Wednesday, December 2, 2009

Basic Connection Troubleshooting Steps

This how-to has been written for the layperson who observes that he/she cannot connect to the Internet in the UP Manila Network while others can.

Note: This is not how technical support agents troubleshoot. These steps are for end users which have limited knowledge of networking or the network in which they are operating. Thus, the difference in steps of troubleshooting.

For Windows XP:

1. Check the physical connection. Unplug the internet cable1 (you should see an error message that the cable has been unplugged) and plug it back (you should see an update pop-up indicating the network has been connected. If you don't see any error about being disconnected when you unplug the cable at the back within 5 seconds, powercycle*. If after powercycling you did the same procedure with the same results, call IMS. If it gets connected but you cannot browse, go to Step 2.

*Powercycle - Turn off the computer, wait for 5 seconds, then turn it back on.

2. Clear cache and cookies.
For Internet Explorer – Go to Tools >> Internet Options >> Click "Delete Cookies" and "Delete Files" and check "Delete Offline Content," then "OK." Wait for the browser to delete old corrupt files (called "cache"), close the browser and open it again.

For Mozilla Firefox 3.5 – Go to Tools >> Clear Recent History
Try browsing. If you still cannot, close your browser, open it again and go to Step 3.

3. Check proxy settings.

For Internet Explorer or Google Chrome– Start >> Control Panel >> Internet Options >> Connections >> LAN Settings: Proxy Server must be checked, and the field must contain “proxy.upm.edu.ph,” Port : 3128

For Mozilla Firefox – In Mozilla Firefox: Tools >> Preferences >> Advanced >> Network >> Settings >> Manual Proxy Configurations. Field must contain “proxy.upm.edu.ph,” Port : 3128

4. Check the website you're getting to. See if you could go to that website using the PC which could connect to the Internet. If you cannot connect to that website using that PC, then it might be a problem of the website itself. If this is not the solution (you can go to the website using the other PC or you cannot go to MANY websites with your own PC), go to 5.

5. Are you able to use chat (YM or AOL IM?)? If you can, you might have a problem with the browser. Try uninstalling and reinstalling. If you do not want this messy process, go to 6.

6. Repair internet connection.
Start >> Control Panel >> Network Connections. Right-click the "Local Area Connection" (if your computer is physically connected) or the "Wireless Network Connection" (if you're connecting using wireless) and then select "Repair." This will renew your IP and refresh your DNS Cache, among others. After doing this, close and re-open your browser and see if you could connect.

7. Disable your protection (eg, antivirus) software temporarily, repair internet connection, and then try to browse. If you can browse, enable again your protection software and see if you can still browse. If you cannot browse again, then there is a conflict between your antivirus software and your internet connection or your browser. Contact the manufacturer of your protection software. However, if after disabling the protection software you still cannot browse, go to 8.

8. Powercycle your computer, try browsing. If you still cannot, try Steps 2 and 6, and start connecting. If you still cannot, Call IMS.

Obviously, I advise you to print this out since you cannot read this if you are not connected.

to be continued: For Ubuntu and Mac.

Saturday, November 7, 2009

Not-so-futuristic CAS Website

Looking at what technology offers now but is still not being utilized, here is how I envision a college website:
  1. Faculty Profile - Website visitors can search for specific faculty member's profile, highlighting research interests, academic achievements, publications and consultancies and programs related. Visitors can also search for faculty based on specific specialization for possible consultancy work.
  2. Student Enrollment Data - Visitors can get real-time data on enrollment of students, by program, by degree level. The data should be taken from CRS.
  3. Research Database - On-going and finished research projects (including undergraduate student thesis), searchable by department, program, faculty adviser, keywords. There is also a summary presentation of number of thesis by department, program, keywords. Abstracts are viewable and the full document is downloadable as PDF.
  4. Research Projects - Research projects recently finished by faculty members and which have been published in journals or presented in conferences. Faculty concerned is linked to his/her individual online profile.
  5. Extension Projects - Extension or linkages are promoted. This section gives an overview of the nature and purpose of the project, what is the role of the faculty and the College, and links to the related faculty's profile.
  6. Department Information - Individual departments' information and promotion of their achievements and their profile. Includes links to their active faculty and their research or extension projects.
  7. Department News - Announcements from departments of their plans or programs.
  8. Program Information - Promotional material of individual degree programs. Includes curriculum, member faculty members, notable alumni, course requirements, among others.
  9. Faculty Database - Administrators can search for specific profile based on certain fields of interest. Administrators also can view summary presentation of faculty profile, based on departments, employment status, academic achievements, research interests, fields of specialization, residence, etc.
  10. Working Contact Us - Yes. A working "Contact Us" page. Inquiries should also be stored to create an FAQ page.
Of course, the basic college information (VMG, management team, news, list of programs and departments, etc.) should all be there.

What else should there be?

Sunday, November 1, 2009

Information strategy for an educational institution

After the University Information System Strategic Planning workshop hosted by the Information Management Service of UP Manila, most of the units saw the gap between opportunities and goals on one end and the current practice on the other in terms of information technology. The College of Arts and Sciences--with their BS Computer Science program and one of the few units which have its own server--was not exempted.

Professor Roli Talampas, IMS director, used a comprehensive strategic planning approach in integrating the information systems of the UP Manila, the Philippine General Hospital, and the National Telehealth service. Unlike usual corporate information systems strategy formulation which was limited to top-down or utilized information technology as a function to support core businesses, this involved both top-down and bottom-up planning approaches and allowed information resources be managed as a knowledge opportunity. I think it was commendable.

