Monday, April 27, 2009

Five tips to being more professional on social networks

As more 30- and 40-somethings login to Facebook, begin to Tweet, add their credentials to LinkedIn and post pictures of their family vacations to Flickr, it becomes harder to separate your work and personal personae. And as more employers begin to use these social networking sites to vet their new hires – assuming that people will start to have new hires at some point in the future once this miserable economy turns around – the situation is only going to get worse.

What got me started thinking more about this was that I am giving a speech next week to show people how to make the most of LinkedIn, one of the leading social sites that is used by a wide variety of professionals to look for work and polish your resume, qualifications and recommendations from previous employers. Granted, this is not a new topic – people have been having problems with what they say online for years. Heather Armstrong, who's Web site created the verb that is used when someone is fired over their blog, was fired over her blog many years ago (her new book is a real treat and a collection of some of her writings that is a true joy to read). Now generates thousands of dollars a month in ad revenue. That is taking lemons and turning them into not just lemonade, but Absolut Lemon, or maybe even Absolut Gold.

So here are some recommendations for those of you that are new to this whole Internet thing, to pass along to your less-clueful friends and relatives.

First, keep sex, politics, religion, and family out of your online life to the extent that you can. If you feel that you have to tell the world about these things, think about how a potential future employer might react to seeing this stuff in your profile. No one really wants to know that you are a member of the "Republican Party of the Virgin Islands" (as one of my Facebookers put it), whatever that means. Another friend is in a committed relationship with his dog, again, not something I really want to find out the details. And those married folks that indicate that they would enjoy having relations with a third party are just too icky for me. Leave some blanks spaces in your profile in these areas. Too much information!

Second, tell the truth. If you are single and looking for love, then by all means go online and do your thing and misrepresent yourself however you see fit or whatever you think will attract potential partners. But when it comes to talking about your professional accomplishments, don't exaggerate, invent new job titles, degrees, or whatever other credentials that you don't have. It isn't worth it, and eventually it will come back to hurt you or prevent you from getting that plum job that you covet. There is also no need to document every waking and sober moment since college either: just hit the most recent highlights for now. And when it comes to those non-sober moments, leave that info on the cutting room floor. No one really wants to see your expertise with using beer bongs.

Third, if you are one of the unfortunate ones who are presently between jobs, make LinkedIn and other sites part of a daily ritual. Whether you spend a few minutes or hours isn't all that important, just so that you spend some regular time updating your profile and seeking out to expand your network.

Fourth, decide on what your "friending" policy is going to be and be consistent, at least for inside each social site that you frequent. For example, I am most stringent with the people that want to network with me on LinkedIn, and only accept connections with people that I have actually met face to face, or who have been long-time email correspondents. I also routinely refuse connections from headhunters and HR people, because I am not interested in enriching their businesses with my connections. But on Facebook, I have a more liberal friending policy, just because.

Finally, spend some time thinking about how you acquired your existing professional friends: do you like to meet and greet at industry conferences? Are you more of a small group or large group socializer? Do you prefer one-on-one situations? Did you ever co-author anything and enjoy/detest the experience? Do you tend to keep work colleagues around for many years that last past the time on the job? Were you popular in junior high or peaked in sophmore year? Do you still stay in touch with your frat brothers or sorority sisters?

Remember that most of us are still pretty new at MyBook and Friendspace and that even Oprah did her first Tweet in ALL CAPS. Do experiment and try different strategies, and feel free to share what works for you if that is appropriate. Just don't send me any links to those toga party pix.

Monday, April 20, 2009

Buying a cheap 8 GB PC

What is the cheapest PC you can buy that can sport 8GB of RAM? You would think this was a simple question, and within a few minutes of online shopping you could figure it out. Alas, this has turned into Yet Another Project, and I am nowhere near the answer.

