It's rare that I post anything personal related, but I decided today to share some random Tech, Geek, Fun, or whatever-related photos that I took in 2009.  See?  It's sort-of business and/or technical in nature! 

You can watch via slide-show, or view them one at a time below.  I also included something extra that makes me (for some strange reason) laugh uncontrollably.  It's a YouTube video at the end of this post.

I made some tweaks today to the new Twitter Widget that was released with BlogEngine.NET 1.6.  I noticed that @User and #Hash tags were not linked up, so I fixed that.

Below is the code you need to modify.  Any GREEN code is new, any BLACK code is code that was already there.  Should be pretty easy to cut/paste it in place.

Option #1: Download the widget.ascx.cs.zip (2.89 kb) file directly, drop it into your site, refresh.

Option #2: Make the following changes in the file: <root>/Widgets/Twitter/widget.ascx.cs:

Comment this out, or remove it all-together:

//if (title.Contains("@"))
//    continue;

Add the two lines shown here:

twit.Title = ResolveLinks(title);
twit.Title = ResolveUserLinks(twit.Title);
twit.Title = ResolveHashLinks(twit.Title);

Add the green lines below:

    //URL
    private static readonly Regex regex = new Regex("((http://|https://|www\\.)([A-Z0-9.\\-]{1,})\\.[0-9A-Z?;~&\\(\\)#,=\\-_\\./\\+]{2,})", RegexOptions.Compiled | RegexOptions.IgnoreCase);
    private const string link = "<a href=\"{0}{1}\" rel=\"nofollow\">{1}</a>";
    //@User
    private static readonly Regex regex2 = new Regex("@[a-zA-Z0-9]*", RegexOptions.Compiled | RegexOptions.IgnoreCase);
    private const string link2 = "<a href=\"{0}{1}\" rel=\"nofollow\">{2}</a>";
    //#Hash
    private static readonly Regex regex3 = new Regex("#[a-zA-Z0-9]*", RegexOptions.Compiled | RegexOptions.IgnoreCase);
    private const string link3 = "<a href=\"{0}{1}\" rel=\"nofollow\">{2}</a>";

Add the two green functions below:

    /// <summary>
    /// The event handler that is triggered every time a comment is served to a client.
    /// </summary>
    private string ResolveLinks(string body)
    {
        return regex.Replace(body, new MatchEvaluator(Evaluator));
    }
    private string ResolveUserLinks(string body)
    {
        return regex2.Replace(body, new MatchEvaluator(EvaluatorUser));       
    }
    private string ResolveHashLinks(string body)
    {
        return regex3.Replace(body, new MatchEvaluator(EvaluatorHash));
    }

    /// <summary>
    /// Evaluates the replacement for each link match.
    /// </summary>
    public string Evaluator(Match match)
    {
        CultureInfo info = CultureInfo.InvariantCulture;
        if (!match.Value.Contains("://"))
        {
            return string.Format(info, link, "http://", match.Value);
        }
        else
        {
            return string.Format(info, link, string.Empty, match.Value);
        }
    }
    /// <summary>
    /// Evaluates the replacement for each @User link match.
    /// </summary>   
    public string EvaluatorUser(Match match)
    {
        CultureInfo info = CultureInfo.InvariantCulture;
        String user = Regex.Replace(match.Value, "@", "");
        return string.Format(info, link2, "http://twitter.com/", user, match.Value);
    }
    /// <summary>
    /// Evaluates the replacement for each #Hash link match.
    /// </summary>   
    public string EvaluatorHash(Match match)
    {
        CultureInfo info = CultureInfo.InvariantCulture;
        String linktag = Regex.Replace(match.Value, "#", "%23");
        return string.Format(info, link3, "http://search.twitter.com/search?q=", linktag, match.Value);
    }

And that should do it!

BlogEngine 1.6 was just released with substantial SPAM Filtering and Comment Management upgrades.  As well, a number of bug fixes and other new features have been included such as Multiple Widget Zones.

You should follow this upgrade process, but I’ve also added my own summary of the steps I took below.

