Content Management, Security, Virtualization

Alfresco integration with Salesforce

1 Comment

Back to meat and potatoes – or their vegetarian equivalent in my case.

We are working with a client to deploy Alfresco One as a content and records management platform for their business.  An important requirement is that we be able to integrate with Salesforce as that’s where their contracts are currently stored as attachments and where their workflow exists.  During the scoping process we knew that Alfresco had created a Salesforce integration app that was available on AppExchange.

However, there are some limitations and “gotchas” that are good to know about  when designing a solution around this integration.

  1. The integration is only supported for my.alfresco hybrid cloud integration.  This is driven by Salesforce’s security requirements.  If you have an on-prem or hosted Alfresco installation you will need to synchronize with the cloud extranet.
  2. The integration is really designed to be initiated from the Alfresco end rather than (as in our case) putting attachments from Salesforce into Alfresco.  The developers at Alfresco have been very helpful in giving us guidance on how to work with this, but understanding this “normal flow” would have helped us earlier in the process. Learn from my mistake!
  3. All the content from Salesforce is put into a single “attachments” folder in a single site. However, if the SF record has an account record as parent record it becomes the root for that structure and then each object becomes a child of that folder.  For example: Attachments ->ClientA->OpportunityZ                                       Attachments ->ClientB->CaseY
  4. You can use Alfresco rules to move content around if it makes better sense in your existing organization because nodes are tracked no matter where the files are moved to.
  5. All the content in the SF site will have common security, so you will have to assign security to content.  Again, the integration is built from the PoV that content is initiated in Alfresco, synced to the cloud, and from there to SF. If you are reversing that flow, things become WAY more complex.
  6. The current release of the Alfresco integration app only supports a default set of metadata for Accounts, Opportunities, Contracts, and Cases – these need to be mapped to Alfresco properties. However, we hear that there may be support for custom metadata in the next release.

Overall the integration is great if you are following the use case it was designed to address.  The documentation is good, installation is easy, and the developers have been helpful and responsive to questions. But we may need to look at other ways to extract the existing content and populate our Alfresco repository.  I’m currently looking at Data Loader as a tool to extract existing objects for import into the Alfresco instance.

(Thanks to Jon Chartrand, Jared Ottley, and Greg Melahn for their help in gaining this insight – all mistakes are mine)

Mobile, Privacy, Security

Encryption – iOS8, Google, and OSX

Leave a comment

When Apple announced that iOS 8 would enable encryption of the on-device files by default, there was a lot of ill-informed outrage by various pundits and law enforcement types around the world.  After Google also announced plans to follow suit in the next release of Android, FBI director, James Comey, described this as allowing “people to place themselves above the law.” Predictably, various politicians, police, and spies complained that it would make their lives somewhat more difficult and trotted out the standard disinformation tactic that only terrorists and paedophiles would need this capability.

The trouble with the argument that only people of bad intent would need to encrypt their phones or computers is that there is clear evidence in recent history of who considers themselves to be “above the law”. Hint: it’s not consumers. Could it be the FBI illegally searching call records for years without warrants? Perhaps the NSA’s illegal surveillance of US citizens? Even the Daily Mail was driven to report that over 25% of searches by UK police were illegal. There are similar stories in Canada, Australia, and New Zealand, not to mention all the countries we were supposed to be better than because their police and government undertook this kind of surveillance.

Not content with state actors breaking the law, we find that companies are also stealing data and information from individuals.  Not Chinese state authorities, but stalwarts like Verizon who were hijacking and tracking all traffic using a “perma-cookie”, LinkedIn illegally slurping users email contacts against their express wishes, Google illegally collecting wifi network info, and AT&T illegally copying all internet traffic and passing that traffic to the NSA.

So who are the bad people in this equation? I have to add the various police and security forces of most of the countries in the world to the list of people who will break the law to steal my personal data and files.  Faced with overwhelming evidence of illegal activity going on all around me, I’m currently in the process of encrypting all my external and internal hard drives (using FileVault on OS X).  I’m very happy to see that this is default behavior in the latest Yosemite release of OS X – although I’m holding off upgrading for other reasons.  I will happily embrace two factor authentication wherever offered and encryption of all traffic and stored files as far as practical.

If the police or legal authorities of whichever country I am in at the time wish to follow the laws of that land and swear a warrant for lawful access to my machines, I will respect that process. Until then I’ll be using 256-bit encryption as widely as possible.

As an interesting aside, the RIPA (Regulation of Investigatory Powers) Act  in the UK makes it a criminal offence, punishable by up to two years in prison, to refuse to provide encryption keys to police. Many other countries have similar laws, but the USA appears to be currently upholding the 5th amendment.

