OSINT Techniques Are Often Necessary

OSINT sources are legion.

Over the past two quarters, we’ve focused upon the technologies and practices that help to establish (and maintain) an effective privacy posture. We’ve recommended ceasing almost all personal activity on social media. But the work of ensuring personal privacy cannot end there. Our adversaries are numerous – and they counter every defensive action that we take with increasingly devastating offensive tools and techniques. While the tools of data capture are proliferating, so are the tools for data analysis. Using open source intelligence (OSINT) tools, it is possible to transform vast piles of data into meaningful and actionable chunks of information. For this reason, our company has extended its security and privacy focus to include the understanding and the use of OSINT techniques.

Start At the Beginning

For countless generations, a partner was someone that you knew. You met them. You could shake their hand. You could see their smiling face. You knew what they could do. And you probably even knew how they did it. In short, you could develop a trust-based relationship that would be founded upon mutual knowledge and relative proximity. It is no coincidence that our spouses are also known as our ‘partners‘ as we can be honest and forthcoming about our goals and desires with them. We can equitably (and even happily) share the burdens that will help us to achieve our shared goals.

But that kind of relationship is no longer the norm in modern business. Most of our partners (and providers) work with us from behind a phone or within a computer screen. We may know their work product. But we have about as much of a relationship with them as we do with those civil servants who work at the DMV.

So how can we know if we should trust an unknown partner?

A good privacy policy is an essential starting point in any relationship. But before we partner with anyone, we should know exactly how they will use any data that we share with them. So our first rule is simple: before sharing anything, we must ensure the existence of (and adherence to) a good privacy policy. No policy? No partnership. Simple, huh?

That sounds all well and good. But do you realize just how much data you share without your knowledge or explicit consent? If you want to really know the truth, read the end user license agreements (EULA’s) from your providers. What you will usually find is a blanket authorization for them to use any and all data that is provided to them. This certainly includes names, physical addresses, email addresses, birth dates, mothers’ maiden names, and a variety of other data points. If you don’t believe me (or you don’t read the EULA documents which you probably click past), then just use a search engine and enter your name in the search window. There will probably be hundreds of records that pertain to you.

But if you really want to open your eyes, just dig a little deeper to find that every government document pertaining to you is a public record. And all public records are publicly indexed. So every time that you pass a toll and use your electronic pass, your location (and velocity) data is collected. And every time that you use a credit card is logged.

Know the difference between a partner and a provider!

A partner is someone that you trust. A provider is someone that provides something to/for you. Too often, we treat providers as if they were partners. If you don’t believe that, then answer this simple question: Is Facebook a partner in your online universe? Or are they just someone who seeks to use you for their click bait (and revenue)?

A partner is also someone that you know. If you don’t know them, they are not a partner. If you don’t implicitly trust them, then why are you sharing so much of your life with them?

Investigate And Evaluate Every Potential Partner!

If you really need a partner to work with and you don’t already trust someone to do the work, then how do you determine whether someone is worth trusting? I would tell you to use the words of former President Ronald Reagan as a guide: trust but verify. And how do you verify a potential partner? You learn about them. You investigate them. You speak with people that know them. In short, you let their past actions be a guide to how they will make future decisions. And for the casual investigation, you should probably start using OSINT techniques to assess your partner candidates.

What are OSINT techniques?

According to the SecurityTrails blog, “Open source intelligence (OSINT) is information collected from public sources such as those available on the Internet, although the term isn’t strictly limited to the internet, but rather means all publicly available sources.” The key is that OSINT is comprised of readily available intelligence data. So sites like SecurityTrails and Michael Bazzell’s IntelTechniques are fantastic sources for tools and techniques that can collect immense volumes of OSINT data and then reduce it into usable information.

So what is the cost of entry?

OSINT techniques can be used with little to no cost. As a security researcher, you need a reasonable laptop (with sufficient memory) in order to use tools like Maltego. And most of the OSINT tools can run either on Kali Linux or on Buscador (see below). And while some sources of data are free, some of the best sources do require an active subscription to access their data. And the software is almost always open source (and hence readily available). So for a few hundred dollars, you can start doing some pretty sophisticated OSINT investigations.

Protection Against OSINT Investigations

OSINT techniques are amazing – when you use them to conduct an investigation. But they can be positively terrifying when you are the subject of such an investigation. So how can you limit your exposure from potential OSINT investigations?

