Usability - Productivity - Business - The web - Singapore & Twins

By Date: October 2010

Protect your Domino applications from Firesheep

The appearance of Firesheep and the resulting awareness is a good thing. The threat posed by "sidejacking" of cookie based authentication has been around for quite a while (not as long as other Fire sheep), just use a packet sniffer like Wireshark or any other sniffing, penetration and Security Tools.
Safeguarding your applications requires securing the transmission lines. There are 3 general ways (note: this distinction isn't technical accurate, but clarifies the options): server/application provided, network provided and user selected.
  1. Network provided security can be a VPN or encrypted access points (which still leave options to interfere at the end-points)
  2. User selected are conscious or automated choices to insist on encryption (ZDNet has more details)
  3. Server/application provided is the ability and insistence to encrypt the whole session, not just the authentication process
In Domino this is quite easy:
  1. You need to acquire an SSL certificate either by buying one or create your own
  2. Next you install and activate the certificate on the Domino server. Catch here: you need distinct IP addresses if you have more than one domain to secure. A HTTP 1.1 header isn't good enough.
  3. Now you need to consider: you you want to secure all databases for all connections or only databases where you expect users to login. If you decide on a database per database approach you can check the database properties and require SSL for a connection (that's a good time to disable HTTP access for databases you don't want to access from the web UI)
    Database property for SSL access
  4. If you decide, that any authenticated connection must use HTTPS all the time you can configure the HTTP server to do so. In your server document you should have switched to "Load Internet configurations from Server\Internet Sites documents" long ago. If not, now is the time.
    Configure to load config from Internet sites
    In the internet site document you can decide to reroute all traffic to HTTPS or just the authenticated access
    Security settings in Internet site document
  5. Restart your HTTP server tell http restart
As usual YMMV

Posted by on 31 October 2010 | Comments (0) | categories: Show-N-Tell Thursday Software

Grandstream GXV3140 VoiP Phone and Skype #fail

Skype certifiedFrom time to time I check the Skype website to see what gear is new. My current LinkSys iPhone worked reasonably well but the rubber keypad starts degrading and the speaker phone never was great. When I saw the Skype advertisement for the Grandstream GXV3140 I thought to give it a shot, especially since it carries the label "Skype certified".
The Grandstream website didn't list a Singapore retailer, so I contacted them through their ticket system. They were very fast in their reply (well done!) and pointed me to the Singapore distributor Micro United Network Pte Ltd. They called me the following day to see what they can do for me. So far a very pleasant and swift experience. It turned out that the phone is sold at Mustafa's department store. Mustafa is South East Asia's biggest department store and open 24x7. If you come to Singapore it's a must visit especially in the wee morning hours. It's not the high end store, but you get any category of things, from high tech to a cheap Tuxedo for your 3 year old. I love that place. It's brimming with life any time. The phone section had 2 sets on display demonstrating a video call over 4m distance. So I got myself one.
Grandstream GXV3140 VoiP Phone The phone requires a network cable (a optional WIFI module is available) and can be configured through the phone keyboard and screen (you actually can attach an USB keyboard and mouse) or through a web browser. The phone is preconfigured to use the IPVideoTalk SIP server for the first of 3 configurable accounts (for a full review of the phone check out the TMC Blog). It turned out that the Firmware didn't have Skype support yet and I had to update the firmware. Grandstream provides instructions. It was as easy as pointing the firmware download URL to the Beta site and reboot the phone. This was were the fun ended (and I'm not talking about the Twitter implementation being broken or the scary SIP options menu):
  • Skype is hidden in the Social Software menu, it takes 7 key presses to make a call (9 if the number is not in the contact list). There would be a spare soft key for that
  • I can't select Skype as the primary phone (like when I pick the handle I'll make a Skype call)
  • Skype chats are deeply hidden in the menu even when a new chat is coming in
  • An incoming Skype call disrupted playing Last.FM (good), but it didn't resume after the call finished (bad)
  • Video chat doesn't work. It turns out to be a Video codec issue. The GXV3140 only supports H.263 and H.264 but not VP7 which is Skype's native video codec. On Windows (and Windows only) Skype seems to be able to use H.263/H.264 (can't verify that since I don't have Windows here), but neither on Linux nor Macintosh.
  • The forum entry has a lot of questions, little answers.
So currently it feels Skype is "bolted on" rather than integrated. To be fair: the Firmware is still labelled beta, so there is hope.

