My window to the world


Your opinion is so highly regarded you shouldn’t talk about the topics you talk

By Mauricio Freitas, in , posted: 19-Nov-2012 17:07

Not the first time I post a comment here on this blog or Twitter and someone comment with a "You have a large audience  and shouldn't be spreading ideas such as this" or "You have a position of influence so you shouldn't post this".

This mainly happens when the person posting the reply doesn't agree with the idea I have just posted or have a business interest that conflicts with the idea.

The way I see those comments they are something like "I don't like what you are saying and because you have a large audience that could believe you I rather you not posted it online".

Think about it for a second. My audience or my position of influence is not an automatic gag order if one disagrees with me.

The last example came after I posted a tweet:

In my ops world I follow a good rule: less is better. If I have the option of running something without having to add more to my stack on the server, I will. If I have to add anything to the server, it needs to be really good to justify a spot in the box. And in my books there's nothing great (at the moment) that would make me install JRE on my servers.

So I got a reply:

I guess Paul wanted to say "shouldn't be engaged". But you get the point.



My view on New Zealand ISPs

By Mauricio Freitas, in , posted: 14-Nov-2012 10:15

Another impulse blog post. Today I lost all hope for New Zealand ISPs.

Either they have performance problems, billing problems, customer services problems or something else that will make customers' lives a pain. The lack of peering, low caps, high prices, long delays to launch new services and plans, high number of customers sharing a small bandwidth pool make me sick.



Vodafone Data Angel and new mobile data roaming prices: how large is a web page?

By Mauricio Freitas, in , posted: 5-Nov-2012 12:29

Vodafone New Zealand has released new prices for mobile data roaming. It's a good step, but in my opinion it's still too expensive. The best alternative in terms of cost is always to get a local SIM card.

One of the thing in the press release though was an infographic, saying that 100 MB is good for about 400 web pages. This would be an average of 250 Kbytes per page.

The problem is that 250 Kbytes per web page is not a realistic number. Just have a look at the HTTP Archive, run by Steve Souders: the average web page size is actually 1.239 MB, about 4.95 times the number quoted in the infographic.

I looked around: Vodafone's own homepage is four times that at 1.1 MB. The NZ Herald frontpage is 1.6 MB.

The survey was conducted with Flight Centre agents who travel abroad. Their own home website is 1.3 MB.

Surely numbers sent out in an infographic should be a bit more realistic?

UPDATE: Here is Vodafone's comment on this:

As I'm sure you will be aware, the size of a webpage not only depends on the page itself but also the device you are using to access that page.  For example, if viewing a media rich webpage on a laptop it will be larger than if you were browsing it on a mobile phone. I suspect that the webpages you reference in your blog were viewed from your laptop or desktop.

The stats we used in the Data Angel infographic were constructed using average values as outlined in the TCF International Mobile Roaming Guide which you can view here http://www.tcf.org.nz/library/e836af40-54d2-4f0e-9098-a69d93305282.cmr

This graphic is based on estimates, as we clearly stated in the graphic itself: "Data usage varies by device. The above examples are based on averages and are estimates only."



Enterprise 20/20

By Mauricio Freitas, in , posted: 27-Oct-2012 11:00

HP is calling IT pros interested in discuss, plan and help build the future of our world, technology and businesses. The Enterprise 20/20 initiative centers on an e-book describing the transformative changes occurring in enterprise technology.

The free e-books are available in PDF and iBook formats, released one a month, leading up to HP Discover EMEA 2012 in Frankfurt:

  • Introduction (available now): To imagine the future of the enterprise, we need to understand the forces that are transforming our world and the technological innovations that are shaping the future. In what new and unexpected ways will technology work for us?
  • CIO 20/20 (available now): Enterprise IT is at a crossroads. This chapter will debate the underlying trends that will affect enterprise IT in the coming eight years and their implications for the CIO.
  • Dev Center 20/20 (available now): If today the typical application "supply chain" involves the business, the delivery teams and operations, what will the supply chain of 2020 look like? How will organizations keep up with the insatiable demand for better apps and features?
  • Marketing 20/20 (available October 2012): Marketers have more clout than ever, and with that comes new levels of accountability. As such, they are investing in a full spectrum of technologies that can help marketing become more data-driven, measuring every aspect of their function.
  • IT Operations 20/20 (available November 2012): Data centers are all going away. Magically, all your IT needs will be taken care of by third-party providers. All of this and more is coming with the data center of the future; at least this is what some people would have you believe.
  • Employee 20/20 (available December 2012): The same trends that are shaping the future of business are changing what it means to be an employee of the enterprise. This chapter will examine the future of employment, including acquiring and retaining talent and performance management.