One of the simplest steps that you can take is to use an operating system designed to protect your privacy. As noted previously, we recommend the use of Linux as a foundation. Further, we recommend using Qubes OS for most of your public ‘surfing’ needs. [We also recommend TAILS on a USB key whenever you are using communal computers.]

Using OSINT To Determine Your Personal Risk

While you can minimize your future exposure to investigations, you first need to determine just how long of a shadow your currently cast. The best means of assessing that shadow is to use OSINT tools and techniques to assess yourself. A simple Google search told me a lot about my career. Of course much of his was easily culled from LinkedIn. But it was nice to see that a simple name search highlighted important (and positive) things that I’ve accomplished.

And then I started to use Maltego to find out about myself. I won’t go into too much detail. But the information that I could easily unearth was altogether startling. For example, I easily found out about past property holdings – and past legal entanglements related to a family member. There was nothing too fancy in my recorded past. While that fact alone was a little discouraging, I was able to find all of these things with little or no effort.

I had hoped that discovering this stuff would be like the efforts which my wife took to unearth our ancestral heritage: difficult and time-consuming. But it wasn’t. I’m sure that it would take some serious digging to find anything that is intentionally hidden. But it takes little or no effort to find out some privileged information. And the keys to unlocking these doors are the simple pieces of data that we so easily share.

Clean Up Your Breadcrumbs

Like the little children in the fairy tale, a trail of breadcrumbs can be followed. So if you want to be immune from casual and superficial searches, then you need to take the information that is casually available and start to clean it up. With each catalogued disclosure, you can contact the data source and request that this data be obscured and not disclosed. With enough diligence, it is possible to clean up the info that you’ve casually strewn in your online wake. And if the task seems altogether too daunting, there are companies (and individuals) who will gladly assist you in your efforts to minimize your online footprints.

Bottom Line

As we use the internet, we invariably drop all sorts of breadcrumbs. And these breadcrumbs can be used for many things. On the innocuous end of the scale, vendors can target you with ads that you don’t want to see. But at the other end of the scale is the opportunity to leverage your past in order to redirect your future. It sounds innocuous when stated like that. So let’s call a spade a spade. There is plenty of information that can be used for kidnapping your data and for “influencing” (i.e., extorting) you. But if you use OSINT techniques to your advantage, then you can identify your risks and you can limit your vulnerabilities. And the good news is that it will only cost you a few shekels – while doing nothing could cost you thousands of shekels.

Maintaining Technology Currency (and Relevance)

Grasp the Future
Grasp the Future

A few months ago, I wrote an article about mobile privacy. In that article, I wrote about how every “off-the-shelf” mobile platform MUST be modified in order to ensure some modicum of privacy. I expanded upon this thought when I recently presented to the Fox Valley Computer Professionals. [A version of that presentation can be found over at SlideShare.] One of the most important themes from the presentation actually arose during the obligatory Q&A session. [By the way, the Q&A time is always the most important part of any presentation.] From this Q&A time, I realized that the single most important takeaway was the necessity of maintaining technology currency.

From a security perspective, it is essential to remain current on all elements of your infrastructure. One of the most exploited vectors in any organization is the rampant inattention to software maintenance. It only takes one zero-day exploit to compromise a meticulously maintained system. And for those organizations that do not remain current on their software, they are opening up their systems (and their customers) to external exploitation. A decade ago, PC World highlighted the risks of operating with un-patched systems. While the numbers may have changed since that article, the fundamental lesson is still the same: technology currency is one of the most under-recognized means of hardening your systems.

The Human Factor

But technology currency is not just a matter of ensuring the continuing usability of our technology investments. It is also an important matter for ensuring the sustaining value of the people within our teams. I have been involved in IT for several decades. In that time, I’ve seen many waves of change. In that time, I’ve seen mainframes became Unix Systems. Windows desktops became Windows servers. All applications servers (regardless of their OS) became web servers. And now these same “n-tier” servers have become virtual systems that are now running on “cloud” platforms.

But with each wave of technology that emerged, crested, and then subsided, you will probably find a whole group of technology specialists who are now displaced. Fortunately, most technologists are flexible. So if they didn’t stay working on legacy systems, then they have willingly (or unwillingly) embraced the next technology wave.

