I'll keep publishing

New OR (Michael Osterman @mosterman) policy study: 19% of decision mkrs are very concerned about sensitive/confidential info being sent out of their orgs through Twitter.

Cleartext ESM - Twitter Data Leakage Study

This is good news for Cleartext as our ESM (Enterprise Social Messaging) platform provides a solution to this concern in that we archive and can word filter micro-blogging.

Finally XMPP at Facebook – only client-server at the moment though, but that’s a good start…

http://blog.facebook.com/blog.php?post=297991732130

Here’s a screen shot of me connected using Psi for Mac(also available for Windows). As you can see I’m not a huge Facebook user

I thought people would like to have a peek at a screen shot of the current development version of the Cleartext ESM (Enterprise Social Messaging) desktop client.

Cleartext Enterprise Social Messaging

It’ll be a free download for Windows, Mac and Linux and included in our XMPP SaaS IM & Micro-blogging offering which will be available Q2 this year.

Think of Cleartext ESM as an XMPP IM platform that supports public IM and micro-blogging over XMPP(via gateways), includes URL shortening, character count and various Twitter specific functionality.

Contact us if you’d like to be on the beta program, we’re particularly interested in hearing from organisations looking to roll out IM or micro-blogging for their staff and require word filtering and archiving etc for compliance reasons.

I’ve had enough of being ripped off for mobile data roaming so I’ve sent this to Orange UK and Vodafone Au. You’d think that as a Vodafone client my data costs would be the same both here and in the UK, or anywhere else for that matter.

Running an international SaaS (Software as a Service) business I know that ‘international’ data doesn’t cost 10 times ‘local’ data, imagine Cleartext charging clients in the USA ten times what we charge people in Australia… it’s time the mobile data rip off was stopped, much like the EU’s hammered telcos for voice roaming recently.  So here it is;

—
Attn: Customer Service management, Product Management.

bcc: Vodafone Au, Orange UK and my blog.

re: international mobile data roaming is still painful, it shouldn’t be.

I’d like to lodge a complaint about the amount of our latest Vodafone (mobile number 0*** ***1) bill attached, and the quality of technical and customer service (rude, unhelpful staff) at Orange (mobile number 0*** ***5) High Wycombe store.

Before travelling to the UK from Australia I enquired about mobile broadband via my iPhone and was informed that I could purchase a mobile data roaming plan for about $300 that gave me a couple of hundred megs of data. Obviously running a small business and staying online whilst in the UK this is just not economical so I decided to get a mobile broadband dongle in the UK. For example about $80 gets 2-3Gb of data,

On arriving in the UK we chose a dongle from Orange because the Vodafone staff in a retail outlet told us that coverage was not good in our locations, Orange said they had good coverage. The reality was that Orange had almost no 3G coverage so we returned the product and purchased a Vodafone dongle, this worked very well and we were happy with the results.

However during the period that the Orange dongle was less than useful I had to connect and used my Vodafone iPhone with mobile data roaming. I did this for about a week, (recall we were snowed in) switching data on and off as needed. The end result is not nice with a bill for ten times my usual monthly bill for 3G data.

Orange: Your service did not worked as explained by your retail staff, our plan was cancelled, but we were still billed via our credit card, this has now been corrected. BUT your staff would not refund the cost dongle, even returned in good packaging. What use is a dongle with no service, what would your industry body or trading standards think of failing to address a faulty product/service combination?

Vodafone: Having been a customer for many years I’d like some negotiation on this invoice and a credible explanation of the excessive charges incurred, especially in the contexts of the European Unions recent ruling on mobile roaming. Running an international Software as a Service business I fail to understand these excessive data costs, even allowing for differences in international market pricing for data I’d still only expect a maximum of double the fees.

Overall not much has changed over the last 10 years with regard to mobile roaming, either voice or data. I’d have thought that by know I could simply plug my iPhone into my laptop and get a data connection anywhere Vodafone has coverage, globally, without feeling like I’ve been ripped off. Charge a premium yes, but 10 times, that’s just outrageous.

