Security Watch posted an interesting article today discussing the value of personal login credentials, or username and password combinations used to access online services. I often get asked question about why people hack into computers, or write and spread viruses and malware. My answer has always been that it’s less about damaging computers or systems anymore, and more about being stealthy and collecting valuable information that can be used for monetary gain. This article paints a general picture and help to explain of how much our information is worth, answering the question – Why do they do it?.

According to the article, the actual value of account credentials is based mainly on popularity of the application, and the `popularity’ of the account, but I’d also include type of application, authority of the account holder, and the probability of an account granting access to additional valuable data as determining overall value of the credentials.

Read the full Article here.

Posted via web from Ed’s Posterous

First of all, my use of the word “Hack” is not the version popularized by the media. It is used here in the context of using a tool (YouTube API) to accomplish a task that was not originally part of the tool’s design. By using some creative thinking and little trial and error, I was able to accomplish a desired result, and overcome a limitation of the API.

Ready, Set, GO!!

While working on a recent project I came across a mildly irritating limitation of the YouTube API. The thing is, I wanted to display a list of recently added YouTube video thumbnails to a web site that link back to the videos in the YouTube users channel.  Easy! right?

Not So Fast!

Here’s the thing. The channel feed returned by the API does include the link back to the YouTube Video, BUT it sends the visitor to the usual standard public YouTube page with the video embeded and NOT to the Channel of the YouTube member who uploaded it.

For most, this would be fine. But I wanted to be able to preserve a connection and identity between the web site and the YouTube Channel.

Unfortunately, the YouTube API does not provide a direct way to do this [link videos back directly to the YouTube Channel instead of the standard YouTube page]. So what’s a developer to do? … Come up with a hack, of course!! (even if is is a small one)..

First A Note:

This solution uses the Simplepie PHP Code Library to grab the Channel RSS feed

The Code:

<?php

require_once(‘php/simplepie.inc’);

$feed = new SimplePie(‘http://gdata.youtube.com/feeds/api/users/[user name]/uploads’);

$feed->handle_content_type();

$YT_PlayerPage = “http://www.youtube.com/user/[user name]#play/uploads/”;

$YT_VideoNumber = 0;
$ShowMax = 4;

foreach ($feed->get_items() as $item)
{

if ($enclosure = $item->get_enclosure())
{

$YT_VidID = substr(strstr($item->get_permalink(), ‘v=’), 2, 11);

echo ‘<a href=”‘ . $YT_PlayerPage . $YT_VideoNumber . “/” . $YT_VidID . ‘”title=”‘ . $item->get_title() . ‘”> <img src=”‘ . $enclosure->get_thumbnail() . ‘”/></a>’;

}
if($YT_VideoNumber == $ShowMax) break;
$YT_VideoNumber++;
}
?>

Tiptoe Through the Tulips (or walking through the code)

There you have it. A small block of PHP code and we have the result we’re looking for. Now let’s take a look at each line in the code.

require_once(‘php/simplepie.inc’);

This line does nothing more than call/include the Simplepie Library. The one thing you may need to change here is the location of the library. I stored it in a directory at the root of my web called “php”. So depending where you store your copy of the library, you may need to change this.

$feed = new SimplePie(‘http://gdata.youtube.com/feeds/api/users/[user name]/uploads’);

The next line creates a new feed and stores it as $feed. Pretty creative.. huh? Whats happening here is simplepie is grabing the rss feed for the YouTube Channel’s Uploaded videos.

An important note to make here is that the URI for the RSS passed to SimplePie is not the same as the RSS URI that you would use to subscribe to the channel’s RSS feed to use with your RSS reader. You will also need to replace [user name] in the URI with the YouTube user name for the channel you want to pull videos from.

The Standard RSS Subscription URI looks like this:
http://gdata.youtube.com/feeds/base/users/[user name]/uploads

While the URI used by the API to grab the RSS looks like this:
http://gdata.youtube.com/feeds/api/users/[user name]/uploads

Notice the difference indicated in bold text (“base” vs “api”). You will need to be sure you use “API” version of the URI. You can get this by copying the public RSS URI and simply changing “base” to “api”.

At the next line we have:

$feed->handle_content_type();

This just makes sure the content is being served out to the browser properly.

