To: <undisclosed recipients>

Subject: Louis Reoderer Crystal Champagne Order

Hello ,

We are interested in ordering 24 bottles of Louis Reoderer Crystal Champagne 2002 vintage (In Gift Boxes if available) for an event On MAY 25th but we need them on hand before then .Let us know how soon you can get them . we will get back to you with the Credit Card number as soon as we get the total cost for the cases and we will arrange for the pick up at your location as soon as payment is clear

Looking forward to your kind reply

Thank You

James Miller

Why is this obviously fake?

Firstly, it’s not addressed specifically to your company. Instead it has been sent to a hidden list of recipients. Next, there are numerous typographic errors (especially in the name of the champagne). And finally, I have had about 4 of them now, all from different people with the same text for “an event” in approximately 2 weeks time. Oh, and we don’t sell Cristal.

Or maybe you could arrange for the police to be there when they do come to pick them up? Though it wouldn’t surprise me if they used a random stranger to do the pick up to cover their tracks as does happen.

Unless you have been living under a rock recently, you will have noticed the fervent debate and campaigning over the Digital Economy Bill which was made law today. A quick Q&A was published on the BBC site today and you can read it here.

One of the important issues is how this new law affects operators of public Wi Fi hotspots (like we have at Meejana). Here’s an excerpt from the BBC Q&A:

There are also concerns about how the file-sharing measures could affect public wi-fi services. Specifically, people are concerned that the owner of a connection could be held liable even if they are not personally responsible for downloading pirated material.

So, for instance, if someone used wireless connectivity in a cafe to download free content, the cafe owner would be held responsible. Universities and libraries are also concerned about this aspect.

However, back in Q1 2009, the EU Data Retention Directive became law in the UK (more on this here). Under this directive the following is required for “business purpose” Wi-Fi: That a business securely capture, protect and retain traffic data for up to two years including:

• details of connections made to the Internet;
• details, but not the content, of internet e-mail and internet telephony services;
• name, address of the source and destination of the communication (IP & Mac addresses as opposed to physical ones);
• analyse traffic and location data related to fixed and mobile telephony initially with Internet access, e-mail and telephony later;
• segregate data for compliant investigation rather than for business use;
• extract pertinent records for law enforcement enquiries “without undue delay”

Any self-configured Wi-Fi service provided to the public (customers) is considered illegal under the EU Data Retention Directive (DRD) and will be penalised.

IANAL (I am not a lawyer) and I am sure there will be further clarification on the subject over time. However, having spoken to free-hotspot.com(our hotspot infrastructure provider at the restaurant) they have stated that the EU DRD mitigates the new UK law. The reason is that by recording the traffic over the network, the business operator is able to provide mitigating proof that they themselves are not responsible for the copyright infringement. The information provided by the operator under the EU directive provides the accusing party (copyright holder) with information to pursue the actual culprit.

Free-hotspot.com provide the infrastructure to meet the EU DRD. Furthermore, when a user of the hotspot connects to the Internet they are required to agree to a legally binding set of terms which clearly state that the user of the hotspot is liable for their own activities and not the operator (the cafe or restaurant).

It will be interesting to see if the cynic in me will be proven right or wrong over time, or if the EU DRD holds up and mitigates the liability should that letter drop through the door from a copyright holder who believes their copyright has been infringed.

What are your thoughts? Are you a lawyer? Do you know how these two laws (the digital economy bill and the EU DRD) will play out against each other and if the operator of a public Wi Fi hotspot will actually be held accountable despite the EU DRD?

Last week I bought a small app for my iPhone called Net Status (app store link). The premise is simple – you enter one or more websites that you want to check are running and it scans them and reports back. (Aside: It’s great as a quick check on the road when a client calls and says “my website is down” and gives you a quick way to prove or disprove this. Even when you have other tools that monitor and report uptime, plus a client can use the tool to check themselves).

The interesting thing that the tool does is scan the common ports for the website you enter and then provides a list of ports you want to monitor. You can deselect some, but it showed some very interesting differences between websites hosted on virtual servers, dedicated servers and cloud hosting. Here’s a quick table (based on a LAMP – Linux, Apache, MySQL, PHP – setup), but please read the notes following it!

Port	Cloud	Virtual	Dedicated
Ping
http
https
ftp	-
mysql	-
dns	-
telnet	-	-	-
ssh	-
smtp	-
smtps	-	-
pop	-
pops	-	-
imap	-
imaps	-	-
afp	-	-	-
smb	-	-	-
vnc	-	-	-
rdp	-	-	-
lpr	-	-	-
ipp	-	-	-
postressql	-	-	-

The in the table show the ports that can be scanned from the Internet, and so represent easiest routes for a hacker to attempt to exploit the server and your website. Out of the box, a dedicated server has many more possible attack vectors which a sysadmin needs to lock down or manage the security for.

The reason that there are so few attack vectors in the cloud is that the website, the database, email, and often FTP are all separated through different channels (IP routes). This is the nature of the Cloud and one which brings a greater default level of security obfuscation “out of the box”.

However, to provide a balanced view, ports and IP addresses for things such as the database server, the email server, etc, are actually shared between many different sites in the Public Cloud and you may inadvertently be exposed in other ways. For more information on this latter discussion see “When the Clouds break; Risks in the Public Cloud“

Fortunately, on the RackSpace Cloud, the solution to this problem is simple – simply increase the maximum memory allocated to the site so that there is sufficient available during the auto-upgrade process.

Is all you need to do is add the following line to your .htaccess file in the root of your web site and the auto-upgrade will then work.

php_value memory_limit 64M

You can change the 64M value – theoretically 32M should work, but sometimes doesn’t. 64M worked for us, or you can increase in 16M chunks to find a value that works for you. Try to be sensitive to the operation of the Cloud and not hog lots of memory though!