Looking forward to some constructive dialogue on this issue.

best regards,

David Banes
Director & CEO, Cleartext
Director & Secretary, Internet Industry Association
—

• New computing strategy: iPhone + 2 x iMac (home & office), #iPad replaces MacBook for sofa & travel email & surfing.
• #iPad case, first time I’ve seen a portable computer with a custom made case for years. Last was my Olivetti DOS laptop in 1989 I think
• RT @DDrazic: Will iPad have arm strap so I can out do those dudes at the gym that strap iTouch and iPhone to their arms when training?
• RT @jamiepride: On reflection the iPad is targeted at netbooks – will be interested to see how competition to plays out in this space. #ipad
• #iPad conclusion for someone with an iPhone & new MacBook Pro. Luxury coffee table item, but worth popping into your Apple store to play
• So the magic in the #iPad is the software, ignore the ‘overgrown iPhone’ look and lac of connectors etc

Well it’s looking like it…

—-

cleartext01 ~: telnet chat.facebook.com 5222

Trying 69.63.181.104…

Connected to chat.facebook.com.

Escape character is ‘^]’.

quit

<?xml version=”1.0″?><stream:stream id=”none” from=”chat.facebook.com” xmlns=”jabber:client” xmlns:stream=”http://etherx.jabber.org/streams” version=”1.0″><stream:error><xml-not-well-formed xmlns=”urn:ietf:params:xml:ns:xmpp-streams”/></stream:error></stream:stream>Connection closed by foreign host.

cleartext01 ~:

—-

Listen to Conroy on filtering, is he deliberately missing the point?

It’s not about performance and what you’re blocking it’s about the fact that a western democracy is putting a Chinese type firewall in place.

Let’s not even get into effectiveness, URL addresses change far faster than a government department can keep a list current and much ‘bad’ material is in fact NOT sent by web but by encrypted email and p2p.

I was flicking through an older Slideshare presentation called ‘Microblogging via XMPP‘ (Extensible Messaging and Presence Protocol) and it occurred to me that whilst there’s no doubt Twitter has redefined public internet messaging it’s not speeded up one to one or one to many communication, in fact it’s slowed it down.

Take the points from slide 6:

London – Calcutta, message + reply (Peter Saint-Andre)

• 1800: 2 years (ship)
• 1914: 1 month (steamship)
• 1950: 1 week (airmail)
• 1980: 2 days (overnight mail)
• 1994: 10 min (email)
• 1999: 1 sec (IM)

It suddenly struck me that because Tweets are sent and received via HTTP polling the delivery time is more than a 1999 IM.

So a quick test between 2 Twitter accounts using Tweetie and Seesmic to DM saw 2 mins 55 secs for the send and 2 mins 29 secs for the reply. That’s 5 mins 24 secs for a simple “Hi” and “Hello” back. Interestingly I got the email notification of a DM before either Twitter app picked up the DM.

So our new bullet point would be;

• 2009: 5 min  (micro-blogging)

It’s entirely legit to say that services like Twitter are a whole new category and aren’t supposed to be real time, but how many users of such services expect them to be? I know a few people that think Twitter is close to IM, when in fact trying to have a one to one conversation over twitter isn’t really possible in the same that it is over instant messaging.

So it’s with this in mind that many people, including Twitter during mid 2008, looked at XMPP to help deliver a more real time experience for micro-bloggers. In fact the ‘Microblogging Over XMPP’ specification was updated mid 2008 and describes a way to deploy close to real time micro-blogging.

Some alternatives to Twitter use XMPP (Twitter dropped ‘official’ support mid 2008) gateways, services like Jaiku, identi.ca (status.net) and FriendFeed. XMPP has also been picked up by Google for GTalk and Google Wave, Wordpress and Yahoo! for various projects.

Many people, myself included, use an XMPP chat program to ‘tweet’ via these gateways so that we can microblog and IM from the same application. (In fact Cleartext will soon be releasing such an app).