Redrawing the Boundaries of Trust

Like many technologists, I have been forced into career acrobatics with each new wave of technology. And I have complicated these transitions by switching between a variety of IT disciplines (e.g., application development, information security, capacity and performance management, configuration and change management, and IT operations). So it was not a surprise when I realized that information privacy changes were driving similar changes – for the industry and for myself.

For almost two decades, I’ve been telling people that they needed to shift to hosted (cloud) platforms. Of course, this shift meant entering into trust relationships with external service providers. But for the last four or five years, my recommendations have begun to change. I still advocate using managed service platforms. But when privacy and competitive advantages are at stake, it may be necessary to redraw the trust boundaries.

A decade ago, everyone trusted Google and Facebook to be good partners. Today, we view both of them (and many others) as self-interested members of an overly complex supply chain. So today, I am recommending that every company (and even most individuals) revisit the trust boundaries that they have with every part of their supply chain.

Moving Personal Fences

We have decided to redraw trust boundaries in dramatic ways. First, we have decided to forego the advantages of partnering with both Facebook and Google. This was simple when it came to Facebook. Yes, not being on Facebook is hard. But it is eminently achievable. To that end, I am celebrating my one year divorce from Mark & Co. But redrawing the boundaries with Google have been much harder.

Getting rid of Google has meant moving to new email services. [Note: This also meant abandoning builtin contact address books and calendaring. It has also meant discontinuing the use of Google Apps. And from a personal level, it has meant some dramatic changes for my mobile computing platform.

Bottom Line: Moving off of the Google cloud has required the construction of an an entirely new cloud platform to replace the capabilities of Google Drive/Cloud.

Nextcloud Replaces Google Cloud

We needed a platform to provide the following functions:

  1. Accessible and extensible cloud storage for both local and remote/mobile users.
  2. An integrated Contact database.
  3. An integrated Calendar database.
  4. An integrated Task database.
  5. A means of supporting WebDAV and CalDAV to access the aforementioned items.

Of course, there is also a whole group of “nice-to-have” features, including:

  • Phone/location tracking,
  • Mobile document scanning (and OCR),
  • Two-factor authentication

After considerable review, we decided to use Nextcloud. It provided all of the mandatory features that we required as well as all of the “nice-to-have” features. We further decided to minimize our security exposure by running this service from within a VPS running onsite (though offsite would have worked as well).

Outcomes

It took several days to secure the hardware, setup the virtual infrastructure, install Nextcloud, and configure it for local and mobile access. Currently, we’re using a Nextcloud virtual “appliance” as the base for our office cloud. From this foundation, we extended the basic appliance to meet capacity and security needs. We also installed ONLY OFFICE as an alternative to both local and cloud-based Microsoft Office products.

At this very moment, we are now decoupling our phones and our systems from the Google cloud infrastructure. And as noted before, we’ve already changed our DNS infrastructure from ISP/Google to our own systems. So we are well on our way to minimize the threat surface associated with Google services.

Of course, there is more work to do. We need to further ruggedize our services to ensure higher availability. But our dependence upon Google has been drastically reduced. And the data that Google collects from us is also reduced. Now we just have to get rid of all of the data that Google has collected from us over the past fifteen (15) years.

Riotous Babel or Collaborative Bazaar

Matrix: Decentralized and Secure Collaboration
Matrix: Decentralized and Secure Collaboration

Every group has their own collection of stories. In the Judeo-Christian world, the Tower of Babel is one such story. It has come to symbolize both the error of hubris and the reality of human disharmony. Within the open source community, the story of the Cathedral and the Bazaar (a.k.a., CatB) is another such story. It symbolizes the two competing schools of software development. These schools are: 1) the centralized management of software by a priestly class (i.e., the cathedral), and the decentralized competition found in the cacophonous bazaar. In the case of computer-based collaboration, it is hard to tell whether centralized overlords or a collaborative bazaar will eventually win.

Background

When I began my career, collaboration tools were intimate. You either discussed your thoughts over the telephone, you went to someone face-to-face, or you discussed the matter in a meeting . The sum total of tools available were the memorandum, the phone, and the meeting. Yes, the corporate world did have tools like PROFS and DISOSS. But both sets of tools were hamstrung either by their clumsiness (e.g., the computer “green screens”) or by the limitations of disconnected computer networks.