Reviews

First review – Patagonia Super Alpine jacket

Leave a comment

In addition to general technology topics, I also wanted to review various items on the blog – there are no affiliate links here, these are just real reviews based on extensive experience with the various items.

I’ll start with the Patagonia Super Alpine jacket that I’ve had for a little over a year now and used extensively in the UK, Canada, and the US.  It’s Patagonia’s top-of-the-line Gore-tex hard shell and the price (retail is $599) reflects that.  I didn’t pay close to that, and I’ll tell you later in the review how that was.

super alpine

Overall this is a really well-designed jacket and it hit all the major points I look for in a technical jacket:

  • Good length – not too long, not too short.  My previous jacket was a Mountain Equipment climbing jacket that was barely hip length, designed for climbing in a harness in British downpours.  It’s a great jacket, but the short length directed water to your upper legs when not wearing waterproof pants which is very annoying.
  • Beefy fabric – my first gore-tex jacket (that I still have in a box somewhere) was a Berghaus Cordura gore-tex and was super beefy and strong.  Some time in the 1990’s they stopped producing cordura gore-tex laminates (not sure why) which is a loss as far as I am concerned.  This jacket is 3.2 oz and 3.7 oz three-layer which is what you want unless you are really obsessed with light weight (and are willing to deal with the tradeoffs).
  • Hood – must be able to zip the zip all the way up without feeling choked when the hood is down – pass. Hood must be adjustable to actually work in high winds and blowing rain/snow – pretty good, not the best I’ve used, but the best I could find in the current market.

Extra credit: has a waterproof, sealed interior pocket – big bonus.super alpine interior

Killer feature – and the one that sold me on the jacket above all the others – is the neoprene cuffs.  When it’s pouring and you have been out for hours and are working, raising your arms usually means water runs up the sleeves and soaks the cuffs of whatever you are wearing underneath.  These flexible cuffs (which I believe are adapted from offshore-sailing wear designs) prevent that and are fantastic!

super alpine sleeve

How to get it cheaper – I got my jacket from the Patagonia outlet in Reno.  Just call them up, and if you are nice they will check stock and mail it to you.  I’ve got phenomenal deals this way in the past (60-75% discount), but respect that this is not their usual way of doing business so be nice to the people who answer the phones (who have been 100% helpful and pleasant in my experience).  Downside (for some) is that I got my jacket in the old mango/lime colourway.  I actually like it, but many of my friends give me grief over it.  I will say, though, that when skiing in  a near-whiteout in Symphony Bowl at Whistler last February other skiers thanked me for being visible.

Beware of people selling stuff on eBay. I’ve noticed a lot of people buying stuff from Patagonia during the sale (or at the outlets) and then reselling on eBay at close to retail. Not cool, IMHO.

Content Management, DevOps

Corporate Scar Tissue

Leave a comment

A couple of weeks after monktoberfest, there are a number of ideas that have stuck with me (along with the Stillwater Once in a Lifetime and the LoverBeer BeerBera).

The first is the concept of corporate scar tissue that Adrian Cockcroft brought up.  Complex rules, procedures, and processes that we all chafe against when dealing with large organizations have evolved as responses to previous injuries  in the same way that scars record past injuries on a person or animal.  So they are there for a reason, but mostly to record what not to do, and to prevent against recurrence of identical bad situations.

I found it a useful analogy, because all too often these frustrating rules and processes seem to have been designed to inhibit efficiency and progress (and even if they weren’t designed that way, that’s their net effect).  You could say the same thing about the vast majority of laws in any country, too – always drafted to prevent the recurrence of a past issue; almost never looking forward in anticipation.

I’m currently working with a client on an information governance project and using this analogy helped them to see that their rules on retention were almost entirely focussed on addressing bad things that had happened in the past.  Our job is to look forward to try and reduce the future development of more inflexible and painful hypertrophic scars or keloids; instead we should develop robust, flexible, pro-active ways to avoid future injuries (while remembering what caused the old ones).

Social

Civility online?

Leave a comment

Earlier in the week I was posting on a Lifehacker thread about cold-weather gear.  As someone who has spent a lot of time in extremely cold climates over the past 30+ years I thought I had something to contribute. And then “that guy” showed up – the one saying nobody needs all that fancy stuff and plain-talkin’ folks get by fine with flannel-lined jeans.  I responded to say we were talking about something a little more specialized than that and it began:

  • You’re a liar – you have never been where you say you have
  • You don’t know what you are talking about
  • I googled some things to prove you’re lying
  • Various insults and homophobic slurs

It left me annoyed and rattled and made me want to just step away and disengage completely.