Posted by on 30 October 2010 | Comments (2) | categories: Software

IBM Lotus Sametime 8 Essentials User Guide - review coming soon

Sametime8Userguide.jpg Snehman Kohli from Pact Publishing asked me to review IBM Lotus Sametime 8 Essentials: A User's Guide. I'm downloading the eBook to read it on one of my upcoming flights (hopefully with the Nokia BH-905i provided for test by WOMWorldNokia). You can read a free sample chapter (Chapter No. 7 – iNotes and Sametime – Chatting from the Web), check Eknori's review, browse through John D. Head's verdict, look at Core Davis' summary or buy it from Amazon . More details coming soon.

Posted by on 29 October 2010 | Comments (0) | categories: Lotus

Microsoft Office vs. OpenOffice vs. Lotus Symphony

The heat is on, Microsoft pushes against OpenOffice, Infoworld analyses the rationale behind the attack and Lotus Symphony is due for its version 3.0. Imagine for a moment you get hired as CTO or CIO of a large organization. Which one would you pick and standardise on? My take: divide and conquer. You have two groups of users: your existing base with paid-for licences and new users who don't have an [Insert-your-flavour-here] office licence yet. For old world economies the later group might not exist, so we have a clear emerging economy only problem at hand. So for the first group the big question: what improvement would a new version bring? Most likely none given the way office documents are probably used. For the later group a package that allows to seamlessly interact with the first group makes sense. Now you can start arguing if that is given with [Insert-your-flavour-here].
However your real effort should go into a review: what office documents can be eradicated from your organisation. All these stand-alone documents, living on users hard drives or in document repositories form little islands of poorly structured information that are more and more difficult to manage and maintain. We have tons of tools, beginning with eMail, who try to make these office blobs flow nicely instead of starting with information flow in the beginning. All these macro-infested spreadsheets that form the backbone of your monthly reporting would be better replaced by a dashboard, the tons of text document forming the requirements for that software project live happily in a WIKI and the progress reports are just fine in that blog. Need to have a spreadsheet front-end to a database with concurrent editing capabilities? Try ZK Spreadsheet. Need a list? Try Quickr or this. While you are on it make sure all this tooling works well on mobile devices (office documents don't work well). You will reach the point where your remaining document needs will be rather simple. Then go and revisit your Office decision again.

Posted by on 18 October 2010 | Comments (9) | categories: Software

Progress in data structures

Four decades ago COBOL ruled business IT. Its DATA DIVISION. contained all the data structures we ever would need. COBOL had clever constructs like REDEFINES and (in the procedure division) MOVE CORRESPONDING. Of course during the last fourty years we made progress. COBOL data was un-throned by XML (OK I skipped some steps in between) which is getting un-throned by JSON. Comparing the formats you clearly can see the progress made:


            01 Customer .
              02 Name .
                  03 Lastname   PIC A ( 40 ) .
                  03 Firstname   PIC A ( 20 ) .
              02 Address .
                  03 Street     PIC X ( 25 ) .
                  03 Street2   PIC X ( 25 ) .        
                  03 City       PIC X ( 25 ) .
                  03 Zipcode .
                    04 Zipbase       PIC 9 ( 5 ) .
                    04 Zipextension   PIC 9 ( 4 ) .
              02 DOB .
                  03 Month   PIC 99 .
                  03 Day     PIC 99 .
                  03 Year   PIC 9999 .


