Lately my company’s been looking to redo their website. This is not suprising given the fact that through 07 they’ve gone through a significant amount of change, and now their online identity is nothing like their corporate one.

The traditional site, at least as far as a few years ago, gave the customer insight into a business and its operations. Decent sites had a lot of pretty pictures, simple chunks of digestible information, and more or less kept to their own.

However with the advent of Web 2.0, social networking and linking upon linking, companies have started to change the way they expose themselves online. They’re no longer relying on getting a high rank in Google – they’re starting to take matters into their own hands – even Tea has it’s own myspace.

I guess what’s good about it is that the company can showcase its followers in an ‘unbiassed’ medium. ‘Unbiassed’ can’t escape the inverted commas due to a nominal amount of coaxing of users to become ‘friends’. But regardless of how companies leverage web 2.0, does it make a difference to their business?

I’d say why not? The more links you have from Digg, Facebook, MySpace, Reddit, the more exposure you inevitably get. Who cares where the traffic comes from – by the time the user gets to your site, the last thing that you’ll worry about is how you think the user percieves hitting your site through social bookmarking. Who cares? They’ve stepped through the front door, time to get acquainted.

Whether or not Web 2.0 is a phase or not, it’s obvious that it’s changing the makeup of the www. It’s up to business if they want to resist what they can’t stop, or use it to their benefit.

As much as I hate hackers, there is a certain amount of heart-felt respect I have for them. Despite their intentions, their technical ability is at times simply astonishing. It seems nowadays that more and more hackers are becoming astute business people in one of the toughest environments imaginable; and their achieving this through creating worldwide botnets, with the nerve centre hidden using a technique known as ‘fast-flux DNS.’

However firstly, the business acumen of these people seems to be something of growing significance. They have created pricing structures to sell off credit card details to bank account information to anyone who might be interested. Furthermore they cover their tracks through money laundering tens of thousands of dollars through bank accounts of vulnerable targets such as businesses in serious debt. The thing that is of interest though is the fact that their business network is loosley coupled, with relationships being built up and torn down in a very short space of time, making them very difficult to track.

So with the online black economy growing, how do the kingpins structure their empires? One of the most prevalant worms in 2007 has been Storm. Rearing it’s ugly head on January 17, it’s comprimised countless systems from personal PCs, to business, government, education, and even mililtary computers. The success of the worm has partially been due to a diverse hacker developer base who find new ways to create releases that side-step improvements to a system’s security. Essentially the technical and business model operates in the following way:

Traditionally the botnets have been designed to receive commands from the Botnet Herder through IRC networks. From the defender’s point of view, this single point of weakness has been relatively simple to disable, hence bringing down the threat quite easily.

However the growing trend now is to use what’s called Fast-Flux DNS (this is broken down further into Single-flux and Double-flux). The idea behind fast-flux is to register a domain name, which resolves to a host that changes as quickly as every three minutes. This is achieved through a combination of Round Robin DNS, with a very short TTL. From a defender’s point of view it’s a nightmare, as you could be chasing down a certain IP, the DNS switches, and you’re no longer dealing with a valid host.

Logically, you’d then assume that the single point of weakness would move to the domain registar, and you could simply take down the domain. Unfortunately registars are somewhat reserved in pulling down the name, as pulling down a valid site would spell catastrophe for them in terms of support calls from the owner of the domain, and the serious threat of severe legal action.

From my point of view, until the registars enforce some sort of mechanism to disable fast-flux, the botnet herders are going to sit quite safely behind a never-ending series of rotating doors. But like all good issues, nipping the problem in the bud is always the best way. So can the root cause of why people hack for profit be abolished, or will there forever be the game of catch-me-if-you-can?

