Category: blogging

There’s been an interesting debate going on about the state of blogging lately. Jeremiah Owyang kicked off the most recent debate when he declared The Golden Age of Blogging Is Over in where he says that at least the tech blogosphere is maturing and changing as the result of a number of factors. 
 

The funny thing about blogging is that it’s a new name for something I’ve been doing for 15 years or so: putting content on a website for other people to use and comment on. I am best known for a series of Frequently Asked Questions I wrote about the Check Point firewall products over a period of about 8 years. After that, I changed my focus to something more fitting to my nickname: telecoms, VoIP, mobile phones, gadgets, etc.
 

Blogging, both for myself and others, became a real serious business. That is the main point of Owyang’s piece, really. It was a business I thought I wanted to be in at one time, which is why I decided to join Creative Webblogging back in the day. I went through a period of time where I was blogging daily. Multiple times a day, in fact. I generated a lot of content. Both on my own site and for several of the blogs for Creative Weblogging. 

During that time, I saw a lot of the same ideas over and over again, hashed and rehashed. Both in the products I was covering and the people talking about them. It’s not called an echo chamber for nothing and I simply got tired of contributing to it. The money I was making was not commensurate with the effort required to generate content. The payoff simply wasn’t there.
 

I also experienced a significant change to my personal situation in 2008 related to my job at Nokia. The end result is that I now work for Check Point Software, the company my personal brand has been most tied to over the years. This necessitated a change in focus for me–back to the very thing I was best known for, albeit with the backing and support of Check Point.
 

While I have a number of roles at Check Point, the most visible one is being an advocate for Check Point in the “social media” space. I created our Twitter, Facebook, and Google+ presence and actively participate there. I answer questions on two externally run forums about Check Point proudcts and services. 
 

That isn’t to say I haven’t blogged about VoIP, telecom, mobile phones and the like. I occasionally blog about my employer as well. That said, I do not feel the need to say something on my blog every day. I am a lot more deliberate about what I decide to blog about and when. It has to be something unique or something I can provide a unique insight, perspective, and opinion on (to borrow a phrase from Andy Abramson).
 

I tend to express quick thoughts about a number of things on Twitter, Facebook, Google+, and others. Thoughts that, some time ago, I would have turned into a blog piece. Is that the right approach? I’m not sure. 
 

The one thing I do miss from the earlier years was the sense of community we had. While we independently put our words out there for all to see, we did exchange and play off each other’s ideas. That was fun. There is some of that going on today on Twitter, etc., but it’s not the same.

 

Rest assured, I will continue to provide my unique insight, perspective, and opinion. I may not do it as often as I used to on as many things as I used to, but you can be assured when I do, I’ve got something worth reading about something worth knowing about.

I feel bad, in a way, that I haven’t been posting to my blog. Then again, I think I know why. The conversation is, for the most part, elsewhere.

Does it mean my blog is a failure? Am I not getting the hits I want or the comments I want? Not really.

One of the things I’ve learned is not to try and treat all communication the same way. Not all conversations are the same. Not all mechanisms for conversing are the same.

The trick is knowing where, when, and how to have the right conversation. Sometimes, that’s my blog. Sometimes it’s Twitter, Facebook, a phone call, or in person. Sometimes you have to use all these forms together.

Right now, one of my major conversations is with Check Point Software’s customers. This conversation is mostly on CPUG, but I am also seeking out and having customer conversations on Twitter, Facebook, and other places. Yes, this is my job and my personal blog is not necessarily the right place to have that conversation

Meanwhile, this is the right place for this ephemeral thought. Or is it? Let me know what you think in the comments!

For those of you who only read my blog via RSS (or via Facebook) and don’t read my Twitter feed, I’ve decided to restart my personal blog on a domain I’ve had for a while–phoneboy.info. Feel free to follow along, if you’d like.

I was originally running my personal blog on Vox, but I decided that I might actually want to use the data elsewhere. Vox does not make it easy to export the data I already put in Vox, so I’m giving up the ghost, copying over the stuff I might want to save, and shutting it down.

The personal blog is more for stuff that doesn’t generally fit with the techie stuff I write here. Not entirely sure what I’ll put there, yet, but it’s there and it’s on a server I have some control over. And I can get the data out if and when I want to.

This past week, I’ve been on the Check Point Security Tour up in Western Canada talking about the Dangers of Social Networking. The basis of the presentation was actually something I gave to Check Point employees in Redwood City back in August on the benefits of social networking. I added the “dangers” part after I  was asked to present in this tour

This topic seem quite timely as this past week, several of my followers on Twitter got bit by the latest attempt at hacking Twitter accounts. At least three of my followers sent me direct messages on Twitter that were a little suspicious:

this youz ? ? http://is.gd/4H1qh

lost a ton of weight and feel better here http://ringys4u.com

hi. i lost excess fat with http://loseweight.asdjiiw.com it works…

These message looked suspicious. I didn’t click on the links and I immediately warned the affected individuals to change their passwords.