1. Make a backup!
2. Copy your live web to a test web, if you have the ability to test on another URL.
3. Download the 1.6 files on top of the 1.5 installation.
4. Delete the ExtensionsManager folder.
5. Change permissions on App_Data and Web.Config.
6. If you were using Akismet before, delete the Akismet Extension (leave the new AkismetFilter Extension)
7. Copy your original 1.5 .xml files from the App_Data folder back into the new 1.6 folder, but take care not to overwrite or delete anything new that was added.  Additionally, make sure you MERGE the settings.xml file as there were additional settings added.  The bottom line on this step?  Analyze the directories and file data to assure you're not losing anything that was added in (and required for) 1.6.
8. Recycle or restart the web site
9. Log in
10. Go to the Extensions admin tab
11. Disable the “Commentor” Extension if you were using it before (it’s now a part of the core)
12. Enable the AkismetFilter Extension (if you were using Akismet before, make sure to enter your account information)
13. Go to the Comments admin tab
14. Under the Configuration sub-tab, update your settings the way you wish!
15. Test your theme and other settings thoroughly (make sure you check your CSS in the upgrade process provided by the BE folks)
16. If all’s well, copy the temporary site to your live site and re-test!

Enjoy the new system.  I’m curious to see if I’ll need to re-add the CAPTCHA Solution, or if this new build will mitigate most SPAM. 

How has your upgrade gone?

UPDATE 02.21.2010:  Michael's post was updated to include a minor tweak required for BlogEngine 1.6 support.

I’ve gotten a fair amount of attention regarding a post which details ways to reduce SPAM within your BlogEngine installation.  Yesterday, I received a comment from Michael Ceranski about a his adaptation of a CAPTCHA implementation. 

I’ve installed it here, and it seems to work quite nicely.  A well-done and seamless integration within the AJAX commenting system BlogEngine employs.

Nicely done, and THANKS!
(Check it out here if you missed the link above)

Recognized for Most Innovative Relationship Management in a Downturn Economy

SAN JOSE, CA - 12/02/2009

Official Press Release Here

CenterBeam, an IT outsourcing provider, was named the winner of the “For Better or For Worse” award on November 20, 2009, as part of the second annual Outsourcing Relationship Management Awards – the RMMYs – sponsored by the Outsourcing Institute and Vantage Partners. This award recognizes the service provider with the most innovative approach in helping its customers do more for less in a downturn economy.

Vantage Partners and the Outsourcing Institute established the RMMY Awards in 2008 to broaden the dialogue about the importance of relationship management in achieving value, and to raise the bar for the industry. “Effective governance and relationship management is what sets apart the outsourcing deals that deliver the greatest value from those that fail,” said Danny Ertel, a founding partner of Vantage Partners. “Many providers have learned that it takes more than a few good people to manage a complex relationship to its full potential. The RMMYs shine a much-needed spotlight on those providers that have gone beyond 'talking the talk' to actually investing in developing the skills, processes, tools, and metrics to manage relationships effectively.”

“CenterBeam has quickly become an integral and trusted part of the SEMI IT team and helped accelerate our cost reduction initiatives,” states Gil McInnes, CIO of SEMI. “What has impressed me most about our relationship with CenterBeam is their collaborative approach and willingness to bear the risk of our relationship with a short term contract where they are literally earning our business every day. We benefit from a consistent level of IT service and support that allows us to scale up or down on a monthly basis to match our employment levels.”

As the category’s inaugural recipient, CenterBeam was recognized for its ability to help its customers do more with less. “From its short-term contract, to its scalable services and fee structure to its collaborative relationship management approach, CenterBeam’s model impressed the RMMY judges with its ability to incorporate the flexibility needed to stay in step with its clients evolving business conditions, as well as the natural evolution of technology,” states Frank Casale, CEO of The Outsourcing Institute. “CenterBeam provides a noteworthy example of how a world-class managed service provider can partner with its clients for shared success, and certainly something we would hold up for other outsourcing firms to aspire to.”

Winners will be formally honored at an award ceremony as part of the Outsourcing Institute’s “Outsourcing 2.0 Roadshow” on December 3, 2009 at the New York offices of Morrison & Foerster. They will also be promoted at “Outsourcing 2.0 Roadshow” events throughout 2010, and be showcased on www.outsourcing.com. For more information and to register for the Roadshow series and event for winners, please visit: http://www.outsourcing.com/roadshow.