Most of these hardcore profiteering hackers are the product of Eastern Europe, Russia and places like China. The problem is that the individual can be highly educated (through tertiary or self-study), but be located in an environment where they can not profit through their skillset. This is a perfect breeding ground for participants of the online black market. Even if they do get tracked down, are the authorities in their respective countries going to view it as a priority to arrest these people? I doubt they’d invest any significant amount of effort to do so.

The unfortunate part is that some great security models could be architected and tested through employing skills of such individuals. The two issues there are a) being able to find them and pull them into a corporate environment, and b) their willingness to leave their enormous botnets and substantial financial accumulations to become part of a salary-paying organisation. I guess there’ll always be a black economy as it’s human nature, be it in the real-world or virtual.

I’ve been working with Virtual Earth for a few Months now. Prior to that Google Maps was my weapon of choice as it was a more complete & robust system. But for me, MS is starting to inch ahead in terms of API completeness, which just feels ‘right’.

However, it’s not there yet.

One of the concepts within VE is that you get the VEShapeLayer class (they’re called GTileLayerOverlay in GMaps). Layers are extremely useful things that appear within all concepts of screen elements. I first got to understand them 10+ years ago when I was kicking around in Photoshop 5, and ever since have been able to easily create compositions with the assistance of the all-mighty z-index. The downside as I see it to the VEShapeLayer is that it has no concept of assigning or retrieving layers based on their ID – only based on their index.

This is fine for basic applications of layers, but recently I’ve been working with pulling aggregated and drilldown data from SSAS, and not having support for ID’s or child/parent relationships between layers is a bit of a hassle.

The saving grace is, of course, that everything’s written in Javascript; so if you don’t like something then you can change it. And change it I did. The new implementation now defines a “Map” as:

So essentially that’s the direction I’m taking with VEShapeLayer for the time being. Having a link between a layer and it’s parent allows me to map aggregated data I get back using DrillDown’s and DrillUp’s (ie: Rollups) in a way which geographically represents the data I feed into it.

It works quite well, but I’m guessing it’s only a matter of time before the MS/Dundas people spit out a certified control that does exactly that, though I won’t be holding my breath.

Casare Tizi, former CIO at AGL Energy (the largest energy supplier in Australia), has been granted the title of CIO of the year by ZDNet Australia. In his interview, Tizi goes on to outline his thoughts on the industry, technologies that will shape the future path of business, and in general my favourite – how IT fits in with the rest of the business.

Back in the day when I did my Bachelor’s in IT, all of my courses focussed on the purely technical aspects of the industry. To this day I’ve only really used about 20% of what I learnt at uni, which really is only half the picture in IT. One thing that was never stressed, or even mentioned in my course was the incredible amount of soft skills that you need to develop. It’s only until I was thrown in the thick of it that I eventually realised that if you want to go anywhere, being able to write code isn’t going to move you.

Don’t get me wrong, I mean if you can’t write code then you should probably be looking for new career (or become a high-paid consultant); but possessing the ability to not only get involved in your code, but also the people around you and the greater business is crucial. Spending more time with your users, stakeholders and managers, even just for the sake of lollygaging builds networks and draws bugs and otherthings out of the woodwork much easier.

Traditionally IT departments can sometimes be seen as the ‘outsiders’ of the business. Marketing, sales, accounts all fit in the chain on the same level, but it’s harder to pinpoint where IT sits as it’s a mixture of being both the supporter, enabler, and if done correctly can help map the direction of the business. Tizi points out that in order to align and integrate IT into the business, it’s important for CIO’s to sit with the big boys at the strategic planning meetings.

It’s obviously not enough just to sit there, you also need to not only explain in Laymans terms how IT can be used to solve given scenarios, but also the follow-on effects of the technologies which essentially can be drawn into business needs. It appears that there’s a fine line between turning technological enablers into business objectives, and justifying technologies by trying to find a business driver for it, but given a bit of delicate handling and those soft skills that you’ll never study at uni, it can be done.

