Controlling what kids access - VPN to the Home - the next big thing in Mobile security

I've got kids, currently they are under the age where they get Smartphones and unfettered internet access but such a day is coming.  Now at home I can set it up so on the WiFi there is a proxy and all content has to be routed via that proxy or it doesn't go out and I can lock down the proxy so they can't go where I don't want.

However on a Smartphone they get good internet access without me being in control.

Bugger.

Then I got my new internet connection from BT (VDSL, 40 down, 10 up) and so I'm putting a VPN in so when I'm abroad I can still do back-ups etc without having to lug disks around.  Then I realised that I could set it up so my mobile phone used the VPN as well, which means iTunes backup and sync can be done as well.... double result.

This then made me think of how if you combine the VPN with a proxy that you can then have a controlled connection at all times.  All you need is the ability to add restrictions to the device which force 'always use VPN', something that isn't supported today, and prevent the VPN connection identifier from being changed.  This has two key usage scenarios:

1. For Enterprises it means mobile device internet access can be controlled
2. For families it means being able to control what your kids access... until they are around a friends or buy their own device

Its the latter that interests me at home, obviously, as I do think as a parent I have a responsibility to control what my kids access and to ensure that I can track things and keep them safe.  This isn't about being over protective, I wouldn't let them wander the streets on their own or take a train to London on their own, and the internet can be just, if not more, dangerous than those things.

With the rise of high bandwidth upstream connections this sort of thing becomes completely feasible, all it needs now is the mobile phone manufacturers to add the capabilities into the OS in the same way as they add things like Internet blocks or other application blocks today.

High-speed uplink + VPN + Mobile = Personal control of your own internet connection... with the added benefit of NEVER being unencrypted on a public WiFi connection. 

IT going backwards - Objective C is 90s retro

I've ranted quite regularly on how Enterprise IT just hasn't really developed in the last 5 years and my personal task for 2012... learning Objective C and programming for iOS has taken my disbelief to another level. Back in 2008 I learnt Python and for me it sucked. Its 'advantage' over scripting languages of the 80s and 90s was minimal and it had the most hated (for me) of things... indent sensitive code. Objective C however really has stepped it up a level.

I remember learning Ada, C and Eiffel (along with bits of LISP, Prolog, Assembler, etc) and most of all I remember being confused as to why people like coding in languages like C, where the syntax is terse bordering on emo, over languages like Ada where even non experts can have a crack. Through my career people have claimed the stupid 'less characters = language efficiency' which again matches up by saying that Martin Luther King was a crap communicator while a grunting teenager is much more efficient.

But all of this couldn't prepare me for the horror that is Objective C. SIGFAULTS in 2012? Seriously? Have years and years of exception handling been ignored? No even better than that... Objective C has exceptions but you are discouraged from using them, yup they are there but are 'resource intensive' so you shouldn't use them.

Second off we've got the wonder of memory management again, although now with 'ARC' it actually does some garbage collection, yup folks its 2012 and Apple have just caught up with the mid-90s.

All of this is annoying, and rubbish, but that would be nothing if the language had a nice syntax and logical way of working... but Objective C is like people have looked at Java, C, C++ and then sat down and though 'how could we make this really suck?'.  Yes its the same old .h/.c (or .m in this case) combination of header and code but just basic things like function calls are made excessively silly.  No simple .(, ) for Objective C... well not always, sometimes and you can do it but not normally... ahh consistency avoidance always a great way to have sucky code.  No in Objective C you call a function like this

[instance method]:param1 param2:param2

This means you end up with wonderful code that looks like

[[[eventHistory getEventAt:location date:date] calculateDistance:newLocation].doubleValue

Notice that '.doubleValue'?  Yup when using NSNumber (object for doubles) you use the old '.' notation. Perfect eh?

Then we have XCode, an IDE that seems to crash if you do anything it doesn't expect rather than a warning saying 'Fail: you didn't mean to do that'.  Some bits are nice, like some of the code generation and some of the bits, like refactoring, are pretty much up to Java IDE standards from 2001/2002.

The layout model in XCode is okay, with some nicer bits around chaining screens but seriously is it that hard to implement XmForm?  With the multiple display layouts that you get with mobile devices it really would be a cracking layout manager to have.