After reading the e-books you can participate in ongoing discussions around each topic by registering at the Enterprise 20/20 Discussion Hub.

If you're in the USA you can also enter the competition to win US$ 5,000 cash and a trip to HP Discover Las Vegas 2013.



Live webinar with HP and bloggers discussing problems facing enterprise storage

By Mauricio Freitas, in , posted: 27-Oct-2012 09:32

Join David Scott, GM of HP Storage and Chris Evans, Storage Consultant/Industry Blogger, for a conversation on the systemic gaps left by legacy storage.

Hosted by HP Storage Blogger Calvin Zito (@HPStorageGuy), this webcast will cover:

  • The evolution of storage
  • Problems plaguing storage solutions today and in the future

The webcast is scheduled for November 1st at 2:00pm PT (click to see your local time and add to calendar) at http://watchitoo.com/show/wcd-080.

I will be attending (look for Mauricio Freitas). We will also start some discussions on Geekzone IT Pro sub-forum in the weeks leading to the HP Discover EMEA with some great insights and prizes.



Again: use your ISP DNS for better performance

By Mauricio Freitas, in , posted: 19-Oct-2012 11:25

Just finished reading a blog post that shows, once again, that people should use their ISP DNS for better performance when it comes to distributed content.

In New Zealand this is even more important because using a local CDN cache gives broadband users a huge advantage instead of fetching resources overseas through a long undersea cable.

There's a dynamic table where you can check the performance loss/gain depending on which CDN you're targeting. Here is one for Australia:

This table shows how much slower a download will be, based on where the CDN is resolved to.

A positive percentage means performance is worse, negative means performance is better. The first one is Google DNS, the second is OpenDNS.

You see now that using those DNS in Australia (and New Zealand, but unfortunately there's no data in the table for our little country) can make things really bad.

Using your ISP DNS will point to the local cache. Using other DNS will instead point to somewhere else in the world.



Trade Me’s security problem: Wheedle

By Mauricio Freitas, in , posted: 1-Oct-2012 13:13

Just last week we found out someone is bringing big guns to a fight, as Stuff told us Neil Graham was starting an online marketplace business to compete with the one and only Trade Me.

The new web site, called Wheedle wasn't ready for prime time yet when it was first mentioned online and after a few hours of hiccups it was taken offline until its official launch date, 1st October 2012.

In the brief moments the site was up (and down) Geekzone members started reporting some of the bugs around the site (and here as well). The discussion listed simple things such as listings showing completely unrelated images, to a bit more disturbing problem: pages showing someone else's user names and information.

It is great to see since then the mixed up identities problem seems to have been fixed, but other things popped up.

Right now I can imagine some Trade Me folks talking around a whiteboard:

  • Tech Guy: We have a problem with Wheedle.
  • Non-Tech Manager: Sure, it's a worthy competitor, backed by someone with deep pockets to go for the long run.
  • Tech Guy: Not that, but. . . They store their password in plain text, instead of encrypting it before storing in the database.
  • Non-Tech Manager: How do you know this?
  • Tech Guy: I registered there and just clicked the "Forgot my password". The email came with my password instead of link to reset it. It tells me the password is stored in plain-text.
  • Non-Tech Manager: So? That's their problem. If someone finds a vulnerability and manage to download database contents from their server it's their breach of privacy, not ours.
  • Tech Guy: Sure. But reports tells us a good number of people reuse the username and passwords in more than one site.
  • Non-Tech Manager: Are you saying if someone used their same Trade Me email or username and password to register on Wheedle then a bad guy in [insert country with lots of bad guys here] could try those on Trade Me and in some cases actually gain access to accounts?
  • Tech Guy: Hmmmm, yes.
  • Non-Tech Manager: Holy shit, Batman!

We can use another scenario: there is something for sale on Trade Me, and armed with a third party list of valid emails addresses for the buyer a scammer could send out an email pretending to be the seller on Trade Me, saying something like "the item didn't sell, I can offer to you very cheap" and then get the unsuspecting buyer to deposit the payment into someone else's account for laundering.

You might say no one would fall for that. Think again. People fall for simple scams all the time.