The next three lines contain three variables I’ve added: $YT_PlayerPage, $YT_VideoNumber and $ShowMax

$YT_PlayerPage = “http://www.youtube.com/user/[user name]#play/uploads/”;

This is the first part of the key to getting YouTube links to point directly to the Channel page. This variable holds the base Channel player URI and is used to construct a complete video link. The completed URI link also includes a counter reference and the unique 11 character video ID. To get the URI for the channel player page, visit the YouTube Channel you’re grabing the video feed from and click on a video link. The complete URI for that video will appear in the browser’s address bar. Simply copy that URI and eliminate everything following the backslash “/” after “uploads” (indicated in red)

http://www.youtube.com/user/[user name]#play/uploads/#/xxxxxxxxxxx

$YT_VideoNumber = 0;

The links on the YouTube Channel page contain a counter in the URI and increases by +1 with each link. This is the second part of the key in constructing the direct Channel links. This counter was a portion of the link that was removed in $YT_PlayerPage. I’m not completely clear on what the purpose of the counter is and in my experimenting with this, it did not seem to make a difference what the counter value was as long as the video ID followed it. But since it is the format that is used on YouTube’s Channel pages, I’ve figured it would be best to recreate the same thing here. Besides, we are going to use that value later in the code. I’ve set the initial value of the variable to 0 (zero) because the counter is zero based. (0, 1, 2 … )

$ShowMax = 4;

The next line contains the $ShowMax variable. This is used to set a limit to the number video links I wanted to display on the page. BUT, there is a trick you need to be aware of here. We are using the $YT_VideoNumber to get the counter number for the current video in the Loop (the loop will be described in the next section). But because $YT_VideoNumber is zero based, we need to compensate for that in the $ShowMax Variable and offset the limit by -1. In other words, to limit the display to 5 items, we need to set $ShowMax to 4 because we are including 0 as the first item (0 1 2 3 4) for a total of 5 items. Got it?… good!

foreach ($feed->get_items() as $item)
{

These lines start/open the Loop getting each item in the feed. This is where the code will “loop” through each item (video) in the feed and extract the information I wanted for each video.

if ($enclosure = $item->get_enclosure())
{

This line sets a conditional variable ($enclosure) to check if the current item in the loop contains enclosure data provided by MRSS (Multimedia RSS) that might be provided with the feed. YouTube feeds do support and provide MRSS enclosure data and we need to be able to pull it from the feed. The get_enclosure() method is part of the SimplePie Library and makes getting access to this data pretty easy.

$YT_VidID = substr(strstr($item->get_permalink(), ‘v=’), 2, 11);

This line is the final [and probably most important] part of the key to constructing the Channel video link.  It’s also the most confusing part at first sight. I mentioned earlier that a video link is provided with the feed that will direct the viewer to a the standard public YouTube page for viewing. This link contains the video ID that we need. The bad news is that the API as far as I could see does not allow a direct or easy way to get the ID for each video [please correct me if I'm wrong here]. The good news is that the ID can be extracted from the link provided with the feed, and that’s exactly what this line does.

$item->get_permalink() returns the URI / video  that would direct a visitor to the standard YouTube page. The URI is similar to:
http://www.youtube.com/watch?v=xxxxxxxxxxx

v=xxxxxxxxxxx of the URI contains the video ID and needs to be extracted.

substr(strstr($item->get_permalink(), ‘v=’), 2, 11) isolates and extracts the video ID and then stores the ID in the $YT_VidID variable.

Lets have a closer look.
We need to find the position in the URI string where the video ID starts and then extract it.

The video ID is passed in the URI as in query string paramater “v”.  I used the PHP strstr() method to match and find the position of “v=”. This will create a new string eliminating everything in front “v=” so we are left with “v=xxxxxxxxxxx”.

If you look close, you’ll notice that strstr($item->get_permalink(), ‘v=’) and therefore the resulting string, is actually used as the string argument in the substr() method used to isolate the video ID.

The second argument, “2″ tells the substr method to offset the beginning of the string by two characters. This is to eliminate the “v” and “=” characters and moves the substring start position to the character after the “=” which is the first character of the Video ID.

The third argument, 11, tells the substr method to isolate the next eleven characters from the start position, leaving us with the full video ID “xxxxxxxxxxx”.

In experimenting and playing with this, I found that all YouTube video IDs are 11 characters long. I limited the substring to 11 instead of allowing it to extend to the end of the URI because, if for some reason additional string data was passed with the URI after the video ID, it would be included as part of  the extracted string and the result would be an invalid ID.