Of course, Twitter is not the only place this happens. In fact, these kinds of messages have being sent out as long as email spam has been around, which have been going on at least as long as I’ve been on the Internet.

Nothing New Under The Sun

I’ve been at this “social networking” thing a while. Aside from starting out on computer bulletin boards in the late 1980s (you know, the kind you used your computer modem to dial into), which is one of the earlier forms of so-called social networking, I’ve participated in IRC, instant messaging, USENET, mailing lists (also ran my own for 9 years), online forums, blogging (phoneboy.com has been one since 2005), and of course use the “current” social networking tools like Twitter and Facebook.

The main thing that differentiates these service from one another is the interface used and whether or not the services permitted real-time communication with others. Beyond that, they all fulfill a fundamental human need–the need to be heard and understood by others.

The Value of Social Networking

By this point in time, I think most of us understand why social networking is valuable. It’s great for making new connections with people, strengthening existing connections with people, being part of (or starting) a conversation, and sharing ideas and things you’ve created.

For business, it can even be more powerful. Connecting with more customers more often can mean more sales. It can also allow you to get better visibility into what’s going wrong with your business, for example customer service snafus. Businesses have to accept that they cannot control the conversation about them. However, they have a fighting chance of guiding it in the right direction by actively participating in the conversation.

Where Email and “Social Media” Tools Differ

It’s relatively easy to send an unsolicited email to someone. All you have to do is find their email–or guess it–and send them an email. Furthermore, it’s relatively easy to “spoof” an email. I figured out in the early 1990s how to send an email from someone appearing to be from “root@heaven.org” by talking directly with the email server. While mail servers have gotten smarter about these things over the years, it can still be done relatively trivially.

The newer social media tools make this a bit more challenging as a “friend” or “follower” relationship is required. For example, I can only send someone a direct message on Twitter to someone that is actually following me. Facebook requires the person to be a “friend.” This severely limits who can send you a private message and you can be fairly certain who sent the message to you.

Despite these controls, I still see “spam” on Twitter and Facebook. And yes, like what happens with email from time to time, it appears to come from a “friend.” But unlike email, where your identity can be easily spoofed, something more nefarious has to happen.

URL Shorteners

Prior to Twitter, there was not a huge called for so called URL Shortening services, which take a long URL and make it shorter. tinyurl.com is one of the oldest such services. However, the limited message size of Twitter and the increase in URLs shared over the service necessitated the use of these services in order to allow for text to accompany the URL and, of course, allow for URLs that might be longer than 140 characters

URL Shorteners are great for exactly this reason–they make long URLs shorter. They also provide other services as well, such as the ability to see who clicked on the link and when. However, they are also bad because they mask the original URL, which, if you could see it, might cause you not to click on that link. For example, would you click on a link for either of these URLs?

• http://www.xzxxy.cn/cgi-bin/pwn-system?type=win
• http://www.paypal.com.hax0r.pl/webscr?cmd=_home

You can tell by looking at these URLs that something is up. However, Look at these two URLs:

• http://bit.ly/3Ha5Mo
• http://bit.ly/N03v1l

Can you tell what evil might lurk behind these shortened links just by looking at the link?

How Do I Get Spam From My Friends on Social Networking Sites?

With friends sending you benign looking links via direct message, we have ourselves a perfect storm for the spreading of spam. Theoretically, these messages came from someone you trust, causing you to let down your guard and think it’s ok to click on the link. The link leads to a website that contains a piece of malware that, without your knowledge or consent, either steals your Twitter credentials stored on your computer, or hijacks your existing Twitter session and sends out similar links to your friends. Or much worse.

While that can and does happen, the other possibility is that you were flat out tricked into giving your Twitter credentials to a third-party that either looked like the Twitter site or purported to do something of benefit to you (e.g. help you gain more followers). While not all third-party sites that ask for your Twitter credentials are bad, some are.

Information Disclosure

Speaking of information disclosure, there are plenty of other opportunities to disclose information on social networking sites that, under a different context, you might not disclose. My buddy Kellman has a great post on those “quizzes” that make the rounds from time to time and what great sources of information they can be about you. While some of the questions are truly innocuous, some “key” questions could be sprinkled in there that, when used in the right circumstances, could easily be used to “reset” an account password or gain access to an account.

Protect Yourself

The dangers in social networking aren’t new at all. They’ve been there for at least a decade. Fortunately, the ways to protect yourself aren’t new, either, though far too many people forget the basics.