So Twitter will probably do just fine with long gaps between messages and HTTP polling but my intuition tells me that in an age when everyone wants more and faster ,that an XMPP based real time federated micro-blogging service may just catch on and even replace IM.

I’d like to see that bullet point read;

• 2010: 0.5 sec (real time micro-blogging)

David Banes.

Footnote: There’s also an open microblogging standard called, Open Microblogging, but this is HTTP

I believe that IF there was a God then this God would see us all as equals under one church. I’ve formed the opinion that the core values mainstream religions teach strive to create compassionate, honest and caring attitudes towards all living things and that these core values are in fact independent of religion.

I was just reading this Ferris piece on Exchange mailbox sizes and thought it would be useful to document Cleartext’s strategy for our hosted email clients storage. The Ferris article starts;

‘Exchange 2010’s database strategy is very interesting. The new Database Availability Groups and the benefits they offer for data protection and quick recovery are striking.

Overall, Microsoft is optimistic that mailboxes will be able to grow to 10GB or more. However, it’s unclear how large mailboxes will perform in practice. Several concerns spring to mind:’  read more…

We (Cleartext) offer both mailbox hosting (via an Axigen ISP platform) and SaaS email archiving.

Our strategy is to keep hosted mailboxes as low as 200-500Mb and bundle these mailboxes with the SaaS archiving service for permanent email storage. This has several advantages;

1) Users mailboxes are easier to manage and migrate if needed and are less prone to data loss caused by IT systems issues or more often ‘user error’.

2) The SaaS archive has full text and attachment indexing meaning it’s quicker and easy to find email when needed.

3) The client can implement their retention policy on the SaaS platform to ensure compliance with eDiscovery regulations. Avoiding issues where staff delete email from their inbox.

This is a change to the usual large mailbox offerings from organisation slike Google but we believe is more appropriate for business deployments.

We often notice that despite our advice clients insist on leaving a ‘backup’ MX record in their DNS, this means that they a) don’t understand how spammers operate b) don’t understand that we have primary, secondary and tertiary routes for their email.

So I thought it timely to explain how MX routing works and why it’s not a good idea to leave an  ‘extra’ MX record in place that DOESN’T point to us. Lets assume your companies domain name is ‘your-company.com’ and you have such a backup record in place, lets say it’s value is 100 and it’s named postoffice.your-isp.net.

Mail servers route inbound email for a domain to the MX record with the lowest value, so looking at your MX records;

your-company.com.    3600 IN    MX 10 mx811.clearemail.net.
your-company.com.    3600 IN    MX 30 mx813.clearemail.net.
your-company.com.    3600 IN    MX 100 postoffice.your-isp.net.
your-company.com.    3600 IN    MX 20 mx812.clearemail.net.

Any mail server sending mail to anyone at ‘your-company.com’ will try to deliver to us at  the MX 10 value above (mx811.clearemail.net), and if that fails then 20, then 30. If all fail then the sending mail server will try to send to MX 100. postoffice.your-isp.net.

Often clients initially setup a backup mail route like the MX 100 you have above because there’s a worry that the main routes will all be unavailable, which is very, very remote given these (MX 10, 20, 30) all point to different parts of our infrastructure.

The reason we advise against this practice is that spammers have realised that some organisations do this so they send their spam to the highest route first, that would be to MX 100. This routes the email to your-isp.net and that system will then deliver email to your mail server. This bypasses Cleartext (or any other managed email security platform) thereby causing several things to happen;

1) Our multi-layered spam and virus filtering will not be applied.
2) Inbound email will not be archived and therefore unavailable for e-discovery
3) Any custom email rules, perhaps for HR reasons will not be applied
4) This inbound email will not be recorded anywhere in our logs because it’s bypassed us.

Looking at the above, 1) isn’t too much of an issue because your ISP may be applying rudimentary filtering therefore catching some of the spam, but they may let through phishing emails, trojans etc, 2) could be an issue because this email won’t be archived which means you may not be complying with e-discovery legislation and 3,4) could also be an issue if you need to trace email that someone says they sent to you, or HR needs to for some reason.