After all that, I had the golden nugget of an isolated video ID which is now stored in the $YT_VidID variable. The hard part is DONE!! (really, it wasn’t that hard).

echo ‘<a href=”‘ . $YT_PlayerPage . $YT_VideoNumber . “/” . $YT_VidID . ‘”title=”‘ . $item->get_title() . ‘”> <img src=”‘ . $enclosure->get_thumbnail() . ‘”/></a>’;

The three key pieces needed to construct the direct Channel URIs are now available and the links can be put together. This line, still contained in our loop, constructs the link for each video item in the feed and outputs the HTML markup that will be included in the rendered page. To construct the link, join the three key pieces (the variables) like so:

$YT_PlayerPage . $YT_VideoNumber . “/” . $YT_VidID

$YT_PlayerPage = The base URI.
$YT_VideoNumber = The video counter
include a “/” character
$YT_VidID = The video ID

The output should look like:
http://www.youtube.com/user/[user name]#play/uploads/#/xxxxxxxxxxx

Include this string as the value of the href of an HTML <a> tag.
‘<a href=”‘ . $YT_PlayerPage . $YT_VideoNumber . “/” . $YT_VidID . ‘
Next add a “title” attribute to the <a> tag and set the value to $item->get_title().
“title=”‘ . $item->get_title() . ‘”>
This will create a hover text that shows the title of the video when the cursor hovers over the link.

Next, include the link content (text or image to act as the visible link). In my sample, I’ve used a thumbnail of each video.
<img src=”‘ . $enclosure->get_thumbnail() . ‘”/>
Note that again I’m extracting the enclosure data included with MRSS as part of the RSS feed to get the thumbnail image for each video.

Finally add the closing </a> tag to complete.

But wait … There’s more!!

}

The next line is nothing more than a closing bracket that closes and completes the conditional statement that checks for the enclosure data.

if($YT_VideoNumber == $ShowMax) break;

Remember the $ShowMax variable? This is where it comes into play. We are using the $YT_VideoNumber variable that was added to hold the counter for the current video and comparing it to the $ShowMax variable used to limit the number of videos the page will display. With each iteration of the loop, the code extracts the information for each video item and increments the counter by +1. The counter actually serves two purposes in the code. First,  to be used in constructing the video URI and second, to control the point at which the loop is to be exited. Why?.. If our video feed has 100 items and we only want to display 5 of them, then it does not make any sense to continue stepping through the loop to read the remaining items. So after we get what we want, we exit the loop to save resources.

What’s happening here is this:
If the current $YT_VideoNumber variable value for the current iteration of the loop matches the value of the $ShowMax variable, then “break” (exit) out of the loop and we’re done.

$YT_VideoNumber++;

BUT, if the values of these variables does not match, then the next line increments the $YT_VideoNumber by +1 and continues to the next iteration of the loop.

}

And Finally, there is the closing bracket of the loop which also brings us to the end of the code block.

So that’s it. This code will render a set of YouTube video thumbnails in a web page that will link directly back to the video on the YouTube member’s channel page where ever it is included. But don’t stop there. Have a look at the other methods available in the YouTube API and SimplePie Library for additional information and data you can extract and use, add your own CSS and markup to the the output to change the layout, appearance, function … whatever you want.

I hope you found this useful. If you have any thoughts, improvements or comments to share, please post in the comments section here.

And if you do use this in your own projects, I’d really appreciate a comment in your code, a shoutout or link back to this post.

Happy coding!!!

RSS – We’ve all heard about it (or at least should have by now), but may not really understand what it is, what it does, and how it can add value to what we do every day.

RSS, originally an acronym for “Rich Site Summary” today is known as “Really Simple Syndication” and is a technology that allow us to aggregate news and information with very little effort and time. In the “Old Days” of the internet, in order to keep track of sites or news we found online, we had to rely on the option of Bookmarking or creating “favorites” in our browser, and then manually visiting these sites to see if there were any new updates or additions. If your in a position where you need to keep up on lots of topics, news, and changes that happen daily, then you will likely build a collection of bookmarks that could grow well into the hundreds. Let’s face it, at that point there is no efficient way you can manually organize and check each of these sites individually and still keep up with all your daily responsibilities at the same time.

RSS To The Rescue!