About CenterBeam
CenterBeam is an award-winning managed IT services provider with a rich service portfolio including PC management, hosted Microsoft® Exchange email, helpdesk support, and network and server management. CenterBeam’s focus is providing mid-sized businesses with Fortune 500-class IT management and services for a fixed monthly fee. CenterBeam’s partner designations include: Intel® Certified – Powered by SpikeSource®, Microsoft® Gold Certified Partner, Cisco® Silver Partner, Citrix® Certified Partner, Juniper® Elite Partner, VMware® Authorized Consultant (VAC), and VMware VIP Enterprise Partner. For more information, visit www.centerbeam.com.

About Vantage Partners
Vantage Partners leads the field of relationship management, building on more than 20 years of research and consulting experience with the world’s leading companies. A spin-off of the Harvard Negotiation Project, Vantage Partners helps organizations negotiate and manage their most important business relationships, with key customers, suppliers, and business partners. Vantage works with clients on specific relationships as well as on enhancing their institutional capabilities, to make effective negotiation and relationship management a repeatable process. For more information, please visit: www.vantagepartners.com.

About The Outsourcing Institute
Founded in 1993, The Outsourcing Institute (OI), located at outsourcing.com, is a neutral professional association dedicated solely to outsourcing. As one of the most influential and credible in the outsourcing space, OI is recognized worldwide for its intellectual capital, outsourcing practice expertise and unbiased thought leadership. OI’s commitment to innovation, along with its mission to advance the skills and knowledge of its membership, has made it the most respected and relied upon brand for the outsourcing marketplace. OI’s executive network, which is comprised of more than 70,000 professionals worldwide, looks to OI as the go-to source for outsourcing thought leadership, information and advice. www.outsourcing.com.

# # #

I happened to be digging through my garage somewhat recently, and ran across my
Apple ][+ (of the Apple ][ Series) computer (and it’s green monitor, and dual floppy drives, and joystick, etc).  I’ll do an update to that experience later…  But for now, I want to share something for all the people out there who believe there’s some sort of cold war between Microsoft and Apple </sarchasm>

I was quite pleased somewhat recently when I purchased a Mac Mini and found that my Microsoft Wireless Mouse and Keyboard worked flawlessly with it.  Saves me the hassle and monetary pain of buying something Apple-branded…and I can just get a USB switch to swap between my PC and Mac.  Beauty!  “Apple and Microsoft are playing nice”, I thought to myself.

Then the garage project happened.  As I started digging, I found something that made me stare in shock and awe.

I don’t recall specifically what this chip is for, but I think it might have had something to do with when I upgraded my 48KB memory to a whopping 64KB.  Oh yeah, memory to the max people.  Regardless, I found a couple spare chips in my trip down Apple ][+ memory lane.  One of those chips happened to have both Apple and Microsoft inscribed on it!

Amazing, I thought to myself.  Not only are they in secret cahoots today…but Apple and Microsoft have been scheming against us since the late-70’s and early-80’s!  How long has this conspiracy been going on?  How many other instances of this unholy union exist?  Remember Apple’s first programming language?  What do you get when you merge the names “Apple” and “Microsoft”?  Applesoft BASIC (confirmed to be provided by Microsoft)!  Oh, the humanity…

<chuckle>  It’s not so bad, is it?

While I’m not overly thrilled with my long-term bank Wells Fargo, mainly because of their recent assault of unexpected monthly fees across all of my accounts (I do all of my personal and business banking with them, including my mortgage), there are some things they’re doing very well…and that’s what the focus of this article is about.

Today I deposited a number of checks into both my personal and business checking accounts.  I got my checks lined up, signed, and added up the totals for each account so I could fill out my deposit envelopes when I got to the ATM machine.  It’s a routine, really.

I got to the bank and was disappointed to see that the envelope dispenser was empty.  No, wait…it’s not even THERE anymore.  What?  I walked around the ATM with a confused look, half expecting the new envelope dispenser to jump out of somewhere and bite me.  I’m sure I entertained at least a couple of on-lookers.

Eventually, I spotted a sticker where the envelope dispenser used to be.  This ATM no longer requires envelopes, it exclaimed.  I stared in astonishment.  Then I got excited to see how this might have been implemented…and immediately got distracted by my own pessimism about how this is probably something to benefit Wells Fargo and not me (like the plethora of fees I now pay).