Now it’s arguable that 2-4 above won’t be too much of an issue because legitimate mail servers will send to 10, 20 or 30 first, but even so there’s still a chance genuine mail will route this way and do you want that if you end up in court with the other party doing email discovery on your organisation?

So, to summarise, if you use a managed email security service and have such a ‘backup’ MX record in place you currently have a ‘backdoor’ into your email system which could let spam or malware in and that routes email without your corporate policy being applied.

So make sure you don’t get caught out by having email routed around the very platform that’s supposed to be providing your email security and compliance requirements.

‘No speed limit, no crash barriers and no street lights’, that would have been fun at night in a fast car Some great picture here.

We had a glorious weekend and I actually managed to avoid doing any work, well all but 30 minutes.

I also managed to order replacement wing mirrors for my Rover, someone managed to clip the drivers side mirror while it was parked so it’s a good reason to buy two new ones.

Your credit balance has expired

Unfortunately, your Skype Credit balance has expired due to 180 days inactivity on your account. We sent you three reminder emails, but as we explained, this now means the balance you had in your account has been cleared.

Below is the Skype Credit expiry policy, detailing why your balance expired.

What are the rules for Skype Credit expiry?

1. Skype Credit expires 180 days after your last credit purchase or action that used credit, for example, calling a phone or sending an SMS message.
2. Each purchase, call or SMS message resets the expiry time to 180 days.
3. You will receive reminder emails 30 days, 7 days and 72 hours before your credit expires.

Talk soon,
The people at Skype

- Obviously not as my credit has been ’stolen’.

Because they can.

Many times in the last 20 years I’ve seen independent  software vendors and IT solution providers flounder following an announcement by Microsoft about a new product. It seems that if they (Microsoft) see  a lucrative new area they announce early, often before they have anything to show let alone sell.

They’re at it again, announcing in April this year that Exchange 2010 will have archiving, but where’s the detail? What will it do, how much will it cost, will it support non Microsoft email servers?

There’s a problem with this, and it’s verging on unfair competition, they are effectively advertising something they don’t have. Is that even legal I wonder?

This can have a big impact on the sector in question. End users postpone a buying decision citing “waiting for Microsoft” which causes vendors of competing solutions sales pipelines to dry up or stall.

These same vendors have to re-evaluate their product roadmap, adjust their sales and marketing strategies all based on something that’s not real yet.

OK, so this is just ‘normal’ competition, Microsoft aren’t the only ones who announce ‘vapourware’ But given they have a near monopoly in many areas and have been proven by the courts to behave badly we should all be concerned.

I for one refuse to be held to ransom by a vendors promise to deliver ’something’ when there are many good, some would say better solutions out there that work with these vendors systems. Innovation is alive and well on the ‘internets’, you don’t need to wait, there’s a solution out there already.

Why wait? In my experience you’re bound to end up paying more for a less compelling solution, delivered by a monolithic ‘old skool’ business that really only cares about share holder dividends.

- Disclaimer: Cleartext doesn’t sell or supply any Microsoft products or services, but we do sell compatible solutions that are far better, including a very nice email archiving service that works with all types of mail servers.

That’s a technical term, and CAN-SPAM appears to mean what it says on the tin,’can spam’.

It seems that more and more US businesses are realising they can spam everyone as long as they put an opt out on the email. What were the legislators in the US thinking when they dreamt up that gem.

At least the Australian Anti-Spam Act 2003 mandates an opt IN regime not an opt out.

Spam is definitely getting worse, but as I’ve said before it’s now ‘proper spam‘ from real businesses not just random viagra junk.

- end of rant.

I’m obviously biased, I’m an XMPP fan, but I can’t help but think that Mozilla’s Raindrop project, in the context of the real time web, is missing the point.

It’s going to be a similar argument that swirled around Twitter in the middle of ‘08. The big question asked then was why did Twitter drop a pubsub push messaging model for tweeting (XMPP) in favour of a polling (HTTP pull or fetch) model?