Why is RSS a better option than Bookmarking? Simple! Time, Effort, Near Real-time news access. Think of it like this: Instead of making the time and effort it takes to run out to your local news stand for the various daily news papers, the news is now delivered right to your doorstep. Now consider the morning news edition, the evening edition, the late edition, etc. That adds up to a lot of news papers and a lot of trips to the news stand. And what about breaking news? There’s a good chance you’d miss out on something timely if you had to go get it yourself. RSS takes all the time and effort away from getting your news and information and delivers it ALL to you, keeping you informed and up-to-date!

Wow, That’s Great, But How Do I Use it?

To get started with RSS, you first need a RSS or “feed” reader. There are many available, but my favorites are Netvibes (netvibes.com) and Google Reader. For the record, I use netvibes for all my RSS needs. Because readers have different methods for adding and managing feeds, I will not cover that portion here and save it for another post.

Once you have decided on a reader, the next thing you need to do is find the RSS Feeds you want delivered. How do you do that? RSS feeds have adopted an icon that makes identifying them easy.

Standard RSS Icon

RSS Icon in Firefox Address Bar

If you see this icon on a web page or in your FireFox Browser Address Bar, then the site or page you are on has a live RSS feed that you can “subscribe” to or add to your RSS Reader. Some sites may also simply provide a “subscribe” link but be careful to be sure it is an RSS feed link and NOT an email newsletter subscription link.

Getting the RSS Address: Firefox

Once you have located the RSS Feed link you can right-click the link and select “Copy Link Location“. This will copy the URL of the RSS feed to the clipboard of your computer. Once you’ve copied the URL, you will need to paste it into your preferred RSS feed reader where it will display headlines, links and descriptions of the host web page or site.

Again, depending on your preferred reader, adding feeds may differ and I will not describe the different methods for each reader here. Consult the FAQ or instructions available from your Feed Reader for information on that.

Copying the RSS Address from the browser

When creating a new page, or editing an existing one, keep these tips in mind.

1. Say No To Word: Unless the wiki has a built-in feature to deal gracefully with Microsoft Word syntax, Please Please Please…avoid copy-and-paste from word documents. Word documents create ugly HTML syntax that is difficult to edit and manage within the wiki (or any wysiwyg or web editor for that matter). It also creates pages that are structurally difficult to read and navigate without additional formatting and editing. As an alternative, save word documents as Rich Text Files, or plain text files then copy-and-paste into the wiki from there, then edit and format the content in the wiki using the wiki editing tools.
2. Use Headers and sub-headers: Add headers and sub-headers when appropriate to organize your content on the wiki page. Using headers will not only help to visually separate each important section of your page, but they will also auto-create a page index or TOC (Table of contents) making it easy for users to find and navigate page content.
3. Making The list: Use Ordered (numbered) lists and Unordered (bulleted) lists when creating lists of items. This makes each item in a list easy to identify and improves readability.
4. Use An Opening Introduction: If your creating a new wiki page, always try include some information in a small paragraph at the top of each page describing what the content is about, and how it can be used. It is also helpful to include a small description below each heading and sub-heading as well. This helps readers to quickly identify the content and how it can be used.
5. Can I Quote You On That? : Provide citations and supporting links to references when possible. Besides giving credit where credit is due, citations allows readers to confirm the validity of your input and lead them to additional sources of reference.

Do you have any other tips? Please leave a comment and share them here.

I recently set up a WordPress Blog internally for our company to use over our intranet to help improve communication, collaborate, share and develop ideas, and stay informed about company announcements or current events.. etc.

One of the requirements I had was to allow authentication against our Active Directory. Yes, we operate a Windows network primarily, but you can also authenticate against other LDAP directories as well. This was important from an IT position as well as the participants of the blog. I felt people would be more likely to participate if they didn’t have to manage separate user accounts for each service on the intranet. I also set up a Wiki that is Active Directory enabled. I’ll post about that at a later time. The point is, it makes little sense to create different credentials for each user with each new service. It not only becomes a hassle for IT to track and manage the accounts, it’s also a drag for participants to keep track of and manage their username and password pairs for each service. The result would most likely lead to lack of use and that is not what we want.

Integrating the existing Active Directory accounts means that each participant can access these services using the same credentials they use to access or log into their network accounts and desktops. When time comes to change passwords, you need only to update the Active Directory account and your done. Simple! What could be better?