By the mid-eighties, there were dozens of corporate, academic, and public sector email systems. And there were just as many collaboration tools. Even the budding Internet had many different tools (e.g., sendmail, postfix, pine, elm).

The Riotous Babel

As my early career began to blossom (in the mid-nineties), I had the privilege of leading a bright team of professionals. Our fundamental mission was the elimination of corporate waste. And much of this waste came in the form of technological redundancy. So we consolidated from thirteen (13) different email clients to a single client. And we went from six (6) different email backbones to one backbone. At first, we chose to use proprietary tools to accomplish these consolidations. But over time, we moved towards more open protocols (like SMTP, X.500, and XMPP).

Since then, collaboration tools have moved from email and groupware tools (e.g., Lotus Notes) to web-based email and collaboration tools (e.g., Exchange and Confluence/Jira). Then the industry moved to “next-generation” web tools like Slack and even Discord. All of these “waves” of technology had one thing in common: they were managed by a centralized group of professionals who had arcane knowledge AND sufficient funding. Many of these tools relied upon open source components. But in almost every case, the total software solution had some “secret sauce” that ensured dominance through proprietary intellectual property.

The Times, They Are A Changing

Over the past few years, a new kind of collaboration tool has begun to emerge: the decentralized and loosely coupled system. The foremost tool of this kind is Matrix (and clients like Riot). In this model, messages flow between decentralized servers. Data sent between these servers is encrypted. And the set of data transferred between these servers is determined by the “interests” of local accounts/users. Currently, the directory for this network is centralized. There is a comprehensive ‘room’ directory at https://vector.im. But work is underway to build a truly decentralized authentication and directory system.

My Next Steps

One of the most exciting things about having a lab is that you get to experiment with new and innovative technologies. So when Franck Nijhof decided to add a Matrix server into the Hass.io Docker infrastructure, I leaped at the chance to experiment. So as of last night, I added a Matrix instance to my Home Assistant system. After a few hours, I am quite confident that we will see Matrix (or a similar tool) emerge as an important part of the next wave of IoT infrastructure. But until then, I am thrilled that I can blend my past and my future – and do it through a collaborative bazaar.

I Am Not A Product!

I have been a technology “early adopter” all of my life. And I have been a “social media” adopter since its inception. Indeed, I joined Twitter in the fall of 2006 (shortly after its launch in July 2006). I was also an early adopter of Facebook. And in the early days, I (and many others) thought of these platforms as the eventual successors to email. But as of this moment, I am now one of the large stream of people abandoning these platforms.

Why am I abandoning these platforms? They do have some value, right? As a technologist, they do “connect” me to other technologists. But it seems that even as I become more connected to many of these platforms, I am becoming even more disconnected from the community in which I live. 

At the same time, these platforms are becoming more of a personal threat. This week, we learned of yet another data breach at Facebook. I am sure that there are millions of people that have been compromised – again. After the first breach, I could make a case that Facebook would improve their system. But after the numerous and unrelenting breaches, I can no longer make a case that I am “safe” when I use these platforms.

Finally, these platforms are no longer fostering unity. Instead, they are making it easy to be lax communicators. We can abandon the civility of face-to-face dialog. And we can dismiss those with whom we disagree because we do not directly interact with them. Consequently, we do not visualize them as people but as “opponents”.

Social media was supposed to be about community. It was also supposed to be a means of engaging in disagreement without resorting to disunity. Instead, most social media platforms have degenerated into tribalism. And for my part in facilitating this devolution, I am exceedingly sorry.

I will miss a lot of things by making this stand. Indeed, my “tribe” (which includes my family) has come to rely upon social media. But I can no longer be part of such a disreputable and inharmonious ecosystem. 

Hopefully, I won’t miss it too much.

By the way, one of the most important benefits of disconnecting from the Matrix is that my personal life, my preferences, and my intentions will no longer be items that can be sold to the highest bidder. It is well said that “if you are not paying for the product, then you probably are the product.” So I’m done with being someone else’s product.

As for me, I am taking the red pill. Tata, mes amis

#FarewellFacebook

Social Media Schisms Erupt

A funny thing happened on the way to the Internet: social media schisms are once again starting to emerge. When I first used the Internet, there was no such thing as “social  media”. If you were a defense contractor, a researcher at a university, or part of the telecommunications industry, then you might have been invited to participate in the early versions of the Internet. Since then, we have all seen early email systems give way to bulletin boards, Usenet newsgroups, and early commercial offerings (like CompuServe, Prodigy, and AOL). These systems  then gave way to web servers in the mid-nineties.  And by the late nineties, web-based interactions began to flourish – and predominate.