So, off we go.  I insert my first first ATM card for the account I only have one check to deposit…I figure I’d better go easy on this new system until I get the hang of it.  I insert the check, sans envelope, and listen to it churn for a couple seconds.  Poof, there’s a snapshot of my check on-screen including the amount of the check.  Yes, it read a hand-written check perfectly.  I clicked the green confirm button, and got a receipt…WITH an image of the check on it. 

<blink> <blink>

Wow, that was cool.  Ok, let’s see what it does with 7 checks at once.  Stacked ‘em all up (you don’t have to insert them individually) and shoved ‘em in.  Listened to the system sort the checks and start sifting through them.  In all, it probably took 10 seconds for the entire process and I was staring at snaps of my checks and amounts for each on the screen.  I confirmed and got a receipt with, you guessed it, all seven checks printed with amounts. 

Awesome.

I have to give kudos to Wells Fargo for a VERY slick system.  Not only does it remove my pain of having to fill out (or even find) envelopes, do math, and lick an envelope…but it also saves a few trees along the way, by entirely eliminating envelopes.

Now, if they would simply allow me to deposit my checks by taking photo of them via my Wells Fargo iPhone app, like USAA Bank…I might have to do a little dance.  Take a look at a video demo of what USAA is doing below. 

How is your bank making you happy?

For the 2009 series, the USOpen has launched an on-line video stream for all of their broadcasts that is magnitudes better than any other I’ve seen to date.  I’m sure there are some good ones I may have missed, but this one has fantastic features that can’t be overlooked.

This is a game-changing way to watch tennis.  First, I’m not the type of person who will go out of my way to watch the game, but have found myself doing so.  If I could do this with football or hockey?  Trouble in the making!  I hope to see other stations and organizations following this fantastic business lead.  Read on for the features…

The stream is crisp, clear, and snappy to load up.  But that’s just the tip of the iceberg.  Once loaded, you’re presented with a number of options right on the screen:

• View other courts (top left):  This displays video from all 5 courts that have feeds as well as scores, clicking on one will take you to that broadcast.
• Game statistics (bottom left):  Aces, 1st Server %, Double Faults, Win % on 1st/2nd serves, Winners, Unforced Errors, Receiving Points Won, Break Pt. conversions, Total Points Won, Net Approaches.  Real time, ON SCREEN!
• Fanbook (top right):  Sign up for an account, and you can comment on the match along the way…or just sit their and read if you don’t want to interact.
• Picture in Picture (bottom right):  Yep, pick one of the other stadiums and you can watch a smaller stream of that!  Click the “swap” button, and voila…PIP is swapped.  Awesome.

Click on the image in this article to see a full-screen version of the stream with all four options expanded.  clicking them again nicely hides them out of they way.

Better yet, head over to USOpen.org and watch for yourself!

What additional features can I imagine?  The ability to view your own camera angles instead of leaving that up to the event producer, ability to tie into your Facebook or Twitter account so whatever you type in the “Fanbook” section shows up on other social media sites, an alert for an amazing play you may have missed on another court (with the ability to quickly catch a replay), the list goes on…  I’m looking forward to the 2010 version!

What additional features can YOU imagine?  Have you seen a better player out there?  Let me know in the comments…

The purpose of this post is two-fold:

First:  To stress the importance of preserving the security of your on-line identity

Second:  Exposing a company who’s doing an inexcusably poor job of protecting your on-line identity

Most of us don’t realize how insecure the on-line world can be.  You create an account on a website, give it a username and the password of your choosing.  That password is obfuscated with asterisks so someone over your shoulder can’t see it, and many sites even require certain complexity (numbers, upper/lower-case letters, special characters, length, etc) to help assure your password is not easily guessed by a human or a brute-force and/or dictionary attack.  As well, the registration form is usually protected with SSL (aka: Secure Sockets Layer, Transport Layer Security, or when you see https:// in the URL) encryption.  Beyond that, you’ll usually enter an email address where you’ll have to validate that you’re you before you can even proceed on the website. 

Sounds like a pretty secure process, right?  In most cases, it is.  The problem with this, is you’re only exposed to how they protect you from OUTSIDE exploits.  Everything mentioned above does nothing to protect you from an INSIDE exploit…and frankly, an inside exploit is FAR more likely than an external one for 99% of the population.  A rogue IT Administrator or Webmaster, or worse yet…an internal company process that ALLOWS employees access to your private information.