Starting Point

The first thing we needed to do was find out how to include AD Authentication with WordPress 2.5. There are a small number of plugins that claim to allow AD Authentication, but from what I came across, most of them were older and no longer actively maintained. But…there were two in particular that still showed signs of being actively maintained and had promise.

The first was was aptly called “Active Directory Authentication”

The other plugin and the ultimately the one I managed to successfully include is wpDirAuth.

The Trials

Although I was able to get wpDirAuth to work with WordPress 2.5, there was a catch. The current “Official” release of wpDirAuth as of this writing is version 1.2 which is not compatible with WordPress 2.5 so there was some work involved to make this happen. I visited the wpDirAuth plugin page to look at the install directions. They seemed easy enough. It wasn’t until I actually installed and activated the plugin that I realized it wouldn’t work. My next stop was the support channel that the author set up to help troubleshoot install and authentication issues. It was here that I learned there was a patch already available and provided by a generous wpDirAuth user – Adam Yearout. I applied the patch and then tried to login with my network credentials again, and … No luck! By now I was scratching my head. Searching and reading all the information I could find, I finally found myself on the wpDirAuth Developer Support Channel. This was another channel set up specifically for developers. It was here that I uncovered some clues as to what was happening and a small code tweak that was necessary to overcome the problem. Apparently, the author of the plugin assumed that the login name was also the name associated with the Active Directory Account Email, which in most cases is true, but not always. For example username: johndoe would by default have an email johndoe@domain.com. In my case, my email and name and login name were not the same, so the logic that the plugin author used would not work. The good news is that the fix is a fairly simple one if you know where to look and the dev channel contained all the clues needed to find the info.

Setting up wpDirAuth with WordPress 2.5

For this how-to, I am using wordpress 2.5 installed on an Ubuntu 8.04 LTS server With Apache2 and PHP5. There is no GUI and I am not running an ftp server on this server so all settings and changes are completed using putty over SSL.

So lets get to it. Setting up AD Authentication was not as straight forward as I had hoped and required a few extra steps along the way.

The first step is to download the wpDirAuth plugin from the WordPress plugins section.

From a terminal or if logged into the server via Putty, change to your home directory and get the latest version of the wpDirAuth plugin.

Next extract the files by executing:

Now you have a new directory called wpdirauth.1.2 in your home directory.
Move into the new directory and list the contents using

Now you will see the wpdirauth directory. You need to move this entire directory to your WordPress plugins directory.

To move the extracted wpdirauth directory, make sure you are in the wpdirauth.1.2 directory and execute the command:

Now we need to move into the actual WordPress Blog directory where our files are hosted by executing the command:

Now if you execute

you should see the wpdirauth plugin folder. Once again, we will change directories and move into the hosted wpdirauth directory using:

This is where the editing (and the fun) begins.
Remember, we need to make some changes before we activate this plugin in WordPress 2.5 or it will not work.

Patching the wpdirauth plugin

Before making any changes to our files, it’s alway a good idea to make some backups.

From the wpdirauth execute the command:

Next apply the patch that was just downloaded. This patch will make changes to the wpdirauth.php file, and update the Plug-in version for 1.2 to 1.3

Apply the patch by executing the command:

Editing the plugin

Once the patch is installed, your Active Directory authentication should for most people. But we are not done yet.

There is an issue related to Active Directory users names and their email addresses. Active Directory user accounts that are also created with an email address, are by default given an address equal to the login name.
For example an Active Directory user created with a login name of johndoe would have an email address of johndoe@domain.com. The problem arises in the way that wpDirAuth authenticates against Active Directory using the email address. If at some point, the users default email address is changed, the login name does not match the email address and authentication fails. The fix is a simple one if you know where to look.

To prevent authentication failure due to the login name and email mismatch, you need to make a small edit to the wpdirauth.php file. Start by executing the following command:

Next, scroll through the file till you find the wpDirAuth_auth() function at line 246. It should be about 1/4 of the way down the page. Edit this function as follows:

At about line 273 find the line

and delete or comment it out.

Next move down to about line 284 and look for the line that reads:

Add a new line after this and enter the following:

Basicly, we are just moving the line “if ($accountSuffix) $username .= $accountSuffix;” down a few lines and adding it after the line ” $filterQuery = “($filter=$username)”; ”

This is the snippet of the the wpDirAuth_auth() function after I made the changes look like this.