      <Lastname />
      <Firstname />
      <Street />
      <Street2 />
      <City />
        <Zipbase />
        <Zipextension />
      <Month />
      <Day />
      <Year />


function Customer ( ) {
    "Name"     : {
                  "Lastname" ,
                } ,
    "Address" : {
                  "Street" ,
                  "Street2" ,
                  "City" ,
                  "Zipcode" {
                              "Zipbase" ,
            } ,

    "DOB"     : {
                  "Month" ,
                  "Day" ,

Now can someone explain how to do a redefines or a move corresponding in JSON?

Posted by on 17 October 2010 | Comments (3) | categories: After hours Software

The eLearning dilemma

eLearning has been around as long as the computer industry. Nevertheless it hasn't been a broad raving success story. There are success stories, but eLearning is not ubiquitous as using a spreadsheet or posting to a blog. One reason might be, that the effort to create eLearning materials mostly is grossly underestimated. A recent study put the ratio for highly interactive eLearning to 716:1. Working full time one could create 1 hour of such material in 18 weeks. That's more than 4 month for just one hour. For basic eLearning the ratio is still 49:1. So one spends one week to prepare just one hour.
From my exposure to eLearning projects, admittingly mostly in the corporate space, I had to conclude that most managers sense the magnitude but rather opt to ignore it, based on "we have a 4 month eLearning project and need to deliver" type of pressure. So the usual way out is to implement a Learning Management System (LMS) and then hope for a miracle that makes content appear. There are very good LMS systems at the market, a lot of them Open Source (you need to google the commercial ones yourself) that manage the courses rather well. They don't help in structuring and creating materials, they just look after them. They also don't tie it back to the official curriculum, since there isn't a hook to tie to. Then there are outstanding Learning providers, lot of Open Source text books and Learning communities. On the other side is the official curriculum (e.g. Singapore primary) and the vast experience of teachers and the materials they hold (in their heads, on paper or their harddrives). The dream in for eLearning would be a system that links and connects all these sources into a single blended learning experience. This experience needs to be deliverable for learning institutions (students are supposed to treat learning as their primary activity) as well as corporations (learning is ad-hock as-needed). eLearning could answer the "why do I need Phytagoras" (just watch your carpenter) and "what does compound interest do in the real world". Unfortunately these links don't exist today. Classroom learning is disconnected from online, disconnected from the curriculum, disconnected from corporate learning. The technology is there, someone needs (I would say literally) to connect the dots. Step one would be to make a curriculum machine readable and deep linkable. Unless there is an agreed upon specific format for a curriculum OPML could be a good candidate. Your feed reader already understands it. Who educates the educators about it?

Posted by on 17 October 2010 | Comments (3) | categories: eLearning

Create an Enterprise Event Calendar on the Cheap

With Notes 8.5 comes the ability to overlay your own calendar with other calendars. An obvious use case for this functionality (besides your kids school calendar) is the list of corporate events. To get a corporate event calendar follow these easy steps:
  1. Create a new database on your server. Call it Corporateevents.nsf and base it on the standard mail template
  2. Give normal users "No access" with "Read Public Documents" access in the ACL
    Give read access to Public Documents
    You can add this setting in the preferences too, same effect.
  3. Create a mail-in document in your Domino directory pointing to that database
    Mail-In Documents are in the Directory
    Sample Mail-in document
  4. Open the database and edit the profile (More - Preferences)
    1. Set the mailbox owner to the mail in name you just created (Corporate Events in our example)
      Change the Mailfile Owner
    2. Edit the Autoprocessing settings in Calendar & ToDo to automatically accept all incoming invitations
      Calendar Autoprocessing Options
    3. Check the access settings to verify our ACL change above worked (or make the changes here)
      Mail access settings
    Save the preferences and you are good to go
How to use this:
Anybody who wants to manage an event would simply create a calendar entry (meeting invite) in his/her own calendar and invite "Corporate Events" to the "meeting". In the meeting body all event information like agenda, directions (take the staircase, all 27 steps, turn left at the water cooler) and other useful information can be listed. Almost always corporate events undergo changes when moving through their planning stages from idea to proposal to planned to confirmed. The event owner just needs to update the calendar entry in the personal mail file to keep the corporate events listing up to date. And we all know nothing is closer to you than anything in your mail file (except for Luis of course).
As usual: YMMV