ZipRealty is a company that I’ve used for a number of years to help keep an eye on property values in my area.  I set up some criteria for alerts that send me emails, and I had a hankering to make a change to those emails just the other day.  I logged in and found out that the system said I didn’t have any “saved searches”, despite the fact that I was getting emails from them.  So, I asked for help in straightening this out.

When you register at ZipRealty, they assign you to a Real Estate agent.  I’ve had more of these agents assigned to my account than I can keep track of, as it appears they have a fairly high turn-over rate for their agents.  Since all my “alerts” come from this person’s email address, I replied to her.  I asked why it was that I was getting alerts but didn’t seem to have the ability to modify them.  After going back and forth a bit, it came into question whether or not I might have two accounts assigned to the same email address (turns out I didn’t…but that’s not the important part).

In order to verify whether or not this was the case, she emailed me information about my account and asked me, “Is this you?”

Here comes the sad part.  She emailed me, in plain text across the Internet, not only my user account…but my PASSWORD.  It’s bad enough she did that, but the far worse situation is that she actually had ACCESS to my password.  This is an agent that likely signed up to get leads from this service and was randomly assigned to various user accounts.  This person, who will likely not be assigned to me due to turn-over in the next 3 months has access to my username AND password.

The grand point of this post?  There are two of them:

1. Don’t judge a book by it’s cover.  Just because their outward appearance seems secure, does NOT mean the internal workings are anywhere near as secure.
2. Do not use ZipRealty.  If you do?  Change your password to something you do not EVER use anywhere else.  If you have the same username and password on another site…someone from ZipRealty (and possibly other poorly managed companies) has access to that site.  Let’s hope it’s not the same as the account to your on-line banking site.

What’s the best means to protect yourself against inside exploits?

Do not use the same password on any two sites.  I know…I know…how can you remember them all?  Options:

• Build a spreadsheet with all of your passwords (and password protect that spreadsheet.)
• Use a password management application.  There are lots of them out there.  I would avoid the ones that store your passwords on-line, but that’s just me.
• Assuming you have a good password to begin with (secure from outside exploits), you can add characters to this password that pertain to the site you are registering with.  This makes your password unique, albeit only slightly different (and thus, still easy to remember).  For example, if your password is normally “password” (please, tell me that’s not your password)…your new password for ZipRealty.Com might be “ZpassRwordC”.  Be creative, but memorable for you…and not something so obvious that someone looking at ZpassRwordC knows that your WellsFargo.Com password is going to be WpassFwordC.  My example was just a simple example, not a gold standard!

Have you seen similarly poor security practices anywhere?  Have you experienced any security breaches from particular companies?  Please share them in the comments…

UPDATE 8/6 8.04am: It appears to be a Denial of Service attack that Twitter is currently combating.

Back when Twitter was still just a method for geeks to spout off about whatever, seeing the Fail Whale was quite commonplace.  Multiple times per day, Twitter would get overloaded and the system simply couldn't keep up.  Post venture capital, it's finally come around that everyone from celebrities to the stiffest of corporations to your Mother is tweeting...and the system has been rock solid 6-9 months.

Until today, it would seem!  It appears that around 6am PST, the system simply stopped responding.  We have not even been blessed with the appearance of the Fail Whale, just a Page Not Found error.  <gasp>  What are we to do with ourselves??!

About 40 minutes ago (6.30am PST), Twitter posted that the site is down and they're trying to resolve it.

Denial of Service?  Catastrophic Crash?  Hack?  And you thought the Twitpocalypse was bad...  <grin>  Good luck enjoying a Twitter-free couple of hours!

It will be interesting to see how long this lasts, and how this affects Twitter's reputation as a reliable communication tool, instead of just a Social Network.  The good news is, massive outages such as this usually lead to improved infrastructure to combat such issues in the future.  My guess is that will be the case, and Twitter will live to not die another day (well, until the next major system outage...)

All this lack of Twitterness reminded me of this video, quite hysterical even for those of us who use Twitter regularly!  Hey, if you can't laugh at yourself...right?  The Fail Whale ending is classic...