Careful With That Link, Eugene: Like links you receive in email, particularly unsolicited ones, all links on social networking sites should be carefully evaluated. Since the links themselves are often shortened URLs, look at then text around it. Usually that text is a huge clue as it contains misspelling or contains “spammy” looking text. Your account could be sending those same kinds of messages if you’re not careful about what links you click on.

Use Different Passwords, Change Them Often: Each of your social networking sites as well as all other important websites should have different, complex password assigned to them, and they should be changed regularly. Since people often use the same password on multiple sites, one compromised account could easily lead to compromising other accounts.

Don’t Blindly Give Out Your Credentials: There are a lot of third party web-based services out there that make use of your social networking services. In the past, the only way for this to occur was to give your credentials to these services. This works, so long as these third party services weren’t somehow compromised, or worse, the services were not what they seemed to be. The one benefit to using something like OAuth (which Twitter does) is that you can revoke a web applications permission quite easily. It doesn’t prevent the third party web service from being compromised.

Keep Your Operating System, Browser Patched: Ensure you have applied all the latest patches from Microsoft, Apple, or whomever supplies your computer’s underlying operating system. Ensure you are using the latest version of your web browser.  If you are using Internet Explorer–especially if you are using Internet Explorer version 6, as is standard on Windows XP, try using a third party browser such as Firefox or Google Chrome.

Browser Plugins Can Help: If you are using Firefox, there are plugins that can help expand those “short” URLs so you can see where it is they will take you. LongURL is a good example of this for Firefox.

Security Software: Windows users should ensure they are running an up-to-date set of security tools that cover anti-virus, anti-malware, and protection from browser-based attacks. Microsoft puts out a free anti-virus/anti-malware tool which is quite good, as does a few other companies. Their free tools do not protect against browser-based attacks. Something like ZoneAlarm ForceField or ZoneAlarm Extreme Security (which includes ForceField and other security features) can be effective protection against these kinds of tools. (Disclosure: I work for Check Point Software, which publishes ZoneAlarm).

Nothing Is Completely Private: Even if you protect your updates on Twitter or are very careful about whom you interact with on Facebook, note that all communications, even so-called “direct” or “private” messages, are not entirely private on social networking services. Accidental disclosure can and does happen, thanks to actions by you or your so-called friends. It’s not always intentional, of course, but it does happen.  And yes, those “quizzes” you might take may contain a so-called identity question that could be used to take over one of your other accounts. Just be careful.

Some Final Thoughts

Social networking has been, and continues to be, quite pervasive in the civilized world. The tools used for this have and will continue to change over time. What hasn’t changed is that there are people out there who do not have your best interest at heart. And while nothing is entirely safe and secure, with a little vigilance, we can spend less time being victims of the latest scam and more time doing what we’re supposed to do on these social networks: communicating and sharing.

Many moons ago, I found a script that allowed you to use the Lifeblog program that was included in some older Nokia phones and post entries to a WordPress blog. It also worked with Share Online up to version 2.0 with a small amount of tweaking. It’s still one of my most popular blog entries.

Unfortunately, when Nokia decided to go to Share Online 3.0, they stripped out the ability to manually configure the client. While I’ve had access to the documentation for creating the configuration file for some time now through Forum Nokia Pro, I hadn’t gotten around to actually making a file. Fortunately, someone came up with a PHP script that does it for me (thanks to eViLrAcEr for bringing it to my attention), though I used this script instead.

With that little matter out of the way, Share Online 3.0 was still failing. Turned out to be nothing more than a missing quote. I also took the opportunity to fix one issue I’ve always had with the script: the text was displaying after the pictures in the generated post. I decided the text should go before the pictures.

I now have a complete system for posting pictures to your WordPress blog from Share Online 3.0.

Known To Work With:

• WordPress 2.7.1 (may work as far back as WordPress 2.3)
• Share Online 3.0 from a Nokia E71 or N95 8GB NAM
• Share Online 4.0 from a Nokia N96 (Confirmed 14 April 2009 by Jaimon)

Installation Instructions (also available in Dutch)

1. Download Lifeblog PHP and Share Online PHP.
2. Generate a favicon.svg file. One option that’s kind of cool is a site called Vector Magic that will take a regular image and convert it to SVG . You can also use a tool like Inkscape to do it.
3. Copy all three files to the root of your WordPress installation. Should be at the same level as wp-blog-header.php.
4. Rename the files to lifeblog.php and shareonline.php make executable if needed.
5. If the root directory of your WordPress installation is not writable, then you will need to create a file called atomdata.txt that is writable by the web server process. In many cases this means the file needs to be made world-writable.
6. Ensure that wp-content/uploads directory is writable by the web server process. In many cases this means the directory needs to be made world-writable.
7. Edit lifeblog.php. See the comments at the top of lifeblog.php.txt on what will need to be edited.
8. Edit shareonline.php, replace all instances of http://example.com with your specific blog URL (e.g. http://lifeblogtest.co.cc). Also replace examplecom with some unique name (in service_id).
9. Access <yourblogurl>/shareonline.php with your web browser on the phone (Share Online 3.0) or configure Lifeblog/Share Online 1.x/2.x. Use the following information as appropriate:
   • Username: admin (or whatever username you use to post)
   • Password: (whatever password you specify in lifeblog.php–not your normal WordPress password)
   • Server Address: http://www.examplewordpressblog.com/lifeblog.php (only if using Lifeblog app to post or older Share Online)