I have not read the book, but there are some points that RWW highlights and I am responding to these.

About Web 2.0 – It’s actually an era

I’d first like to start out by clarifying that the label Web 2.0 is really a label for an era in the Web’s evolution. It is like the Pleiocene, or Palaeocene. It’s a period of time rather than a specific set of technologies. It’s like saying we didn’t like the Renaissance, or the Industrial Revolution.

About Wikipedia – Crowdsourced Knowledge

Lanier claims, Wikipedia stifles individual expression. According to Lanier, Wikipedia is “intellectual mob rule” and “seeks to erase point of view entirely.” He goes so far as to call the individual voice “the opposite of wikiness.”

In the latter sentence, Lanier is correct – and while his argument against Web 2.0 could be restated as his dislike for certain generic platforms which have evolved during this period in history (like Twitter, Wikipedia, Facebook, WordPress, etc). It might be more accurate to state that he dislikes collaboration tools as the platforms he seems to have most angst for are those which are designed for group collaboration rather than individual publishing. The Internet and our connectivity to it has allowed us to develop these tools now, and that’s a good thing.

Some of these “generic Web 2.0″ platforms actually encourage a greater sharing of the individual voice by lowering the barrier of entry to the “common man” as opposed to allowing only the technically savvy or intellectual elite who can figure out how to build the tools to enable them to broadcast their individual voice, or pay somebody to do it for them.

You can set up a WordPress site (or Posterous, or one of many blogging tools) quickly and even for free, and while it is a templated system, you have a platform for your own voice. Twitter – another generic platform – allows millions to express their individual feelings. Had it not been for Twitter I would not have been able to connect to some very influential and thought-provoking individuals that I now listen to and converse with on occasion.

About Humanity

Some of the issues that Lanier takes umbrage at include the posting of anonymous comments on blogs. If a person is unable or unwilling to identify themselves, then this is their choice and not the fault of the tool they are using. The availability and ubiquity of publishing platforms in the current era of the Web, and the importance of the social aspect of sharing and commenting simply provides more exposure of this flaw/fear in our human nature. It has been there all along, but not so visible as it is today via the Web.

Instead of criticising the technology, maybe we should look at ways we can improve ourselves?

Drizzle is a cloud-directed, Linux-leaning, stripped-down, hitherto for unsupported, GPL 2 MySQL 6.0 fork that Rackspace is betting will infinitely scale, or at least scale better than MySQL.

From Wikipedia:

Drizzle is a stripped down version of MySQL v6.0 and as such is planned to have many common MySQL features stripped out such as;

• stored procedures
• query cache
• prepared statements
• views
• triggers
• grants
• some non-pluggable storage engines

In their stead Drizzle is doing:

• micro kernel architecture, making Drizzle more modular than MySQL
• more pluggable interfaces, such as for authentication and for logging
• multi-core optimization (compared to MySQL’s potentially lacking multi-core optimization)
• fewer data types
• fewer engines
• less code making for a smaller and potentially more maintainable codebase

Although less of a functional feature and more of a developmental feature, the Drizzle project is being built to remove distinctions between internal and external contributors, allowing for cleaner community involvement.

While this may be better within a Cloud hosting environment in the long term, the short term is filled with questions for the business such as:

• Should I rework my existing code, or just move my site to somebody providing MySQL?
• Will I need to learn new ways of doing things? Should I invest the time?
• Will the people who host websites with me need to make any changes? Will I lose these clients? How can I make sure they transition effectively?
• Will my third-party developers embrace this change, or will they force me to look for alternative hosting?

Since Drizzle is a MySQL fork, the basic elements of coding should remain the same, but the removal of elements such as stored procedures – a mainstay of database developers – could have far-reaching implications for existing code.

I will be watching the developments of this story as it unfolds as it could affect a lot of people (my company included).

What do you think? What are your views and concerns?

Here’s an example of an email I received today (and about once per week on average):

From: Ankur [reciprocallinks.seo@gmail.com]
To: Emissary Consulting

Dear Sir/Madam,

We are a leading web design services firm is located at Noida, India  and having presence in US, UK, Canada and Australia. We provide the best Website Designing And Development (ASP, ASP.Net, Java ,Perl and PHP development)  developers and SEO’s, specially for Graphic/Flash/3D designing. With Graphic/Flash/3D designs, we thrive on the idea that design makes a difference We can provide you with a fresh, professional image via a recognizable trademark or logo design. We have our competency in CMS (Joomla, Modx, Mambo and other quality Content Management System) and e-commerce websites. We customize our processes and reports based on client’s styles and guidelines.

We have result oriented low price promotion packages to match your needs. We NEVER contact your end client in case if you are an agency client and sign up the NDAs with you. We appreciate your interest in services. If you would like to know more about our services.

Regards,

Ankur

Here’s the problem – the email is not traceable to any company. The email address is some generic Google Mail address, there are no telephone numbers and no links to a company or freelance website. There is no way to determine who this person (or these people are) from the email, even though it “sounds” professional on the surface.

Ankur has contacted me twice so far, using different email addresses. Needless to say I mark his emails as spam now.

If you deal with small clients, these types of emails are your enemy. Your clients are probably receiving them and may be seduced. They may also raise unnecessary questions which, though seemingly valid to the client, aren’t valid in a professional web design or development context. But, you will have to be ready for them and ensure you have the right defence against them to protect your business. The more you establish yourselves at the outset as a clearly professional organisation – by setting clear boundaries for everything such as terms of business, payment, design approach, number of revisions, etc – you will clearly differentiate yourself, manage your client’s expectations and more effectively deal with incursions from unprofessional organisations such as the one who sent the email above.