Then we have the iOS simulator, its great, except if you want to simulate locations that Apple hasn't thought of... the 'accuracy' if you use custom locations (for instance if you want to test something using European locations) is 150,000m... or to put it another way... a level that every decent piece of code should ignore.    Application development speed wise I'd clearly be faster in Java, but as a new language I'd say that Objective-C ranks behind C++ in terms of 'complexity' to learn and ranks significantly behind both C and C++ in terms of language efficiency.

But that said the example code pieces are good and the online manuals are good as well and I knocked up the second stage of my application on a flight across the Atlantic.  Basically however it feels like using C++/Motif with Emacs and the TeleUSE UI builder.  Its 2012, shouldn't it feel like we've progressed?  What it really feels like is some sort of retro homage to the 90s wrapped in a shiny and expensive new package.

From now on I'm only coding for iOS while listening to an iPhone playlist 'Songs of the 90s', it helps get my mind in the iOS Zone.

Technorati Tags: iPhone, iOS

iPads on planes during takeoff? Hell I'd like to use it in the airport!

People have been asking for iPads, and Kindles, to be used during takeoff and landing (like Pilots can) but for me that isn't a massive deal, yes I'd like to read my online Economist from the iPad when I'm travelling and sure it can be a bit of a pain to have to use old style paper... but I've got a bigger gripe.

The CBP (Customers and Border Protection) and their mental policies at immigration.  Now putting aside the normal 'welcome to America' of 1 bloke for the Rest of the World and 15 for the 20 Americans on the flight, or the ridiculous number of times my passport has to be checked in the UK (THREE TIMES! on this trip).  Or the questions that sometimes border on the clinically insane.  No my complaint is simple.

I use TripIt for my travel, its a great service, but the reality is that for the last 10 years I've not printed out a hotel reservation, for two reasons

1. I know where the hotel is
2. Its on email

Repeatedly on the last few trips to the States its not been enough to put 'JW Marriot, Miami, FL' or similar, nope they want the street address and knowing its 'on Brickell' isn't enough.  So on each occasion I've done the same thing, pulled out my mobile and been met with...

You can't use that here, it needs to be turned off

What about the iPad I enquire?  Nope that is banned as well.  So here we are at an impasse, its 2011 and 2012 and thanks to the wonder of technology that has existed for the whole 21st Century (and a bit before) I have access to my reservation details on a mobile device without having to print them off. Amazing eh?  But to the CBP this is a clear and present threat to the United States.

I've been asked, when coming in with my family, to show a paper copy of the hotel booking to 'prove' we have a reservation... seriously?  In the modern era of printers and word processors its considered a security check to have an EMAIL reservation printed out... rather than actually showing the email?

I saw a guy at the final 'hand in the blue customers paper' check told the same thing on a phone that was just held in his hand, not being used mind, just held.  The international arrival area is clearly not somewhere that phoning for a taxi or telling people you've arrived is a massive security risk.

Yes this is a rant, but seriously its 2012 and most people are shifting away from paper onto mobile devices, the CBP should be encouraging this rather than dissuading it.  How about this, how about having a CBP approved application which you load all these details onto, this then generates a QR Code or similar, this gets scanned at the immigration piece and they get not only the hotel but also the details on your return flight, go a stage further and have the questionnaire on the application and suddenly you've got all the information you need with no OCR processes and no lost data (and reduced risk of ID fraud/theft).

Come on CBP, its 2012, get with the program and face the reality of a mobile world.  Let people have mobile phones (you can even say 'no calls at the desk' like they do in the UK) and maybe even save some time and money, and identifying risk better, by automating the paper process.

 

Technorati Tags: SOA, Service Architecture

RESTs marketing problem and how Facebook solved it

Earlier in the year I commented on REST being still born in the enterprise and now Facebook have now deprecated the REST API in favour of a Graph API now I could choose to say this is 'proof' that REST doesn't work for the Web either. That would be silly for a couple of reasons

1. The new API appears to be RESTful anyway
2. REST clearly can work on the web

No, what this really shows is that you have an issue with naming conventions.   The folks at Facebook called the first API the 'REST API' which meant when they felt that there were problems with it they then had two options

1. Have a new API called REST API 2.0
2. Create a new name

Now the use of the term 'Graph' I think is actually a good move and one that is much more effective than the term 'REST' in describing what 'REST' is actually good at: the traversal of complex, inter-related, networks of information.  Now this is actually a concept that resonates and has much less of the religious fundamentalism that often comes with REST.