Posted by on 15 October 2010 | Comments (4) | categories: Show-N-Tell Thursday

Teaching - Singapore style

As an "engaged parent" I spend some time with the teachers from CHS to understand how teaching in Singapore works and what's in store for their eLearning initiative. Last year Singapore's Ministry of Education (MOE) decided to roll out Google Apps for Education for the teachers. When I see my gentlemen working they log into Google docs too. However task assignement and full utilization seems to lack. So I got the, very approchable CHS teachers to explain how learning in Singapore works:
Cascading learning in Singapore
The MOE defines the curriculum to be covered by the schools for Primary and Secondary Education and so on. It also breaks that curriculum down into the years (nicely referenced in this booklet) and also publishes (AFAIK only for teacher consumption) a break down into 40 module recommendations how to structure a learning year. I really like their syllabus section for the richness of content, but would love if that information would be available in machine consumable formats (DocBook, DITA, XML etc.) so individual learning items could be cross referenced.
Armed with the 40 module recommendations and the list of approved text books the teachers of each school coordinated by their respective head of department devise the various learning units and how to deliver them (duration, teaching and interaction methods). The individual teacher then breaks out assignments that might be eLearning modules, delivered in class, teamwork or classical homework. It is then up to the student to deliver while the teacher tracks and grades the results.
An learning solution that improves the learning delivery needs to tie back into this flow. Ultimately MOE will need to go ahead and turn the curriculum into something that can be deep linked. Currently MOE is working with Jotterlab to provide eLearning for the schools. They plan to start with the new school year with a pilot. You can follow them on Twitter or keep updated on their blog. I'm curious how they will incorporate modern learning sources like the Khan Academy, The Open Textbook Repository, cK12 Flexbooks or COSTP (There are many more, I'll cover them in due time). Also interesting will be how they include the Singapore Tuition Industry and stack up against their competitors like Grokit.

Posted by on 14 October 2010 | Comments (0) | categories: eLearning Singapore Twins

What is holding back XPages adoption

A question that is asked - monstly by non-developers or "old Notes hands" - quite often recently: "Why would I want to develop in XPages rather than classic Notes and Domino". Part of that question might be driven by Cainotophobia. However it is valid. When a new way of programming comes around, like switching from punch-cards to terminals, from Assembler to C, from Cobol to Basic, from VB to VB.net or from Terminal to GUI draught of competency happens. The existing paradigm is well understood (including all its quirks) and backed by a huge body of knowledge represented by a huge code base. The transition from classic Domino to XPages is no different.
The transition between LotusScript and XPages
Until the new paradigm is backed by a similar level of competencies and skills doubt will exist if "that new thing" is really the way to go. With increasing adoption of XPages the skill level in classic Domino will gently decline (people retire or simply forget) while XPages skills will rise. Now the graph for XPages isn't fully accurate once you take developers into account who haven't developed on Domino before. After all XPages embraces and (horrible IBM word:) leverages existing technologies and open standards. Unless you live under a rock you have (at least as a consumer of the results) encountered HTML, CSS and JavaScript by now. Also XPages' foundation in JSF is well established. Of couese it very much depends on the "readiness for innovation" in the individual companies' development team if they want to contribute to the growing body of knowledge around XPages or wait until the moment where late adopters move. IMHO XPages' early adopter phase is coming to an end and XPages enters Domino mainstream. Very soon the question will change from "Why XPages" to "Why stay back".

Posted by on 08 October 2010 | Comments (4) | categories: XPages