Why would anyone want such a machine? Any 32-bit version of Windows can't use much beyond 3 GB of memory. If you are going to effectively use 8 gigs of memory, you need a 64-bit operating system. I actually have one that I am using right now – my Mac OS. But getting a Mac with all that memory means getting their pricier Mac Pro desktop. And while you can save some money by getting a used Mac Pro, by the time you bulk it up with enough RAM and disk, it isn't much of a bargain anymore.

My reason for all this RAM is to host a collection of virtual machines for testing purposes. VMs consume a lot of RAM, and there are situations where I want to be able to run more than one VM at a time for testing networking products. I have been using the desktop VMware Workstation along with Fusion on my Mac, and have quite a collection of VMs now that I use in my tests. But my Windows PCs only have 2 GB of RAM, so I can't really run more than one VM at a time. I needed something more powerful. A few months I had a client that sent me a DVD with seven different VMs on it to use for a series of tests.

So I thought to contact a system builder friend of mine and I ask him to spec out for me what I called a "white box ESX PC" – ESX is VMware's virtual server operating system, and it is designed for this purpose, to run a lot of VMs on a single physical piece of hardware. And while ESX technically isn't 64-bit, it can run very effectively with lots of memory.

But getting the right configuration was tricky, because it is also not designed to run its VMs on an ordinary hard disk that you would find in your average desktop. There are some discussion forums on this topic, but we were in uncharted territory.

To see what I was getting myself into, HP loaned me one of their Proliant servers that comes with ESX pre-installed. (Most of the major PC server makers have a selection of pre-installed machines with either ESX or Citrix' Xenserver, but these are not low-end machines.) It took me weeks of effort to get the right licensed software from VMware to operate it and put the VMs on the box. I realized that ESX wasn't going to work for me --there was just too much overhead. And while VMware gives away a freebie version called ESXi, I was too fed up at this point to try that route. If you want to learn more, check out this article:

So then I went online and starting poking around to see if I could order a desktop PC with 8 GB of RAM and be satisfied running the 64-bit Vista OS. I first went to Dell, mainly because I buy a lot of Dells and can find my way around their Web site. Back in the day when megabytes were a lot of RAM, Dell was one of the first vendors to sell PCs with 4 MB installed. But despite this history and familiarity, it wasn't easy to search their Web site for an 8 gig PC. Lenovo has one line, the ThinkCentre M58, which sells for about $1200. HP has none that I could find on their Web site, which is odd because when I went to Newegg's Web site I could find more than 20 configurations, some of which were pretty capable HP machines, all for around $1000.

The other issue with running a lot of VMs besides RAM is that you want the right CPU inside your PC, one that supports the virtualization extensions called Intel-VT or AMD-V. Neither company makes it very clear which of its Dual Core Duo this or that processor actually supports these extensions. Check out this discussion here:

What I do know is the aging Dell desktop that I bought three years ago doesn't have this support. Sigh. Here is a link to a discussion forum on Anandtech that goes into more details:

So meanwhile I haven't bought anything yet. If you have any advice, you know where to find me.

Wednesday, April 15, 2009

Cheap choices for Web hosting

These days, it doesn't make sense to pay a lot of dough to host your Web site. I am going to give you three alternatives that won't cost you more than $5 a month. All three are great for people who don't have a lot of HTML coding expertise and don't want to shell out the big bucks to pay for graphic designers and programmers. I have built sites using all three methods and while they do have their limitations, they are all acceptable for handling the basics, and in some cases will do a lot more advanced things as well.

Let's start off with GoDaddy. First, we choose whatever dotcom name your little heart desires, and hopefully is still available.. Next, we take a look at what GoDaddy offers for its own Web hosting plans. If you go to their sign-up page online, you will see lots of choices. Pick the Economy Plan for Linux. If you want to host more than one domain from the same server, you would pick the Deluxe Plan. You can get a better deal for two-year contracts if you call their customer support line rather than signing up online. Still, it works out to $5 a month, on top of the registrar fee to register your domain.

Why Linux? Because we will be using their installation, and that works better on Linux. You don't need to know anything about Linux to run your site, you get the same great features of having a world-class blogging platform that you have with a hosted site, and you can do a lot more with it as well.