I don't know what security they have implemented server-side, but sanitizing input data on the client side is no way to go on life:

If this is done on the client side only, then anyone with interest could easily craft a local page to bypass this weak strategy and send something malicious to the server, potentially gaining access to information stored there through SQL Injections.

The question that popped in my mind was "how long before Trade Me" forces people logging into their site to change their passwords?". Simply put, any third party vulnerability can affect Trade Me as an unintended consequence.

What can you do?

  1. If you are planning to register on any other site make sure you use a different email address, user name and password.
  2. If you already registered on any other site then go there now and change your email address and password.

Just do one of those two things and you will be a lot safer.

And for those on Twitter who said we shouldn't be criticising newcomers. I'm happy to support a new online marketplace in New Zealand but security should be part of design since Day 0. I hope this is something for them to consider, and good luck the days ahead.

UPDATE: just found out that Whedle also use cookies to store plain text username and password for the duration of a session. While cookies are not a problem, storing this in plaintext on anyone's computer could allow spyware to download the credentials from a user's computer, without even have to break into Wheedle's servers. Screenshot by @CooperNZ:



Can we trust app reviews?

By Mauricio Freitas, in , posted: 1-Oct-2012 09:57

Scratch the whole thing. As pointed out below, a change in policy means that now all reviews always show the reviewer's first name, instead of the tag name.

Apologies for raising a red flag where none is needed. I will keep the post below as evidence that I can err as well.

Looking around the New Zealand Windows Phone Marketplace we see very few apps with lots of reviews. Those with many reviews are mainly the big names in games, plus the very good New Zealand made ones. That's why I was curious when I saw the new ASB app for Windows Phone had 39 reviews and a five star rating - every single review was a five stars review.

Then I looked at the names of people reviewing the ASB app: (in the order I see in the Marketplace): Regan, Andrew, Joanne, Simon, Matthew, Ben, Bobby, Royce, Keith, Annabel, Stephen, Darren, User, Jack, Geoff, Peter, Tim, Leighton, Jeff, Bruce, Alastair, Craig, Andy, Angela, Jonathan, Eby, Danil, Karan, Vinesh, Danny, Brian.

Nothing strange there. But let's look at other app reviews.

  • On Sale New Zealand: keithpatton, attaelayyanm, mohitsb, ryancrawcour, jamesfwarren, vmcoll, MulberryQuasar, Fallaenae, darylooh.
  • NZ Radio: User, Shane, Keith, MackinNZ, xStally, iczephyr, UrbanKiwi, SomeBluehippo, GotItWrong, Gavin, mohibtsb, RootedEvergreen, snakes1704, Player531062019.
  • Supermarket Finder: Bruno, seanjackson24.
  • DayOut: tomisbetterthnu, tianhai.
  • NZ Cell Sites: John, Player371984687, Evil Red Diablo.
  • God Defend New Zealand: davidgladstone.
  • NZ Weather: Gortdon, User, Klem0n, dhrot.
  • Weather NZ: Kevin, Keith, SomeBluehippo, suprrudey, Phivii, Mudz12, Evil Red Diablo, tomisbetterthnu, Shiny Empire, wim mertens, Obfukaster, guvnor255.
  • The Official All Blacks Application: User, Klem0n, Player584951968, SatanicAntz, JeffBridges21, iczephyr, stewartisland, sumerman1, CosGirds, AdvisoryCloud, MisterOlly, bigdogphone, scozzard, PeskyBeaver, sista001, Phile Whitehead, Keithpatton, Crispo66, matteusvelloso, nzigel.
  • Fruit Nija: Nick, Steve, Damien, NZ Infection, ArkhamZBest, CurbsideCupatea, RevivalV3, tomisbetterthnu, Pb Elements, FancyAardvark1, normanstrange, CoolestKiwi, Chaks Corner, BrainOffline, PeanutG85, APEKTRON, minalg, M Doms, coaxke88, AtomicSharky, TropicalRajput, The Mega Me.

Ok, I will stop here. Can you see a pattern?



What will be Windows Phone 8 update strategy?

By Mauricio Freitas, in , posted: 15-Sep-2012 09:30

Now that we know Windows Phone 8 and Windows 8 share some of their code, I wonder. Will we finally see an update policy for Microsoft's mobile platform that reflects the one we are used to in our PCs?

For years Microsoft has released operating system updates every second Tuesday of the month (second Wednesday New Zealand time). Only in cases of a real treat such as a zero day exploit has Microsoft released an "out of band" update. This policy has been going on for years and still most people I talk to and remind "tomorrow is Windows Update day" say they never knew it.