History Repeats Itself

Twenty years ago, people began to switch from AOL to services like MySpace. And just after the turning of the millennium, services like Twitter began to emerge. At the same time, Facebook nudged its way from a collegiate dating site to a full-fledged friendship engine and social media platform. With each new turning of the wheel of innovation, the old has been vanquished by the “new and shiny” stuff.  It has always taken a lot of time for everyone to hop onto the new and shiny from the old and rusty. But each iteration brought something special.

And so the current social media title holders are entrenched. And the problem with their interaction model has been revealed. In the case of Facebook and Twitter, their centralized model may very well be their downfall. By having one central system, there is only one drawbridge for vandals to breach. And while there are walls that ostensibly protect you, there is also a royal guard that watches everything that you do while within the walls. Indeed, the castle/fortress model is a tempting target for enemies (and “friends”) to exploit.

Facebook (and Twitter) Are Overdue

The real question that we must all face is not if Facebook and Twitter will be replaced, but when will it happen. As frustration has grown with these insecure and exposed platforms, many people are looking for an altogether new collaboration model. And since centralized systems are failing us, many are looking at decentralized systems.

A few such tools have begun to emerge. Over the past few years, tools like Slack are starting to replace the team/corporate systems of a decade ago (e.g., Atlassian Jira and Confluence). For some, Slack is now their primary collaboration engine. And for the developers and gamers among us, tools like Discord are gaining notoriety – and membership.

Social Media Schisms Are Personal

But what of Twitter and what of Facebook?  Like many, I’ve tried to live in these walled gardens. I’ve already switched to secure clients. I’ve used containers and proxies to access these tools. And I have kept ahead of the wave of insecurity – so far. But the cost (and risk) is starting to become too great. Last week, Facebook revealed that it had been breached – again. And with that last revelation, I decided to take a Facebook break.

My current break will be at least two weeks. But it will possibly be forever. That is because the cost and risk of these centralized systems is becoming higher than the convenience that these services provide.  I suspect that many of you may find yourselves in the same position.

Of course, a break does not necessarily mean withdrawal from all social media. In fairness, these platforms do provide value. But the social media schisms have to end. I can’t tolerate the politics of some of my friends. But they remain my friends (and my family) despite policy differences that we may have. But I want to have a way of engaging in vigorous debate with some folks while maintaining collegiality and a pacific mindset while dealing with others.

So I’m moving on to a decentralized model. I’ve started a Slack community for my family. My adult kids are having difficulty engaging in even one more platform. But I’m hopeful that they will start to engage. And I’ve just set up a Mastodon account (@cyclingroo@mastodon.cloud) as a Twitter “alternative”. And I’m becoming even more active in Discord (for things like the Home Assistant community).

All of these tools are challengers to Facebook/Twitter. And their interaction model is decentralized. So they are innately more secure (and less of a targeted threat). The biggest trouble with these systems is establishing and maintaining an inter-linked directory.

A Case for Public Meta-directories

In a strange way, I am back to where I was twenty years ago. In the late nineties, my employer had many email systems and many directories. So we built a directory of directories. Our first efforts were email-based hub-and-spoke directories based upon X.500. And then we moved to Zoomit’s Via product (which was later acquired by Microsoft). [Note: After purchase, Microsoft starved the product until no one wanted its outdated technologies.] These tools served one key purpose: they provided a means of linking all directories together

Today, this is all  done through import tools that any user can employ to build personalized contact lists. But as more people move to more and different platforms, the need for a distributed meta–directory has been revealed. We really do need a public white pages model for all users on any platform.

Bottom Line

The value of a directory of directories (i.e., a meta-directory) still exists. And when we move from centralized to decentralized social media systems, the imperative of such directory services becomes even more apparent. At this time, early adopters should already be using tools like Slack, Discord, and even Mastodon. But until interoperability technologies (like meta-directories) become more ubiquitous, either you will have to deal with the hassle of building your own directory or you will have to accept the insecurity inherent in a centralized system.