Included in the GoDaddy hosting account are a ton of free applications. Besides Wordpress, you can install Drupal, Joomla, Mambo, PostNuke, various shopping cart applications, phpBB, and dozens more. The Wordpress install is very straightforward and takes a few minutes, and once that is done you can use your Web browser to run just about everything that you require.

Using GoDaddy-hosted Wordpress is great if your content can work within the blogging format, if you want better control over your pages than you would get with, and if you want to add ads and analytics to your site but don't want to build your pages from scratch. One thing that the self-hosted Wordpress isn't as good as the dotcom hosted is the ability to stream video content. You are better off using the dotcom hosting and buying the 5GB space upgrade and running your videos there.

Let's move on to the second method, using Microsoft's OfficeLive Small Business hosting account. What I like about OfficeLive SB is that you can buy your domain name through Microsoft, although if you plan on moving it to some other provider later on, that might be difficult. Microsoft also doesn't charge you for the first year that you have the domain, and then $15 a year thereafter. You can't beat that price. You go to the following page to sign up:

The Microsoft plan is great if you have Windows and a relatively recent version of IE (v6 or later, running on XP or Vista) that you are going to use to build your site. They give you some simple templates for your page design, and if your site is going to be composed of a few static pages, then this is a really fast way to assemble a site and the price is rock-bottom. They will also hide your domain registration from public whois queries as part of the deal.

What about the third method? Check out the site They offer free web site hosting, ties into Gmail and for domain registration as part of their package. I don't care for because they charge $35 a year for registering your domain where GoDaddy and others charge less than $10, but what is appealing about Weebly is that you have a lot of control over page design and widgets and templates as well as integration into Google's Gmail for your domain. The basic service is free, but if you want more than the freebie site – such as password-protected pages, audio players and support, it will cost the same as a more capable GoDaddy account, about $4 a month.

All three will give you more email addresses than you know what to do with, and all are good starting places for your own exploration for other hosting providers, which are overwhelming. Feel free to share your own recommendations here.

Monday, April 6, 2009

How to search for airline travel using

You gotta like someone who can reel off the three-letter airport codes for such obscure places as Reykjavik Iceland (actually they have two airports, KEF and RKV), the Congo (BZV) and Colima Mexico (CLQ). Then perhaps it is no surprise that Bryan Cooley's latest invention,, is a nice service that figures out which airlines fly between any two city pairs around the world.

Those of us who are frequent flyers know that any business or leisure travel journey begins with the first step of a Web search of potential airlines that can carry our tired and cramped bodies squished into a coach middle seat. And while Expedia, Orbitz and their ilk are reasonably good at computing fares, they don't do as good a job of incorporating the low-cost carriers like Southwest, RyanAir, EasyJet, and others that have cropped up over the past decade. Even, which is one of my favorite sites to narrow down a search of which airlines offer service, isn't as good as Optifly in identifying the various routing paths that are available.

The site, which will launch "real soon now" according to Cooley, is the essence of simplicity. You type in your two cities that you want to travel, and it produces a Google map (or Earth) mashup showing you the connection points. "Most international trips require at least two or three flight segments," says Cooley, and this means it can get complicated. His service will also show you nearby airports too. The site still has some small bugs but works well.

But behind its simplicity lies some very sophisticated search algorithms, and as someone who studied optimization theory in grad school I can appreciate this. Cooley tells me "When you consider there over 40,000 unique flight paths, there are in excess of 100 billion route possibilities to consider for a few hops, and we can handle routes with as many as 10 hops, something that the flight booking services can't even begin to deal with."

What the site doesn't do at all is optimize for costs, but based on its route visualization and transfer points, you can do that research using the usual travel booking sites. Once you find a connection city that will work for you, you can do a better job narrowing down how you are going to book your ticket and probably get a better fare as a result. Cooley says it has saved his early beta users hundreds of dollars in ticketing fees, which is a good thing we can all agree in these penurious times.