On top of those monthly updates Microsoft releases Hotfixes, which are patches that fix small problems in specific areas. For example there's a patch that fixes a problem when plugging a USB hub in a specific type of computers with specific drivers and so on. These only need to be applied if you are experiencing a very specific problem.

Every few months or years Microsoft releases a Service Pack for its operating systems, which contains all the previous updates and hotfixes all in one. It's Microsoft's policy not to release new features in Service Packs.

Then there are other software updates targeting applications such as Messenger, Movie Maker, Skype, Security essentials and others which are not essential part of the operating system but offered by the company.

I wonder if Windows Phone 8 would follow the flawed model implemented with Windows Phone 7, or the more advanced and logical model adopted by the company by its PC operating systems and applications until now?

Perhaps Microsoft should separate the applets built-in inside Windows Phone 8 and consider those as applications instead of core, and release them independently of the operating system.

For example a new feature implemented in its mobile email client could be delivered to users around the world with more speed than before. Instead of waiting for the whole Windows Phone 7 process of sending an entire operating system to OEMs then waiting for those to customise each image to different devices, then waiting those to be sent to each mobile operator around the world for approval, then the slow staggered delivery perhaps Microsoft should consider making these updates to apps independent of the entire chain and deliver them directly to end users.

This would speed up adoption of new features, use existing Windows Update infrastructure and get slow OEMs and mobile operators who are not actively supporting the ecosystem completely out of the picture when it comes to happy users. The chain of approval would only ever exist for core operating system functions.

This is completely different from the strategy used by other smartphone platforms too, and could be a differentiating point.

Somehow I think Microsoft would never do that though.



A few quiet yarns

By Mauricio Freitas, in , posted: 11-Sep-2012 11:13

For months Ryan Ashton (LinkedIn login required) has invited me to attend "A few quiet yarns" in Auckland. For months I politely declined seeing I am based in Wellington. Then I was attending the Microsoft TechEd 2012 and the September event was happening just that week, so I went along with Paul Spain.

Ryan describes the event as

"A few quiet yarns" is a distinctly Kiwi styled event where the emphasis is on meeting people in a social sense to find out who they are and what their story is, forming a relationship that sets the scene for business engagement or introduction to a relevant contact of your own.

Everyone gets introduced to every one by Ryan Ashton, event organiser the recent maximum test was 135 attendees - this makes it a very personal event where the barriers to engagement are reduced.

No "hard selling" is allowed and typically, "no fees, no speeches, no sponsors" is the catch phrase, however, sometimes there might be short guest speakers or debates under the name "Town Hall Session" - an extension of the distinctly kiwi style where important matters were discussed by everyone who attends.

I first met Ryan while he was working at ICONZ, now working for Fronde and had no idea of how capable he's of connecting people. Seriously, at the start of the evening he took the stage and recited everyone's name and occupation before telling people to go on and introduce themselves to each other. Incredible memory skills there!

Join the group here to get invites to the next evenings: http://www.linkedin.com/groups/Few-Quiet-Yarns-4037178/about



freitasm's profile

Mauricio Freitas
Wellington
New Zealand


I live in New Zealand and my interests include mobile devices, good books, movies and food of course! 

I work for Intergen and I'm also the Geekzone admin. On Geekzone we publish news, reviews and articles on technology topics. The site also has some busy forums.

Subscribe now to my blog RSS feed or the Geekzone RSS feed.

If you want to contact me, please use this page or email me freitasm@geekzone.co.nz. Note this email is not for technical support. I don't give technical support. You can use our Geekzone Forums for community discussions on technical issues.

Here's is my full disclosure post.

If you'd like to help me keep Geekzone going, please use this Geekzone Amazon affiliate link when placing any orders on Amazon.



Social networks presence

View Mauricio Freitas's profile on LinkedIn


My Blog by tags...

Blog...
Entrepreneurship...
Media...
Personal...
Technology...
Viral Marketing...
Web Performance Optimization...
Windows...
Windows Phone...

Other recent posts in my blog

Going to Microsoft TechEd New ...
State of Browsers Geekzone Mar...
Free speech...
Testing the Kingston DataTrave...
Telecom enforces SSL email, us...
Windows XP end of support: 8 A...
Take a bit of time to cleanup ...
Geekzone is a 2013 ESET NetGui...
Telecom NZ 2014 New Year decis...
Spammers on LinkedIn...

New posts on Geekzone