A Very Samsung Summer

It’s been a Samsung kind of month here at the castle. First it was the Galaxy Tab. Then we added a Samsung refrigerator. Finally, we ended up buying a second Samsung TV.
Why did we need another TV? Well, our second daughter has started a job in Chanute, Kansas as an assistant basketball coach. She is having a wonderful start to the new school year. But she is obviously moving out of our house and into her own apartment. That is great. We are so proud of her.
But there are two challenges (one practical and one emotional) that this transition brings. The practical challenge is that Dana needed a TV. Cindy and I had talked about putting an LED/LCD screen in our bedroom (to replace a seven-year old tube system). Since there needed to be a +1 purchase somewhere, we chose to give our daughter the older system so we could buy a new system.
The device we chose was a 40″ LED/LCD panel from Samsung. We already had a huge Samsung TV in our main living room. And we have loved that device. So buying another Samsung TV was a natural next step. And this time, I made sure that it would work with the DLNA infrastructure that is now throughout the house.
After getting the TV set up yesterday, I’ve been setting up a robust DLNA complex using Twonky Media. I have used Twonky in the past (with my Western Digital external hard drive). So I just bought and installed the full product on my media PC. Once I set the server up properly, I have been able to stream stuff stored anywhere in the house. And since I’ve stored all my favorite movies in digital form, it is stunningly simple to pull up any of my favorite movies either on the TV, the tablet or my mobile phone.
That took care of the first challenge. The second challenge won’t be as easy to address. Now that Dana is setting up her own apartment, she rightfully wants her own daughter to be with her. I love Dana’s sense of responsibility – and her devotion to Jayden. But it means that Jayden will no longer be living here with Cindy and I. So while we are proud of Dana, I am so terribly saddened that I won’t be seeing Jayden’s beautiful smile or hear her infectious laugh each and every day. I can only imagine the loneliness and loss that Dana felt while she was separated from her daughter for the past two years.
I don’t think that we can solve the second challenge by buying anything or by performing some kind of technical configuration. This one can only be solved with time and with the comforting knowledge that Jayden (and Dana) are starting off on a new and exciting journey – and we will always be along to help and to share in both the burdens and the joy.
-Roo

Bouncing Between Various Quanta of Activity


It has been an amazingly hectic week.  And today has epitomized the chaos that I’ve felt.  This week has seen a lot:

  • We got back from vacation (which was really just a long weekend).  But we have been struggling to re-integrate into our normal routines.
  • The man who enticed me to leave my previous job has left our company.  I am quite disappointed.  But God has already quieted my heart.  And He is teaching me how I can transform a disappointment into a blessing – and a ministry.
  • I’ve decided to step back into the management pool.  So I’ve submitted my name for consideration by the company’s leadership team.  I have been heart warmed to learn that my application was not summarily dismissed!  😉
  • Our dishwasher decided to develop a weak bladder: when we turned it on, it leaked everywhere.  At eight years, it was time to buy a new unit.  So we went and bought an updated dishwasher (Bosch) with a stainless steel finish.  Our black appliances are starting to look a little dated.
  • After getting a new dishwasher, we also realized that it was time to update the refrigerator.  While we liked the looks of a matching Bosch unit, we decided upon a Samsung stainless steel unit because it had better reviews on Consumer Reports.  It also had some features that my wife really wanted.  So Samsung got the nod.
  • We cleaned out the garage to get things ready for appliance delivery.  Actually, we’ve re-arranged some stuff while sorting some other stuff into the trash.  We now have room for the old refrigerator in the garage.  I am voting for a beer and wine fridge; Cindy is considering my suggestion!

With these things as a back drop, today has been chaotic and wonderful.

  • We’ve worked to get the old fridge ready for replacement.  We still have to move the final stuff into coolers.  But we will be ready for the arrival of the new refrigerator.
  • I’ve updated my resume so that I can get it submitted to the leadership team.  I’m really hoping that they have the same opinion of my capabilities that I have.
  • We’ve gotten all the dishes done.  Normally, this is simple.  But it’s been years since I washed a lot of dishes by hand.  We did mostof them earlier in the week.  But we now have to keep up with them throughout the day.
  • My son left a boatload of laundry for us to do for him.  Apparently, he’s been stacking the clothes in his room waiting for someone to do them.  Gosh, are all nineteen-year old men this naive?  And are all middle-aged parents this accommodating?
  • After many hours of sorting and shuffling leftover laundry, we’ve finally gotten around to doing the week’s laundry.  Phew.  I never thought I’d make it to this point today!