Activating the Plugin

One requirement that may still be missing is php’s LDAP support. If you do not already have support for LDAP enabled in php, you will need to enable it before you can authenticate against the Active Directory.
To enable LDAP in PHP, execute the following command

At this point, and assuming everything went well, it’s time to log into your WordPress Blog as the WordPress Admin and navigate to the “settings” page. From here, you will see a “Directory Auth” link at the top of your settings page. click this link to access the Directory Auth setup page and fill in the required fields as they apply to your Active Directory set up.

Enable Directory Authentication = yes
Require SSL Login = Yes if you use SSL Auth, No if you do not.
Enable SSL Connectivity = yes if you are using SSL or LDAPS connections, No if you are not.
Directory Servers (Domain Controllers) = DNS Name or IP Address of your Active Directory Domain Controller
Account Filter = samAccountName or field to search the username to locate the directory profile. For AD, samAccountName should work.
Account Suffix = @yourdomain.com – This is the suffix for you local domain usen in email addressing in the AD for you local network.
Base DN = DC=domainname,DC=com – Note this will vary depending on you local network and complexity of your AD
Bind DN = Blank if you allow Anonymous Binding to your Directory or a username use to pre-bind if you do not.
Bind Password = Blank if you allow Anonymous Binding to your Directory or the password of the user used to pre-bind if you do not.

The remainder of the fields are self explanatory and are not critical to successful authentication.

Now save the changes and log out of the WordPress Admin account.
Next attempt to login to WordPress using an Active Directory User Account.

You should now have Active Directory Authentication enabled and working with WordPress.

Remember, your mileage may vary depending on your specific needs and existing network and Active Directory structure.

Have any other tips, or want to share your experience with AD authentication in WordPress? Leave a comment.

The Problem

After a bit of poking, proding and searching, I came across the cause to this problem. Microsoft released a few security patches on Tuesday. One of these patches (KB951748) was released to address a DNS flaw that could lead to DNS cache poisoning. Unfortunately, the hotfix conflicts with Zone Alarm and prevents internet access. Systems that were setup to automatically download and install Windows Updates received this patch.

What I can’t believe is that I’ve seen and heard “Professional” support people actually suggest the fix is to uninstall the firewall. Seriously? Are you Kidding? That is not a solution!

Other suggestions were touninstall the hotfix. Although this would work, you might still be open to the DNS flaw and at risk. Another was to turn the firewall settings to Medium protection. Not as bad as removing the firewall, but still not really an option.

So how does one overcome this annoying issue?

Zone Labs recommended solution is to download and install a new version of Zone Alarm released to resolve this little issue.

Other less desirable and temporary options are:

Uninstall The offending Microsoft HotFix

1. Click the “Start Menu”
2. Click “Control Panel”, or click “Settings” then “Control Panel”
3. Click on “Add or Remove Programs”
4. On the top of the add/remove programs dialog box, you should see a checkbox that says “show updates”. Select this checkbox
5. Scroll down until you see “Security update for Windows (KB951748)”
6. Click “Remove” to uninstall the hotfix

Set Zone Alarms protection to Medium

1. Navigate to the “ZoneAlarm Firewall” panel
2. Click on the “Firewall” tab
3. Move the “Internet Zone” slider to medium

A Few Good Men (and Women)

Do know any good people? Spread the word, talk about them, blog about them, twitter about them, tag them. Do whatever it takes to let world know that Good People DO exist!

I’m pretty sure that most people (I’m talking average people here) don’t know what HTML even means, never mind how to properly write and test it. HTML is the mark up language used for writing web pages, not email messages. It has a specific form, syntax, structure, and should conform to current standards. If not written correctly, you will experience problems of one sort or another. Then there is the problem of writing for different displays, engines, platforms etc. Each of these also introduces their own set of quirks, hacks and workarounds.

HTML email also has a history of security related vulnerabilities and issues, for example:

• embeded content
• scripts
• the ability to include links whose text is different from it’s target
• tracking and beacons

It’s no secret that Microsoft has released warnings on a number of seperate occasions stating that opening a specially crafted HTML email messages in their popular email software would lead to your system being compromised “just by opening the message”. That’s it, end of story. (this is not an invitation to bash microsoft)

HTML is also popular with SPAM and PHISING and because of that, spam filters are likely to give HTML messages a much higher SPAM score, increasing the chances of that message getting buried by a filter.

