Brilliant Thinking

I’ve been using Live Mesh recently, through the alpha (tech preview) and now into the public beta. In general I am very pleased with the way it works and the fact that it does work (see previous post “Cloud Storage: On SugarSync, DropBox & Live Mesh“).

However, there is one feature I have struggled with as it’s not entirely intuitive - and that is synchronising folders between two (or more) computers and being able to retain the same directory path to the files on all machines.

This is something that SugarSync did well - it assumed the same path on connected machines. DropBox worked beneath its own equivalent of “My Documents” and achieved the same.

However, Live Mesh requires more user intervention to achieve the same results which is a tad frustrating.

In order for Live Mesh to correctly synchronise the same folder path on multiple machines you have to follow these steps: continue reading »

I’ve been tweeting for a month or so now (see sidebar for latest tweets) and just launched a mashup of Twitter’s public RSS feed and a 3D Flash tag cloud as a “what if” experiment. This is a simple demonstration of the ability to pull information feeds together and create a visual representation of them (in this case).

Here’s the link: www.tweet3d.com

The visual tool allows you to view any user’s tweets as a floating tag cloud. The engine filters the posts to create an emphasis on the topics the user is tweeting about so you can quickly get an idea of the topics they have written about recently.

Thanks to Roy Tanck for the open source Flash cloud.

UPDATE 30 Sept: You can now link directly to your own tag cloud using the ‘twitterid’ parameter. The link is generated dynamically for you when you use the site and you can bookmark it or send it to your friends.

According to ReadWriteWeb: This means that when you tell people you write, read or listen to blogs, wikis, podcasts, social networks and online video - if they give you a funny look, it is now officially them that’s a freak, not you.

The Web is evolving.

In the beginning we translated our physical brands - literature, logos, typographic style, grammatical style, imagery - directly on to the web. Our online presence was a mirror of our offline one. For larger corporates it was a very controlled environment and anything outside this permitted representation was stamped on.

However, the Web allows people to be people. It allows them to interact in ways and with tools that are not available in the physical world. The Web is a very different place. Blogs, podcasts, tweets and all manner of social, human expression have found their way into our way of life.

Already today, companies are being identified by their personality on the Web - through such posts as personal blogs, tweets, videos, podcasts, etc - which puts a human face on the organisation. And in time, a company will be known by the sum of the facets of its presence on the Web instead of just a corporate site.

If this will be the case, will we need a corporate/company website? And if so, what would it look like?

Putting my scrying hat on, I think the corporate website of the future will effectively be a mashup of the different facets of its personality on the web, with judicious filters and content aggregators applied so that a visitor to the “official” website of the business - suitably branded of course - gets to see the one-page corporate marketing spiel (a summary of what the company actually does) and contact details, plus different streams of information that, in themselves, identify the company (provide the digital fingerprint) to people interested in interacting with it.

The filters exist not to hide information, but to heuristically select the most relevant content from the multiple facets and present them to the site visitor. The filters therefore build a stable version of the fluid facets of the brand which becomes the corporate website. If we look at the number of Twitter conversations, blog posts, video casts, social media site posts, etc, that could be happening at any one time we can very easily become overloaded with information, especially minutiae, and we would not want people visiting our “official” virtual home to be overwhelmed and confused. Therefore, we filter to provide them a virtual tip-of-the-iceberg insight into our company.

Should the visitor wish to dig further, they can follow links to all the relevant streams. The filtering technology we use will also be dynamic, and would self-learn so that it adjusts according to what people are looking for - our websites would in effect be self-aware and shift according to the preferences of our visitors, dynamically adjusting filters in quantum steps as patterns of interest change.

This is Web 3.0. And it’s already happening.

You can integrate your Twitter posts with Facebook so they appear in your profile. You can plug in your Twitter posts to Wordpress (I have), and you can grab the RSS feed from anything and parse it to reproduce the content elsewhere - as an example, see our company home page which has the last 5 blog posts. Twitter also lets you track key words so that you can filter updates and receive relevant information - not just everything.

We’re still in the early days of Web 3.0, but there is a quantum shift on the horizon and we need to be ready for how pervasive this shift will be in our physical lives, and ready for it in our organisations digital ones. There is a lot of research being conducted into the role social media will play in our corporate future and I will be following this to see how close to my vision Web 3.0 comes.

We live in interesting times!

Go further:
Does a digital business really need a corporate website?
6 Emerging Trends CIOs Should Care About

A very outspoken post over at The Register makes it very clear what the risks are in this debate. While Cloud Computing is the current “big thing” and everybody seems to be getting in on the act - and we’re even assessing how it fits into future web development plans - there is still a solid argument for sticking with dedicated servers.

The reason is principally one of reliability and accountability, or more to the point that you can call somebody at 3am when the dedicated servers that you are paying hard currency for fail and know that somebody is feverishly scurrying around a data centre ensuring your SLA is upheld. As Ted Dziuba put it:

No matter what the name, you, the developer, will still be dealing with reliability and accountability. Using someone else’s infrastructure for your application will forever be a business risk, but it sounds so much less so with a cuddly name. Your CTO will fall for the next cycle pretty easily. The compunction he feels for his latest data center build-out will outweigh the downsides of an external dependency.