Optifly's challenge is to stay on top of the many airline routing changes that are posted each day – while most of these are individual flights they still do change their routing and frequency of service. The site will show you which flights aren't available on certain days of the week, which gets complicated especially when you fly across transpacific and you arrive almost before you depart, or skip a day depending on which direction you fly. Once upon a time I skipped my birthday going to a speaking engagement in Tokyo – that wasn't a fun trip. Another time I celebrated my birthday on a flight to Taipei with a co-worker on our way out to Computex.

Wednesday, April 1, 2009

How to stay secure in these insecure times

This isn't any April fool's story, but a rather depressing one about how easy it is to compromise a corporate network. Markoff's recent story in the New York Times got me looking for the research paper by Anderson and Nagaraja that should be required reading by anyone in the email and network security space.

The paper describes a determined attack on the exiled government offices of the Dalai Lama by purported agents of the Chinese government. It is a chilling account of how easy it is for hackers to penetrate a network with a little bit of social engineering and a lot of clever programming. While none of this is new, what is new is how it is getting harder to keep the bad guys out.

The Tibetan government contacted the authors of the paper when they observed suspicious diplomatic behavior. The authors found the following disturbing items:
 A number of successful logins were observed to the Tibetan's US-based hosting accounts that came from Chinese IP addresses, none of which originated with genuine Tibetan users,
 Social engineering tactics were used to obtain the email identities of many Tibetan government officials who were then sent a number of phished emails
 The emails contained rootkit programs masquerading as ordinary documents from apparently legit sources
 Once the attachments were opened by Tibetan monks by mistake, the rootkits were then used to obtain more information and compromise other users on the network.

What is interesting about this case was the combination of malware and "good guessing" – which is really what social engineering is anyway -- by doing research on the Tibetan communications, to find plausible email addresses of their correspondents, so that the phished emails would be more likely to be opened by the exiled monks. The guessing was made easier given the nature of the Tibetan diaspora and how open the monks are about their activities and outreach.

Here is the nut graph of the report:

"Until recently, one might have assumed that it would take a ‘geek’ to write good malware, and someone with interpersonal skills to do the social manipulation. But the industrialisation of online crime over the past five years means that capably-written malware, which will not be detected by anti-virus programs, is now available on the market. All an attacker needs is the social skill and patience to work the malware from one person to another until enough machines have been compromised to complete the mission. What’s more, the ‘best practice’ advice that one sees in the corporate sector comes nowhere even close to preventing such an attack."

So what countermeasures can a typical corporate IT person take? Certainly, encrypted email should be used more, and while this is something that I have written about for more than a decade, I probably will still be writing about it 10 years from now. (None of the Tibetan emails were encrypted.) Second, when possible, use separate networks for external communications that don't contain operational elements of a company: don't put your payroll on your SMTP mail servers, use firewalls or even physically separate networks, and so forth. The authors state: "It would in our view be prudent practice to run a high-value payment system on a PC that does not contain a browser or email client, or indeed any other software at all." Of course, as the Internet becomes more pervasive, this becomes harder to do.

Next, don't open unexpected attachments, and certainly be careful when receiving unexpected documents, even from your usual correspondents. And as we conduct more business over social sites like Facebook and LinkedIn, be wary of what you receive there as well: the bad guys are using fake accounts and expanding their reach to phishing these sites. Just because someone is your "friend" doesn't mean that they are actually legit.

Finally, take a look at data leak prevention appliances and tools. While these are expensive, they can save your bacon and do a tremendous job at detecting abnormal situations. A good place to start is with Code Green Networks, one such product that I review over on my series of videos. The company tells me that every installation has resulted in finding someone doing something that they shouldn't be doing within the first week of use.

About Me

My photo
David Strom has looked at hundreds of computer products over a more than 20 year career in IT and computer journalism. He was the founding editor-in-chief of Network Computing magazine, and now writes for Baseline, Information Security, Tom's Hardware, and the New York Times.