These are very generic samples and I could write pages on the subject but they also give an example of how inbound HTML can represent a security risk and how outbound messages are put at an increased risk of not reaching the target, or being unreadable.

According to RFC 2822, plain text is the default format for email and therefore is supported in all compliant readers. HTML formats however are not required to be supported. There is also an issue of non-standard support and proprietary rules among HTML rendering engines and software, which introduces compatibility issues and broken pages or layouts or even in some cases, completely blank pages.

Here’s my perspective. If the intention, and ultimately your business, is to get your message to your target or audience, don’t you want to know that they will be able to read it. Plain text gives you that guarantee. HTML is not as reliable.

So what do you think?

• Do you prefer HTML email over Plain Text?
• Does your company disable or limit inbound HTML email?

The event was hosted by Bryan Person and featured presentations by:

Scott Monty @scottmonty
Laura Fitton @pistachio
Doug Haslam @dough
Jim Storer @jstorer

You can view their presentations at:
http://topazpartners.blogspot.com/2008/02/social-media-breakfast-presentaions-how.html

Each speaker was allowed 5 minutes to present his/her story and experience, describing how twitter has changed their life and each presented some really great thoughts. It was very interesting to see how they each made twitter work for them.

In keeping with that theme, I figured I could write a quick post to share my experience with twitter, and how it has changed my life with more of a personal twist. Let me begin by sharing a little something about myself that you are probably not aware of. Simply put, I struggle with social anxiety. I do not do well in crowds or groups where I am unfamiliar with others or in a setting/environment that I am not familiar with.

Now back to the point:

Since I’ve started using twitter regularly, it was pretty obvious how useful and valuable it was. Twitter has provided a way to make connections with other people who shared similar interests and ideas. I also found twitter users that, even though I have not made a two-way connection, I choose to “follow” for the ideas and bits of info and knowledge they share – the ability to virtually “pick their brains”. For me, this is significant because in the “real” world, it is difficult for me to engage others whom I am not already familiar with. Unfortunately, this has given people the impression that I am anti-social, snobbish, and even intimidating (huh?) which couldn’t be further from the truth.

So, how has twitter changed my life?
Twitter has allowed me to make connections, have conversations and get to know people in a way that removes the anxiety. When an opportunity comes about to meet these people in a real world setting, I am more at ease and feel as if I already know them to some degree which helps to reduce the anxiety significantly. I still have a lot of work to do to manage anxiety, but twitter has given me a tool to ease the process and helps to break down the wall that my anxiety creates.

So there you have it.
Has twitter changed your life? Want to leave a comment?
I’d love to hear from you.

The details of how this all works are still unknown to me, but it has been speculated that that “general” location or area will be determined based on the closest receiving cell tower. Google has referred to this “general” location as “neighborhood-level information”. Sure, you won’t be able to get specific long/lat location, but (and this is my own speculation) you can get close enough to determine what shops, restaurants, events, etc (read consumables) are in the “general” area, and maybe develop an ad service suggesting locations of interest based on the users profile, habits, etc.. You know the typical song and dance.

Heres another hook. For all this to work, the mobile user will be required to download and install Google’s Free software on their mobile phones to use the service. Now I don’t know about you, but this is screaming “ANDROID!!!” Android is Google’s ambitious open source call to a mobile phone operating system. If your not familiar with Android, see my earlier post.

Finally, take into account Google’s announcement to bid on on wireless spectrum in the 700MHz band in late January when the U.S. Federal Communications Commission begins auctioning that resource, and things start to add up. This isin’t much of a surprise because Google had dropped some nuggets of information in the recent past showing some interest in this, but it was always unclear as to why.

Heres my take. Google has the collective resources to feel the winds of change surrounding their core internet based services. Users are not tied to their computers anymore. We are sharing information and data, collaborating across devices and platforms, making phone calls from our computers and browsing the web on our phones. Google sees the opportunity here and wants a piece – The First Piece. Traditional service providers are scrambling to change their business models to adapt to the open exchange and this is where Google has the advantage and always has. Google has developed some strong strategic alliances on the internet and mobile playing fields, and now they (Google) are putting all the pieces together. Don’t get me wrong. It won’t be easy, and there is a long road ahead for them, and many who would love to see them stumble. Either way, Google is about to shake things up.