Clouds have been notoriosly unreliable in the recent past (I am sure this will be remedied as Clouds are in their infancy in terms of infrastructures) and it can be very embarrassing when your data goes off-line for a long period, or your applications are down without warning. More to the point - who do you call, and how do you know they are fixing “your” problem when you are just renting a small corner of a nebulous, fluid environment (aether) which (theoretically) provides failover and mirroring to prevent just such an occurrence? When one server goes wrong it can be more easily diagnosed and fixed, but when a segment of the Cloud goes offline, it may be symptomatic of a wider disturbance in the aether.

If you are using Cloud-based systems, you might like to check out Hyperic’s Cloud Status Monitor at http://www.cloudstatus.com/

Peer to peer (P2P) computing is a technology which allows programs installed on individual PCs to communicate with each other without the need for a central [web] server. There are numerous collaboration tools around that operate on P2P principles, and there are also numerous file sharing tools which work on the same basis (e.g. Limewire), and the earliest example of a P2P system was Usenet.

However, as with all technologies, there is a darker side. And the dark side of P2P is the botnet. Botnets are groups of PCs which are infected with malware programs designed to steal information or to relay spam. The programs are covertly installed onto the target PC as a result of the users’ normal surfing or email behaviour (just like getting a regular virus), but because the program operates as a P2P node, it can leverage the power of an entire network of other versions of the program installed on many, many other PCs.

Consequently, botnets have emerged as one of the leading threats to corporate and personal computers. More so that a traditional virus, trojan or other spyware.

Once installed [inside a network or on a PC], these malicious bots can launch phishing or denial-of-service attacks, relay spam that appears to come from the infected machine’s network, or install software that can log keystrokes. Bots go one stage further and receive instructions from control nodes - this is different to the usual “all nodes are equal” in a conventional P2P network. By maintaining a two-way communication with the botnet, hackers can update their activities. For instance, infected machines on a botnet that distributes stock-related spam could easily be repurposed to launch phishing attacks at the push of a button.

“Botnets have become more sophisticated,” says Avi Chesla, vice president of security for software provider Radware. “Some are using encrypted channels [to communicate], and they can be controlled through [Web] traffic, which makes it harder to detect and prevent the activities of these bots.”

“A botnet of 400 [infected machines] is worth more than twice as much as a network of 200,” says Sam Curry, vice president of threat product management for network management software provider CA. “Botnets increase the risk to the community because when you’re dealing with 10,000 of these acting in concert, they can bring parts of the Internet grinding to its knees.”

The largest known botnet operating today is the StormWorm botnet, named because malware was first distributed through viral e-mail that promised photos of damage from European ice storms earlier this year. However, the payload contained the bot which was installed on the visitor’s PC.

Collectively, StormWorm machines offer more computing power than the largest supercomputers. Security firm MessageLabs estimates the StormWorm botnet controls at least 1.8 million computers to relay spam and distribute malicious code. In late August, StormWorm-infected PCs sent an estimated 57 million malicious e-mails in 24 hours, according to Postini, a security provider.

Security researchers say botnets are more insidious than traditional virus or worm attacks because they’re designed to remain hidden, and can compromise a PC or a network without users noticing that their devices have been infected.

Bots first appeared on the security landscape a few years ago in denial-of-service attacks. When several thousand infected machines received a remote command, they sent repeated information requests to a targeted server in an effort to overwhelm the server and knock it or a Web site offline.

Because botnets are designed to resemble legitimate Internet traffic, blocking them focuses on either preventing delivery of the bots or from letting infected computers receive instructions from the botnet controller.

“Bots used to violate protocols by sending too many request per second, but now their behaviour appears completely legitimate,” says Radware’s Chesla. “Until about two years ago, bots could only create packet floods or scan a network. Now the bots generate [legitimate-appearing] requests to a server.”

Botnets are the latest manifestation of hacking’s increasing professionalism. Once the goal of hackers was simply bragging rights, but now malware developers are stealing financial information or relaying spam. Professional hackers, often financed by organized crime syndicates, are interested in avoiding discovery and controlling infected machines for as long as possible.

“Malware developers have become very talented, they have a lot of tools at their disposal and they’re doing it for profit,” says Roddy. “They’re not doing Internet-wide virus attacks any more, now they’re targeting attacks to steal information.”

To avoid discovery, bots may try to prevent the machine they’ve infected from being attacked by other malware. For instance, one bot may try to disable others to prevent both from competing over a PC’s system resources. The StormWorm botnet has also apparently attacked Web sites belonging to anti-malware or anti-spam researchers.

In other instances, hackers combine malicious payloads and install each other’s bots on infected machines.

“The bad guys make a lot of money in doing this, and they’re motivated to find new ways to make money,” says CA’s Curry. “These guys collaborate, and we might see three or four outfits deciding to work together and leverage each other’s install base. They realize that if you have 100 victims and I’ve got 100 victims, we might as well combine them and work together.”

For larger organisations, effective firewalls and security systems are essential to monitor and statistically analyse network traffic. This heuristic approach allows such tools to detect a potential threat, alert sysadmins and suspend traffic from potentially rogue bot nodes.

For small companies individuals, the same tools are essential - firewalls and security software - to help combat the threat of the botnet. Other tools such as anti-spyware systems are also essential and frequent scans helps you keep your network free of potential threats.

However, first and foremost, the best defence is vigilance. Don’t click on links which may be suspect (especially in emails), and don’t open emails which you don’t trust. With an increased awareness of what causes infection, we can help prevent it and reduce the reliance on security software to clean up the mess our lazy behaviour creates!

Story: KPMG Digital Insider Focus