.  I actually like it, but many of my friends give me grief over it.  I will say, though, that when skiing in  a near-whiteout in Symphony Bowl at Whistler last February other skiers thanked me for being visible.

Beware of people selling stuff on eBay. I’ve noticed a lot of people buying stuff from Patagonia during the sale (or at the outlets) and then reselling on eBay at close to retail. Not cool, IMHO.