Surely in the real time web we need  a real time protocol, or close to it. Something like XMPP. We’ve all noticed that Tweets often have more latency than email, that’s because we’re all polling twitter and fetching updates, believe or not email is a push model (SMTP + IMAP/IDLE), that’s why it’s faster!

So I was disappointed to read;

Raindrop uses a mini web server to fetch your conversations from different sources

I was half hoping that these guys had produced a ’stripped down’ simpler to implement XMPP type protocol. Alas no, we’re still playing ‘fetch’.

Even something like Pubsubhubub is moving in a reasonable direction. We really do need ‘always’ on connections if  the real time web is going to materialise any time soon.

I suspect the Mozilla guys are really trying to give us an ‘open’ version of Google Wave, which is a nice goal to aim for anyway. At least the guys at Google reaslise we need real time server-server federation and used XMPP for that part of Wave.

I’m afraid Raindrop looks like ‘just another’ attempt to merge multiple message types in a single innovative GUI, there are many projects that have attempted this, ours included

CRM – We binned SugarCRM last month because it became too time consuming to keep it up to date (it’s not very intuitive and ‘clunky to use, if you want a good CRM go here ) and the contracts support was terrible. I realised that running a SaaS business we needed a contract management system with some customer management features, not a CRM.

So we’ve built something simple in house, just 45 hours work with trusty PHP/Apache/MySQL. We now have a system a that tells us when contracts are close to renewal time, the revenue, costs and margin they give us. As a bonus the system calculates the upstream license fees to third party vendors (virus & spam for example) for active contracts.

That’s it, no complicated sales funnel, multi-stage lead-opp-close process, just simple tasks associated to each customer record, like ‘call’, ‘email’, ‘task’, ’support’ and that does us nicely.

We’ll add document attachments soon so quotes and invoices can be uploaded, that means we can ditch BaseCamp (tasks), Clearspace -(document management) as well as SugarCRM.

There’s a big upside in that we can continue to enhance the system to suit our own needs, being in IT  I suppose we’re lucky we have the in house skills.

So, looks like I’m tweeting more than blogging now…

it’s good to see that the UK cheese industry is alive and kicking, article and cheese map (yum!)on the BBC’s web site.

I’ve been writing and talking about the possible changes at Twitter which will pull RT’s out of tweets and into the Twitter API, read the post below this one.

The guys at Twitter are being really great and asking me for my thoughts, so here’s a copy of the email I just sent to Ryan Sarver (Platform Product Manager) and Jeremy LaTrasse (Operations). Please chip in with your own thoughts.

—————————-

Hi Ryan,

I described the issue in my blog post linked below and here again;

http://www.davidbanes.com/2009/09/18/project-retweet-is-twitter-breaking-re-tweeting-for-some-of-us/

But briefly, there will be many third party solutions, both public facing and ‘internal’ company systems that have been built on Twitter expecting the ‘extended’ command structure, that is RT, # etc to be in the message body.

Moving these features to the formal API works well for direct connect apps like TweetDeck and Tweetie for example but will break others especially those like tweet.im where they proxy Twitter for people using XMPP clients.

Cleartext could fix this by updating our generic XMPP client side application and our cloud based gateways (that convert XMPP<>Twitter) to handle the new API’s but in doing so we’d be blocking all our customers using generic XMPP software (like Psi), unless we let them RT and we translate that to an API call, not good.

In summary, from an engineering and usability point of view I can see that this is the way to go for Twitter, just as email has a ‘reply-to’ header that users don’t see.  But from the point of all those who have invested to deliver products and services expecting RT and # etc to be in the tweet body, at best it’ll cost them a significant amount of time and money to ‘re-tool’ at worse it completely breaks their product or service.

I suppose it comes down to product strategy, is Twitter going to remain the preferred conduit for ‘raw’ tweets and leave the extended command syntax to the creative people in the community, or is Twitter going to continually pull new and innovative syntax into the API and ask third party solution providers like TweetDeck, Tweet.im, Tweetie and Cleartext to continually re-engineer?