Not everyone can be a CIO, not everyone wants to be either. I know that personally I still have a long way to go before I have all the soft skills needed to be a successful CIO type, but admitting you have a problem is the first step. By listening to battle hardened veterans such as Tizi, there’s a lot that can be learned when it comes to ensuring what you do is worth it, and drives the business forward. Ultimately, isn’t that what IT departments are about anyway?

“Popfly” is a name that makes little sense to me. Fortunately, the project it represents is something quite unique. As an offering by Microsoft, and currently in beta, Popfly offers something that will become quite big.

Look at all the popular Web 2.0 sites nowadays - Flickr, Facebook, Myspace. These are all sites whose content is written by its members. Without the members input, the site would be worthless. It’s like a telephone system, you have one subscriber and the system as a whole is pretty worthless, you have two subscribers suddenly you have someone to speak to, add a few thousand more and voila – you’ve got a very valuable system that does nothing more than provide the delivery platform for information.

Popfly takes this a step further. It uses API’s exposed by a number of the big Web 2.0 sites out there, adds to it a number of classes (“Blocks”) that you simply drop into your screen and link up output -> input. They call this a “Mash-up”, and is designed to grab bits of information from all different places and present how you want it to look. Sharing this with your friends or adding it to your website lets everyone have a look and play with what you’ve done.

The driving technology behind all this is Silverlight 1.0. In the past, Macromedia / Adobe Flash has been the market leader in the online rich-media space; and given they have done quite well out of it, it seems that they have woken the sleeping giant.

Microsoft’s Popfly isn’t just a mash-up tool to smoosh a view of your information, it’s also a very clever way to get their technology into the #1 place. Inviting people to develop and share blocks and sites, and have rankings for “Most Popular” mash-ups is a pretty clear way to get people onto the platform, developing and competing with each other, all for the eventual goal of market saturation with a wide class library. It’s kinda an open source thing, but under a corporate umbrella.

So yes, it appears that flash will inevitably be steamrolled by silverlight, with Popfly tightening the noose. Who knows, perhaps we’ll now see a whole new breed of annoying flash silverlight site intros.

Opera, Safari, iExplorer, Firefox, and now Chrome. Like we didn’t have enough mainstream browsers as it was. Google’s attempt to grab a slice of yet another market has now been realised, but is their new Chrome offereing enough to get people to switch?

I’ve finally had time to put Chrome through its paces on some of the sites I’ve created & maintained, which are all ajax-based, css standardised, and javascript heavy. As a devout Opera 10 user, it’s next to impossible to get me to switch browsers, but will Chrome have enough shine to move me?

To summarise:

Pros

• Compiled Javascript – all the sites performed much faster
• Site sandboxing – runaway scripts can be killed without having to crash the browser
• Plugins – I’m against plug-ins in general (bar small amounts of flash and firebug), but allowing them to run in their own process space sounds like a good thing
• UI look & feel – plus big points for minimalistic approach
• Open source
• Built-in DOM inspector

Cons

• “Most Visited” sites home page – Browse histories don’t do it for me. I need a programmable & static set of icons (Opera!)
• No mouse gestures – again, maybe it’s because Opera‘s spoiled me, but without mouse gestures, old-school ‘point and click’ is plain slow
• “Beta” – fair enough it’s just been released, but is there anything that ever makes it past beta from google (gmail anyone)? Perhaps they should just register the “beta” thing as a trademark and be done with it
• No Synrchonisation – This was something that got released with the new build of Opera a few months ago. It lets you log into your browser, and have it sync your bookmarks et al regardless of where you are or which computer you’re on.

Overall

Very nice attempt, if I was coming from IE or Safari, or possibly even firefox chances are I’d convert (though if I was a firefox fanboy, I’d stick with FF out of principal). Chrome beats all contenders when it comes to observable performance, plus the internal wiring’s more advanced. However, when it comes to useability, it just doesn’t size up to Opera.