And then I realized this is a tiny fraction of the degree of what many women online suffer every single day. I read Kathy Sierra’s heartbreaking and awful account of her history of threats and attacks. Penny Red has been bravely talking about her similar experiences over the years on her blog and twitter.  Linda Sandvik is another great source who is unafraid to call out those small (and large) putdowns that too many women get every day in tech.  When I read about the horrors that these women (and hundreds or thousands more) have to face every day, my brush with trolling and incivility faded into the minor annoyance that it was – but it gave a sliver of insight into what they face.

If I felt so shitty after one interaction with an aggressive troll, how do Kathy, Penny, Linda, and others deal with it every day?  I received no death or rape threats, stalking, or vile personal attacks (well, a little, but it’s not an insult to be called gay by a fool) – all of which are apparently common.

I don’t know how this can be stopped.  I guess those of us who are straight, white, middle-class males must stand up alongside everyone being abused online for whatever reason and make it clear that it’s not OK.  These horrible, evil trolls will presumably find something else to do, but in the meantime I’ll do what I can to support everyone’s right to participate online no matter who they are.

<Update> I don’t know how helpful the above message is. It just makes me so angry and frustrated that talented, smart, thoughtful women are being chased off from online participation and careers because of horrible small-minded shitheads.

I guess all I wanted to do is stand up and say “this is not OK”

<Update 2> Realized today that pretty much anything that Linda or Laurie say on Twitter will be contradicted by a dude trying to prove he is smarter or better than them.  There are very few (if any) guys in the world who have to deal with that – even if the response is just condescending rather than overtly offensive or threatening.

<Update 3> This is helpful and way more articulate than me.

Content Management

Dishonesty in business – a crisis of late capitalism?

Leave a comment

Cross-posted from my personal blog, because I think it’s very applicable to tech and I plan on exploring this in more depth in the future.

After my latest experience of being lied to and misled by a business (Chase credit cards this time) I reflected on the peculiar pathology that seems to be all around us.  A certain subset of businesses (usually the larger ones, but not always) have chosen not to compete for customers and revenue through developing better products and service, but instead have made the choice to grow revenue through deception and cheating.

Everyone reading this will be able to think of numerous recent examples – the landlord who dishonestly kept the security deposit, the cable or phone company who “mistakenly” charged you extra for months (it’s funny how these “mistakes are *never* in the consumers’ favor), the car or software salesperson who lied about what their product could do or disparaged the competition unfairly, the bank that chose to extract the payments before applying the deposits and then charged you multiple times, etc. etc.

I’m an honest and straightforward person. Although (because?) I have no religion, I have a very strong sense of morality and ethics and thus it’s hard for me to get into the mindset of the liars and cheats around us.  But time goes on and you become cynical and jaded – this offer is too good to be true, those claims can’t be valid – and generally you are right.

The ubiquity of this dishonesty in business suggests it’s a deliberate policy.  Lack of enforcement in most societies has educated white-collar criminals that their risk is low compared to regular criminals on whom far more resources are focused. I would consider the upper and middle management at Bank of America, Comcast, or Hertz to be as much white-collar criminals (although to a lesser extent) as the crooks who fixed the LIBOR rate or bankrupted Lehman.

It’s also odd, because in some aspects society is in a golden age of discovery and business growth.  Etsy and Kickstarter facilitate small craft and product development businesses; Tesla has successfully started the electric car revolution; Apple, Google, Microsoft, Blackberry, Citrix, and Cisco (and many others) have successfully unchained many workers from the cubicle and daily commute; Amazon and AliBaba allow people to live outside big cities and still have access to an enormous array of goods and supplies; ZipCar allows people to live in big cities and not own a car that sits unused most of the time; etc.

At the other extreme, the legacy businesses – banks, airlines, cable companies, property management companies, car companies (for example) – have by and large chosen not to innovate or create and instead to gouge their customers to improve their bottom lines.  Maybe in this current business climate there’s no viable way to keep United afloat other than fucking over their frequent and infrequent travelers through endless fees, charges, and erosion of service and benefits? Maybe the whole banking system operates on such small margins that BoA (and all of the rest) have to charge 12-23% interest on credit cards, while paying 0.03% on savings? Perhaps the only way GM and Ford dealers can compete with Tesla is by preventing Tesla from selling cars in that state?