So, my point is that I’d like to feel comfortable that you guys are taking this into consideration before making this change, after all it’s third party solution providers that help drive the tweets to Twitter and we have to manage our product life cycles as well.

best regards,

David.

PS – I’m going to post this to my blog to see if I can get some comments going.

————————

Looking at my Google Alerts this morning I saw this one;

So after quick read at of this article on ReadWriteWeb I posted the following as a comment.I’ll declare a vested interest in XMPP first, our service Cleartext ESM (Enterprise Social Messaging) uses XMPP.

Now I’ll also say that it’s worth noting that XMPP does enterprise and internet scale and is good at bridging these through an ecosystem of components, I think this is a key benefit.

There’s a third issue with Twitter in addition to business model and latency at large scale (which I don’t believe you can solve with http polling) and that is shifting technology road map.

For anyone to build complicated enterprise and internet level apps on Twitter this needs to be solved and as the platform is evolving rapidly that’s a big ask.

For example parts of our platform rely on the fact that re-tweets and hash tags are in the message. Twitters recent news that RT’s will become part of the API is good news for short messages but bad news for solutions proxying Twitter if only because we all have to do more R&D, which equates to delays to market and increased costs.

I’m firmly believe that email succeeded because its an open, standards based, federated platform. XMPP delivers the same for IM and mirco-blogging. I think this is the real time bus you’re looking for.

I was just reading this, which is all about formalising re-tweets via Twitters API;
re: http://mashable.com/2009/08/13/details-project-retweet/

It struck me that this could break services like Cleartext ESM where we are proxying Twitter for generic XMPP desktop and mobile clients. We don’t use the API at the end point, but at the ‘cloud based’ XMPP<>Twitter gateway, this means any XMPP/Jabber client can access the full set of message driven commands like RT and # tags (are has tags next to get plugged into the API?).

Various other companies, like Process-One, have Twitter gateways for XMPP servers and run XMPP<>Twitter services like Tweet.im. We do this so that people can use Jabber/XMPP desktop and mobile clients to IM and  tweet rather than have an multiple IM and micro-blogging apps.

It makes sense for our corporate clients as well because they can deploy a standard single end point for all their IM/micro-blogging needs, for example, MSN, AIM, GTalk, identi.ca and Jaiku as well, not just Twitter.

Have the guys at Twitter considered this? Or is this second time in two years that changes at Twitter will bounce XMPP users?

Is it that Twitter prefers direct contact with the end points via their API, maybe to route advertising to generate that elusive revenue stream, and if so what does that mean for the myriad of online web services that also proxy Twitter like CoTweet and Seesmic, or are these classed as apps?

I for one would like to get  abetter understanding so that Cleartext doesn’t head down a blind ally with our own products and services, although I can already see that maybe all we need is a customised XMPP end point and some mods to the hosted Twitter gateway.

But then that means we’re no longer supporting standard XMPP apps. Of course we could discover the RT in a tweet and convert it to an API call at the gateway.

I suppose what we really need is a federated Twitter clone that a) uses XMPP and b) leap frogs Twitter in the popularity stakes, time for a laconi.ca/status.net based success story maybe? That’s a big ask.

I’m assuming Apple have done all the research around the risk, both security and copyright for this new feature in iTunes;

—

• Home Sharing helps you manage your family’s iTunes collection between computers in your home. iTunes can automatically transfer new purchases, or you can choose just the items you want.

—

I recall some research MessageLabs did around 2003 that said email sizes averaged less than 20k, in fact maybe the number was 16k.

Anyway about  a year ago I took a look back over 2008’s data and we were seeing an average size of about 30k, the same view this year and I see that the average size of an email is now around 70k for outbound email and 200k for inbound email.

So that looks like an 85k average email size to me which is fair jump from 2003’s 16k. Note that these numbers are after the spam filters so we don’t get the numbers messed up by spam.

I’d be interested to hear from any other organisations on the sizes they are seeing.