Pulling this into the Business Information space of enterprises could be an interesting way of starting to shift reporting and information management solutions away from structured SQL type approaches into more adhoc and user centric approaches.  'Graph based reporting' is something I could see catching on much better than 'REST'.  So have Facebook actually hit on a term that will help drive RESTs adoption?  Probably not in the system to system integration space, but possibly in the end-user information aggregation/reporting space.

Time will of course tell, but dropping the term 'REST' from the name is a good start.

Technorati Tags: SOA, Service Architecture

Wasting the time of a PPI scammer

There are a number of scams going around today which really demonstrate how mainstream outsourcing has become.  There is the current one around the 'unique' number that proves the scammer is from Microsoft and today I got a new one.  This time it was someone claiming to be from 'iClaims' (another Steve Jobs legacy, 'i' is the new 'e') telling me that I was entitled to a PPI or bank charges refund.  They had my address and phone number but nothing else so after saying that Lloyds TSB was my bank (it isn't) I flicked on the recording on my iPhone and away we went.  The game here is to waste as much of their time as possible while giving them as much incorrect information as possible. The total waste of time was about 20 minutes, but I only managed to record 18 minutes....

What surprised me about this scam was that they get all your Visa/Mastercard details but then want to set up a second call at which they will do advanced fee fraud part of the scam.  Almost 'honest' of them to do it at a second call rather than just ripping your bank account then and there (although as its all fake number I have no evidence that they wouldn't do that as well).  What I find most depressing about this however is that, as with the Microsoft virus scams, the drones in the call centre are just like drones in a call centre providing service support, they genuinely think they are doing a good and valuable job, they are just keeping to the script they've been trained to do.  They don't realise that actually they are part of a criminal act, I've even had one guy beg me not to report me to his supervisor as he'd get fired if they realised I'd played him.

Behind these folks lies true scum, total and utter scum.  People who appear to have access to credit card validation software and have a list of 'valid' numbers for UK accounts.  Its a depressing evolution of the outsourcing model that these days people are outsourcing and industrialising crime via India, and its not as if India doesn't have enough corruption of its own.

Now clearly people reading this blog are smart folks and wouldn't fall for this, and I dare say like me also entertain themselves in moments of boredom by playing along with these scams, but its worth mentioning (probably again) to relatives that this stuff is bollocks and they should hang up.

Cloud in a box: Life on Mars in Hardware or an empty glass of water?

There are some phrases that are just plain funny and for me 'Cloud in a Box' which is available from multiple vendors is probably just about the best. The idea here is that you can buy a box - a box that looks and acts like a 1970s Mainframe: virtualisation, big power consumption, vendor lock in - and joy of joys you've now got a 'cloud'.
 So:

• Do you pay for this cloud on demand? 
• Nope
• Do you pay for this cloud based on usage?
• Nope
• Are you able to just turn off this cloud and then turn it on later and not pay anything for when its off
• Nope you still need to pay maintenance
• Can I license software for it based on usage
• Errr probably not, you'll have to negotiate that
• Is this cloud multi-tenant?
• Errr it can be... if you buy another cloud in a box
• Is this cloud actually pretty much a mainframe virtualisation offer from 1980?
• Err yes

At first I was thinking that this was in fact the sort of thing created by folks who watch Life on Mars and want to see their data centre populated with flashing lights. But then I realised actually there is a better reason that you don't get cloud in a box.

Clouds are vapour, they float, they dynamically resize... if you put a cloud in a box then the vapour will stick to the sides and turn into water... taking up about 1% of the volume of the cloud.  For me this sums up the reason why it doesn't come in a box.  Clouds need to have capacity well beyond your own normal needs so that if you 'spike' then you can spike in that cloud but not need the capacity the rest of the year.  So a 1% ratio is probably the minimum you should be looking at in terms of what you cloud provider has against what your normal capacity is.  This is the reason that provider clouds like Amazon, or those from other large scale data centre providers, aren't 'in a box' but instead are mutualised capacity environments.   Even if one of these providers gives you a 'private' area of VLANs and tin they've still got the physical capacity to extend it without much of a problem.  That is what a cloud is, dynamic capacity paid for when you use it.

Cloud in a box?  I'm a glass 1% full sort of guy.

Technorati Tags: SOA, Service Architecture