Blog of a Long Distance Worker Tech

The blog about mobile tech

Monthly Archives: January 2009

Extra-meeting comms – the water cooler/coffee machine

Just read a post and could not help but comment on it…. Twitter is the water cooler for the Mobile worker, the work at home worker, the telecommuter. I can only wholeheartedly agree with Andrew’s views, particularly now as I follow more and more people in the UK as Twitter has taken off.

The only problem at the moment with Twitter, which becomes a real problem for the Corporate entity is that this is the water cooler/coffee machine on acid (if you will excuse the phrase), every comment is blasted out there into the ether for anyone and everyone to pick up – not just those people you can see. The response would be to say what about using another service tailored for the corporate and that can sort of work but you need to include the global conversation – as the power of Twitter is that the links do not follow Corporate lines.

So we are looking forward to the future that is assisted by systems like Laconica/Identica/Yammer, to build systems that not only segment into Corporate silos, but also federate out to Twitter and other islands of Corporate systems – a bit like email and the recent developments in IM – for the real time microblogging. We can also look forward to realtime conversation logging and filtering at the company firewall as well, to protect against slips, libel and other legal problems. Hopefully all of this will take place without losing the power of the conversation that is found on Twitter today, although I must admit that there is a wealth of information out there now that the Corporate spy can use to second guess their competitors – purely by following what people are doing, saying and NOT saying… they used to call it traffic analysis.

All we can hope for at the moment is that sufficient education is given into the use of these tools, or at least a level of common sense.

In the meantime come on in, feel the twitter stream and you can find me at http://twitter.com/nocky100

Password Management

The recent Twitter hacks and the password change that ensued brought to mind approaches that are followed for password management. Now please forgive the heresies I am about to commit.

passwordsThe standard approach to password management is to have a complex and different password per service and change it often… like once a month. This turns into a complete nightmare today with the growth of the cloud and online services. Even the least evangelical technology user has got to have more than 10 different logon credentials, and to be honest I bet that almost all have a single password for every single one of them… except where technology forces difference such as differing reset periods and different formats (some allow four characters, some require eight, some need upper and lower case with numbers etc). Of course you can keep a account/password list protected by yet another password but that just stays off the problem. What about OpenID and other single sign on technologies? Nope, that is not working either as their are still too many different systems in use.

So what is better? And this is where I am going to commit the second heresy.

Firstly a word about the passwords themselves – they just have to not be words and be made up of pool of characters that is sufficiently big to make it hard to guess. All this numbers and symbols stuff that you see off people is not always required to do this – heresy number One. I find a good way is to make up the password from a set of syllables which makes it easier to remember, because writing them down is both a pain and a major risk – for example:

tor – ver- nop

Anyway to reduce complexity, the better approach is to simplify your account/password usage and do a bit of risk and impact assessment in there as well setting a password for low, medium and high impact/risk services. So what do I mean exactly?

First create the Low Risk one – one you shall use for all services that you have to register with but that are not a real life problem if you have it hacked. These are things that do not involve money, that are just for storing preferences or similar. This password never changes unless you feel the need to. This should work for 80% of all web site access in my view. Making it around 7 to 8 characters with an optional single number (for those sites that do insist) is what you need.

Next create the Medium Risk one, for those sites that involve some risk to your financial or reputation well being – a much smaller number of sites, probably the next 19% of them. This password, being less trafficked, becomes more secure and you can also decide how often you want to change this one. Changing it on a small number of sites is so much less of a chore, and I do recommend a minimum period of one month and a maximum of three months.

Next create the High Risk one, for those sites that involve major risk to your financial or reputation well being, the final 1% of all the sites you visit that require authentication. This password being seriously less trafficked is also then more secure and easy to change often (probably monthly). Also in the event of a breach or accident, you can change passwords quite rapidly for this small number of sites.

Of course, you also have the seriously High Risk sites – these will still require a unique password and are such things as banking or company network access or even the main logon that your Home Router uses with your Internet service. To be honest most of these will have another control involved such as a hardware logon device – or at least I hope so.

You will need to always assess each new service for financial, functional impact or reputation well being to decide which password to use, but in the end you will end up with a small number of passwords to go with the user account names for each service. In fact, you could end up with two active passwords for 99% of all your Internet usage, and feel reasonably safe. Remember, not everyone has to live in Fort Knox, you only have to leave your gold in there. What do you think?

Better Defrag

Recently I had a major problem with an EeePC. After configuration and installation of all the software on it and the optimisation of where all the files go, the machine ran slowly. Checking out the C: partition showed that it had a 30%+ fragmentation figure for the files on the disk, notably because of all the tweaking to get files in the right place. Now this performance issue was slightly counter-intuitive as it had an SSD with no seek times to think of, but file access was horribly slow. This screamed defragmentation (and after I did it, it certainly was down to fragmentation as performance is much nippier now). So the basic defrag tool in the Windows XP Home installation was used but it would not defrag the machine at all even though there was 1.4GB free out of the 4GB SSD. It was simply TOO fragmented.

smartdefrag

So I brought in the big guns on this one, which came in the form of IOBIT Smart Defrag. I ran this over the disk and with a small bit of manipulation (moving about 500MB of files to the D: partition), I managed to complete defrag the disk and give the performance improvement I needed. Now you may not have the same level of problem with fragmentation, but I can certainly recommend this software tool over the basic XP and Vista defrag tools, particularly as it gives a lot more visual response for what is going on and how fragmented the disk is, and also it offers a dynamic continuous auto-defrag function (not recommended for SSDs by the way – they have wear issues with file writes that make defrag an emergency tool only) that keeps you optimised.

Great tool, and here is the kicker – it is free.