I wish I knew what to do about this.  It’s just depressing, really, and I call it a crisis of capitalism because this certainly doesn’t feel like the operation of a rational market.  I don’t think it’s THE crisis of capitalism, and I suspect that as more and more people recognize what’s going on they will pressure their elected politicians to do something and eventually there may be a little more semblance of oversight and enforcement.  Of course that is tougher to do when politicians in the US and UK are primarily funded by the beneficiaries of this broken system – but I don’t think I can give up on both democracy and capitalism in the same week.

Security

Update on Shellshock

Leave a comment

Having poo-pooed much of the overreaction about the “shellshock” bug in bash, I will still be patching my systems.

Apple have released a patch for Mavericks here and it’s probably wise to patch now rather than waiting for it to be pushed in an App Store update.

I still don’t think it’s a big risk for most users, and it’s definitely not a reason to eschew cloud deployments in the future.

Content Management

New features in Alfresco 5.0 Enterprise

Leave a comment

Alfresco Summit was last week in San Francisco and there were quite a few interesting announcements timed to coincide with the show.  There was the news that Alfresco had raised another $45M to continue the expansion and “SaaS-ification of the content market” (seriously?).  I’m not at all interested in that apart from the fact that it means Alfresco will be around in the medium term to develop and update the suite. I’m outraged by the bastardization of the language in that quote above, but I’ll let that go for now.

There was less press hoopla about the new features in Alfresco 5, although those were covered more in various twitter feeds from the show.  Maybe official press releases are just for marketing fluff and actual technical stuff is covered elsewhere?

As far as I can tell, the new functionality listed here for Alfresco Community 5.0 is what is also in Enterprise 5.0 – but if I’m wrong I hope someone will correct me.  The main areas called out as new are:

The press release also talks about improvements in reporting and analytics, encryption, scalability, etc., but I’ll wait until we get more details to cover those.

I’ll be starting a new project next month in which we deploy Alfresco on AWS as an information governance solution, so I’ll be looking forward to digging into these capabilities in more detail and I will report on my impressions here.

Security

“Shellshock” and various other FUD

Leave a comment

I was going to write about what’s new in Alfresco Enterprise 5.0, which was launched at the Alfresco Summit in SF this week.

But then I got distracted by Bash and “shellshock“.  I linked to the Forbes article, but I could have linked to 77,500 other news articles (according to Google at 5pm today) and I guarantee that 77,000 or more of those stories will contain misinformation, confusion, FUD, and general bullshit.

I run a mac, so as soon as I read the news I knew that OSX contains bash and would therefore be vulnerable.  I’m far from a bash guru, but it’s my shell of choice and I use it on Linux and Solaris as well if I can.

Last night I checked my firewall settings and tightened them up a little by enabling “stealth mode”, deleting rights from a couple of old apps that don’t need connections, and unchecking the “automatically allow…” box

firewall copy

However, the more I read about the issue, the less I saw it being likely to affect most users.  The bug/exploit/hack requires a remote user or process to execute a script on your server/computer in order to invoke the weakness – which is executing more code than the shell should allow, usually as profile settings.  This is a decent explanation of the issue.

So the average user will be unaffected by this unless she or he has enabled advanced unix services and set up their machine to respond to requests from external servers.  Obviously web servers and other public-facing servers need to respond to such requests, so they are more at risk.  Hopefully most of those systems will be professionally managed (he says with a straight face) and patched quickly and efficiently.  The embedded systems and infrastructure (switches, routers) weaknesses are potentially more difficult to solve and patch, but that’s another topic.

What really annoyed me about the coverage of this (apart from the general cluelessness exhibited by authors writing for many publications in order to incite outrage and fear) was that people who should know better were using this as an argument *against* cloud services.  That’s absurd, since both systems are equally at risk and the chances of cloud infrastructure being professionally and competently managed is (in my experience) higher than locally managed servers.

Content Management

Fascinating – insight into Larry Ellison’s early career at Oracle

Leave a comment

I tweeted this – but for those of you who don’t follow me or are not on twitter here’s the link.

Some choice quotes:

  • “Larry always had a 10-year technical vision that he could draw on the whiteboard or spin like a yarn.  It wasn’t always perfect, but it was way more right than wrong…”
  • “I remember a brilliant young programmer whom Larry allowed to live anywhere he wanted in the US or Canada, didn’t care about hours, where he was or any of that stuff. We just got him a network connection and that was it. This was unheard of back then…”
  • “Lessons Learned
    Great entrepreneurial DNA is comprised of leadership; technological vision; frugality; and the desire to succeed.”

It’s a quick read, but fascinating.