With a lot of tasks finally moving through the pipeline, I’ve finally gotten a chance to address a couple of tech challenges.

  • I’ve copied all of the photos from Meredith’s wedding onto our media server.
  • I’ve updated Cindy’s phone so that she can access the media server from where she travels.  The latest firmware build for the storage server is quite good.  Western Digital provides a redirect service so that I can get to my photos (and music and movies) from the public Internet.  This is very cool.  But it reminds me that security is an everyday consideration these days.
  • I’ve updated my router firmware to enable uPNP sharing.  This will certainly help our mobile experience.  But I am a little leery about this change.  I’ll have to research a little more to see if I’ve opened myself up to exploitation.
  • I’ve flashed my phone with the latest CyanogenMod firmware.

I think I’m finally able to breathe a little sigh of relief – but not for long.  Once the refrigerator is delivered, Cindy and I will have a lot of work to do.  But now that most of the prep work is done, this part should be fun.  But I do think that pizza will be in order!

-Roo

Spotify @ Home

The social networks have been aglow with the news that Spotify has jumped the pond.  It is being hailed as the closest thing to the second coming of the musical messiah.  Indeed, some predict that Spotify will finally bring profitability to an otherwise flagging digital music market.

I don’t know about all of that.  I sure hope that Spotify will prompt people to listen to and purchase even more music.  What the world needs is a little more music and a whole lot less hostility.  And from my vantage point, I am glad to see the blokes back east sending us some of their social music love.

This spring, I’ve really focused 0n my streaming music experience.  Between Amazon Cloud Drive and Google Music, I have been able to stream all of my music wherever I go.  I can access my library at home and at work.  I even played a bunch of wedding music as we set up the venue for Meredith’s wedding this past May.

And I’ve done a whole lot of cleanup of my digital library.  I’ve gone back and purchased a lot of music that I once had in other formats (including vinyl, eight-track and cassette tapes).  While I have chaffed at this since I did pay for the music once before, I have decided that I really want my favorite artists to see even more residuals from the music that they gave to me in my youth.

But that’s a different story.  I am writing this post to describe what I’ve seen in the most recent tool to hit the American digital music industry: Spotify.

When all of my friends gushed about being able to stream music to their phones, I just yawned as they waxed positively poetic about Spotify.  It sure sounded like it could do everything that I was already doing.  So when I finally got my Spotify invite last week, I looked long and hard at the mobile experience and the streaming experience.  And I quickly confirmed that Spotify wouldn’t offer me anything new in my streaming experience.  So I set Spotify aside for a couple of days.

I finally got back to evaluating Spotify late last night.  This time, I focused on the social music experience.  And I must admit that the social side of Spotify is positively beautiful.  You can scrobble to Last. fm.  And you can post to Twitter and Facebook.  I can’t wait until there is an interface for Goggle+.  But until then, I am happily impressed with the ability to share my thoughts on music that I listen to.

Nevertheless, I am fairly confident that the real lynch pin of Spotify’s long-term success is not its basic capabilities.  Rather, its success will be due to its ability to create and leverage music communities.  Indeed, its playlist sharing capabilities may well be the real reason that Spotify will flourish her in the United States.

I can easily find dozens of playlists for the kind of music that I listen to.  And I can easily find related music that is well worth checking out.  For example, I found a great site that has all kinds of Christian music playlists.  It is SpotifyforLife.    This site is dedicated to the very music that I want to listen to.  And it is stunningly simple to start listening to great mixes of favored and favorable music.  Finally, I can easily connect with other people that truly love the same kinds of music that I love.

As for the Spotify music tool itself, I am singularly unimpressed by the UI.  Don’t get me wrong.  The UI is crisp and clean.  But with dozens of good players already on the market, I can’t get too excited about the player experience.

So what is my summary assessment?

– Player and desktop experience = Acceptable
– Player and mobile experience = Underwhelming
– Streaming capabilities = Acceptable on the desktop but unacceptable (and expensive) on mobile devices
– Social capabiliies = Way above expectations – especially due to the incredibly active user communities that Spotify has spawned

I heartily recommend the free version of the tool.  However, I cannot recommend the premium versions because you can get a better streaming experience for free from other products.  But if you have become hooked on the social networking promises inherent in digital music, then you will be thrilled by this British import.