After that, you should be able to use Share Online 3.0 or Lifeblog on your Nokia handset to post to your WordPress blog.

Troubleshooting Instructions:

If you want to ensure your client is working properly, feel free to use my test server by pointing your web browser at http://lifeblogtest.co.cc/shareonline.php and use the following credentials:

• User: lbuser
• Password: lbusertest

View the website (http://lifeblogtest.co.cc/), which is mobile friendly. All posts send here will disappear after 24 hours or so.

If you end up using this on more than one site, ensure you use a unique filename for the .svg file on each site in order to ensure that each site maintains its unique icon. You will need to replace all instances of favicon.svg in shareonline.php with the unique filename you’ve chosen.

[Update 2 July 2009] If you’re having problems uploading large pictures to your blog, try adding the following to your php.ini:

[Pcre]
;PCRE library backtracking limit.
pcre.backtrack_limit=5000000

To debug your own installation for other issues, do the following:

• Uncomment out any of the lines that have “logme” in them.
• Attempt to post
• Send me the following information via email (address listed to the right):
  • atomdata.txt file
  • Phone you are using to post with firmware version (Dial *#0000#)
  • Version of Lifeblog software on the phone, if possible to obtain:
    • On N80i: Tools > App. Mgr. > Lifeblog, then Select > View Details
    • On N93 and N73, I don’t see a clear way to get that information since it is an included app.
  • Version of Share Online (Options > About)

Post the information in the comments and/or send it to me in email (contact on the right). Understand that I have a “real job” and I’m not making any money at this, so support for this script is not guaranteed.

[ Update 3 January 2010 ] I have changed the test URL to http://lifeblogtest.co.cc (it was previously http://packetflow.co.cc/lifeblog/).

While I usually blog from my computer, I do like the ability to blog from a mobile phone from time to time. Unfortunately, there are many issues with blogging from your mobile, many of which would be solved by a half-way decent blogging client.

Enter Wordmobi . Wordmobi talks to WordPress blogs and allows you to both write posts, but also manage comments. The 0.6 version fixes the usual assortment of bugs, but also adds new features, including:

1. The ability to craft and save posts without a network connection. Previous versions did not allow this, making it difficult to, say, write a blog post on an airplane
2. Post YouTube links, which brings up a URL with everything but the object ID filled in. I don’t see much use for this feature, but clearly someone wanted it
3. Can send posts to Twitter when you save them.

The software is for Nokia S60 devices that support Python. I personally use my Nokia E71, which works great with Wordmobi!

Posted by Wordmobi

For those of you who don’t visit phoneboy.com directly, you may not have noticed that I changed the site’s tagline to read: Simplifying Network Security, Telecom, Gadgets, and More! Previously, it read VoIP, Mobile Phones, Telecom, and Technology Made Simple.

Why the change? Furthermore, why write about it? Because I think it’s important to signal a slight change to the topic areas I plan on covering here.

I have always covered, to some extent, gadgets. Instead of trying to maintain a separate gadgets blog, which I started a few months ago, I plan on keeping that on phoneboy.com. I’ll probably copy the posts over at some point to phoneboy.com also.

I removed VoIP from the tagline because, well, it won’t be the reason I cover something any longer. I will cover some of the larger telecom issues as well as interesting telecom services that may or may not use VoIP. VoIP plumbing that is still evolving to a certain extent, but it’s still pretty similar to the way it was back when I first started this blog. (And please, I don’t want to discuss the whole VoIP is dead thing again, ok?)

The main addition to this blog: network security topics. For all my aspirations that want to go do work in mobility or VoIP or whatever, Information Security–or at least supporting people in that field–has been what has kept the mortgage paid for the past 12 years. Given I am likely to end up working for “the leader in securing the Internet” (a.k.a. Check Point Software), assuming the acquisition of Nokia‘s Security Appliance business closes, I’m probably going to be in the field a bit longer.

Let’s face it, I also enjoy trying to take ominous sounding things like the MD5/SSL hack that was recently announced and breaking it down for people like I do the other topics I cover. (on this hack, don’t worry too much–yet)