Since Chrome’s open-source, I’m sure it’s just a matter of time until the community creates enough plug-ins to mimic the UI smarts built in to Opera; but until then, I’m willing to sacrifice a couple of seconds of site performance & load time, to the incredible amount of time saved with navigation.

Nice going Google, but I’ll wait for the RC!

A quick post for anyone struggling with Encrypted Website Payments (EWP) with Paypal and are getting the errors:

“Message 4003″, or
“The merchant is not a business or premier PayPal account. This feature is only enabled for a business or a premier PayPal account holder.”

You’ll get these errors if the variables you’re encoding aren’t formatted properly. To expand on the paypal doc’s:

“Each variable must be on its own line in the format: ‘key=value’”

What they fail to mention is that the line delimiters must be “n” rather than “rn”. If you use the native “Environment.Newline” it’ll do the latter, and add the return character screwing up your pk12 string that you set as your “encrypted” field.

I wasted a couple of hours on this stupid error.

Ok firstly there’s a lot of different content delivery network providers around. I’m going to be using Amazon CloudFront in this post because I’m endeared to their pricing structure ($0.17 per GB) and REST based API.

The problem: You have a web site hosted in the US. Whenever you connect to the site, all the resources are downloaded from that single host. If you pay for cheap hosting, chances are your download speeds are deplorable. Add to that the fact that if you hit the site from outside the US, you get worse performance due to latency. How do you make your site faster without spending big?

We all know that slow sites drives visitors away. If they click a link to your site, you better try your damned best to get your landing page up on their screen as fast as possible – before they hit ‘back’ and go to your competitor’s site.

Content Delivery Networks (CDN) are set up exactly for this purpose – to get your content onto your customer’s computer as quickly as possible.

CDN’s basically replicate your content onto “edge locations” that are servers that sit on crazy fast backbone networks, and are located in different continents around the world. When a customer requests some content, their request is routed to the geographically closest edge location, and the response is sent back. ridiculously fast.

CloudFront is Amazon’s implementation of this. To use it you’ll also need to register for an S3 account. There are a few considerations that you need to be aware of before going down this path, so it’s worthwhile reading on to get an overview.

A typically implementation will see that you serve images, video, audio, flash, whatever content from the CDN. Your actual HTML page, however, should be served from your normal web host (not mandatory, but easier this way). Whenever you reference a resource, eg an IMG such as: 

<img src=”/Images/Home.png” />

You just need to direct this to your CDN via:

<img src=”http://yourdomain.cloudfront.net/Images/Home.png” />

So that when the customer’s browser request the image, the route to the closest edge location will be determined, and will fulfil the request.

Pretty easy so far.

To get your image into the edge server, you need to pop it in the origin server, ie: your S3 bucket. Once you’ve uploaded it, you create a new distribution to CloudFront so that Amazon knows the content you’ve uploaded is to be placed on their CDN.

To do this, it’s best to check out the API

Price is always a consideration. You get charged for storage, and charged for transfers (not just from your edge location to the customer, but also from your S3 bucket to the edge location).

By default, content will expire after being at an edge location for 24 hours. It is only pushed to these locations when that location receives a request to serve some content. At that point it quickly goes to copy the resource from the bucket, and then serves this to the request.

Interestingly if you have big files (eg: video), browsers tend to chunk the request and download it in parts. If the browser requests from byte 0, then the entire resource is copied to the edge location. If the browser requests some other arbitrary byte, then only that chunk of the file is copied.

It’s not all smooth sailing. If you have secure content that you want to distribute, eg: user pays downloads, then you’re out of luck. Cloudfront only serves content, and provides no authentication, authorisation or restrictions of content. Furthermore it will strip all query parameters, so even if you’re trying to be clever, you’ll get tripped up here.

In summary, if you’re looking to increase the scalability and speed of your site, check out a CDN. Taking advantage of a globally distributed content network will let your users – wherever they’re geographically located – to hit your site, drive more throughput, and make more profits.