-Roo

Google+ Is Changing The Way I Blog


Google+ is already affecting the way that I blog – at least, a little bit.  I really want people to be able to use +1 for my blog posts.  And I didn’t see the GetSocial folks solving this issue any time soon.  So I started to look around and see if there was any native way to accomplish the same thing.
Fortunately, the folks at WordPress are now including +1 as part of their sharing options.  So I’ve activated the new sharing options and I’ve edited posts for July to eliminate the GetSocial code.   The new sharing options are neater.  And they include only a few options (i.e., +1, Twitter and Facebook).
In addition, I’ve decided to clean up some of my publishing options.  In the past, I had Friendfeed sucking in all of my events and posting content notices to Twitter and Facebook.  Since WordPress can publish these notices for you, I have decided to abandon Friendfeed (i.e., Facebook) as the publishing agency for my blog.  This should make for a cleaner transition all the way around.
With these changes, I may be able to post more frequently.  I certainly won’t have to insert canned code into every post.  Therefore, I can use my phone to post most of the content I might otherwise have ignored.  Maybe there will even be a few more posts from me.  I certainly hope so.
 
-Roo

Google+ Comes Crashing Into Chez Roo


I’ve been hearing the buzz about Google+ for months.  It has been the subject of many tech conversations for quite some time.  But I’ve been way too busy with weddings and work.  So Google+ has taken a back seat at our home.  But that ended yesterday.
A few of my friends saw a plaintive lament for an invite.  Within thirty minutes, I had a slew of invitations in my email.  So thank to everyone who saw fit to share with me.  As of yesterday, I’ve waded into the stream.
So what are my first thoughts?  That’s such a tough question.  I really loved Google Wave.  And since I have been using Google Mail and Google Reader since their inception, I had no trouble getting aboard the Buzz bus.  But Buzz didn’t get any real traction.  I think that this was because Wave was focused on the act of collaboration and Buzz was focused primarily upon the content.  But Facebook (and Friendfeed) were always focused on friends.  And contact/friend management is the real key to social media finesse.  Twitter and Facebook were always focused upon making and contacting friends.
After a few days with Google+, I think that they may have finally gotten the message.  Google+ seems to be about you an your friends.  The lame code word for this is Google+ Circles.  I don’t like the analogy – although I do like the reference to the same meme in the Meet the Parents movies.  Creating clusters of community is really important.  I have so many subsets of friends.  Some love cycling and some hate cycling.  Some love tech while others just use tech.  Some love politics while others shun them.  Like most people, I have groups that can and must be dealt with independently.  And Google+ gets this right.  Now that they have finally spent some time focusing on the people aspects of community, they may just get some traction.
But as a tech enthusiast, I must admit that there are some very cool touches that have piqued my interest.
First, there is excellent integration with Android.  I love the Android app.  And it looks just like the web experience.    You can see your own posts…
your entire stream…
and all the notifications that come your way while you are out and about. 
As the platform matures, I am sure that location-based services will start to flourish.  But the cool part is that you won’t have to wait for Google to build these cool new features.  Android is open.  So you can and should be seeing all sorts of cool phone-based elements from developers near you.
And the desktop will also see some cool integration.  Most of Google+ is accessible via Javascript.  So extensions are not just limited to Android.  I have had a great deal of fun selecting and integrating Chrome extensions into my browser.    The coolest of these are the Push Contacts extension and the Surplus extension.  Both of these extensions deserve their own post/review.  But for now, take my advice and install them into your Chrome browser as soon as possible.  They will make your Google+ experience even more pleasing.
But despite all the really cool possibilities that this platform portends, you do need to realize that this is still a beta – albeit a Google beta.  One of the biggest shortcomings is the lack of integration with Google Reader – coupled with a complete abandonment of RSS as a content source.  This is so incredibly important for me because I share so much content via Google Reader.

And I would really love to see some kind of integration with RSS and enclosures – especially audio content inclusion (like podcasts).
But for a first release (assuming you don’t include Wave and Buzz as early versions), then Google+ may well be able to attack the Zuckerberg monolith – and survive.  Let’s hope so.  And let’s hope that the DoJ keeps its ruddy mitts off of this conflict.  True competition will yield real improvements in our social infrastructure.
-Roo