The ISSP workshop was the beginning--that was the top-down approach. Now, it is the turn of the units to do their part--to go to the nitty-gritty part of planning, identifying what needs to be done, what resources we have, how do we get to where we want to go in terms of our college vision and mission through appropriate use of information resources.

As of the moment, being the IT Officer does not mean anything--except being responsible for information technology without compensation, thus resulting to being unable to be really responsible because you don't have resources.

It has been pointed out by four colleges in the ISSP that there is a need for a dedicated person to be in charge of IT so that it will be responsive to the needs of the faculty and the students and so that units will be able to accomplish what they exist to accomplish. That is what the College IT Council (or something) hopes to be.

The Office of the Dean asked for a representative from each of the departments for the soon-to-be chartered IT group of the college. IT will be a policy-making and implementing body of the College and the University when it comes to information concerns.

Of course, this IT body will only be as effective as the people behind it are dedicated.

With that said, let me express my hope that this information initiative will be implemented, together with opportunities in knowledge sharing and utilization so that the College can better serve the students and the people.

Ubuntu 9.10 - released

I just updated my Ubuntu 9.04n to Ubuntu 9.10 last Friday. Aside from the impressive aesthetics, Karmic Koala (codename of 9.10) seems to have responded to various calls for it to be intuitive (that is, imitating Windows interface). So much for the unique gang of Linux users.

Of course, this is a sort of marketing campaign to attract more users and gain more share in the OS market--considering that there are even more coming, with impressive backers (such as Google's Android).

Windows users would find it easy to navigate with and find the same functionality in the right-click--it even contains "Compress" and "Format" if you do it on a disk space. Maybe, I did not understand what Ubuntu wanted to do then.

(Does the "compress" option mean that Ubuntu's file system won't be as efficient as it used to be, that it needs to compress?)

The promise of faster boot-up--I have not yet observed this.

Also, finally, Mozilla Firefox has been upgraded to 3.5 in 9.10, and OpenOffice.org has been updated to 3.1. All my basic extensions and add-ins are working--particularly Scrapbook and Twitterfox.

Of course, this is considering that my laptop is dual-boot with Windows XP.

For more information, go to www.ubuntu.com.

Tuesday, September 29, 2009

Available services for online discussions

Just today, Professor Anna Theresa Santiago tweeted that Vice Chancellor Josefina Tayag encourages professors to assign activities to students and/or conduct online discussions. In this line, I will talk shortly about available services for online discussions.

While there are many online services available, each has its strength. Let's take a look at some:
  • Instant Messaging
Using the Conference feature of your IM client (eg, Yahoo! Messenger, Google Chat, AIM, etc.), you can talk to many participants in a conference in near real-time.

Yahoo! Messenger or IM-only software
Strength: Number of participants almost limitless
Weakness: Text only. Sharing files available but participants need to download. Participants need to use the same system.
How to use: Assuming all your students use the same system, you ask them prior to logging in that you will be available online at a particular time. Once all of them are online, you invite them to join the online conference. You may want to set "house rules" in that particular conference as an online conference can be very unstructured.
  • Blogs
The good thing about blog is that you can talk at length about a topic (like a lecture), and then ask your students to give their comments.

Strength: Allows non-realtime interaction. Participants can respond to other participants even at different times. Allows posting of other online resources, such as online video from YouTube or online slideshows.
Weakness: Interaction not as dynamic as IM. You maybe typing a comment that someone else has already entered, so you are not able to support or respond to one another.
How to use: You create your blog. You share the particular post you want them to read, and then ask them to post their comments. Most blogs ask participants to register before leaving a comment.
  • Online forums
Also called message boards (eg, Proboards.com), Online forums allow one to post a comment/issue, then all other interested participants can respond. Your participants need to be registered (ie, like a member of an organization) to respond and leave a comment. Your participants are relatively permanent.

Strength: Captures your audience
Weakness: Not realtime.
How to use: You create a message board, and then invite your students to register. After they register, you create your first thread/topic, and students respond.
  • Online Presentations
If you use Google Docs or the UPM Post Mail (http://post.upm.edu.ph) you can upload your presentations or documents, have others read it, while you talk about it, in the same screen. People can also interact with you like in IM, also in the same screen.

Strengths: Multi-channel (text, visual and other available online resources) near-realtime communication
Weaknesses: People have to have Google Mail or UPM Post Mail.
How to use: You upload your presentation (or document) to Google Docs, then invite your participants by sharing them. People will need to log in or register using the link you send them.

Of course, you can use any combination of these.

If you have questions, just IM me.

Friday, September 25, 2009

How email service providers tag spam

As a former technical support representative for two big Internet Service Providers (ISPs) in the United States, I have come to understand how their mail servers work in reducing spam. Of course, the one I would like to discuss is just the basic manner of recognizing spam. Providers may have other means of identifying spam.

First: For definition, we will work on "spam" as unsolicited email--be it business, advocacy or commercial email. I will not talk about IM spam or SMS spam or gaming spam. I will discuss spamming in emails.

Spam identification is the key to spam reduction, so ISPs actually focus on that aspect. As soon as they determine that an email is spam, what they do with that spam is just a matter of creativity on the email address owner or the email service provider.

There are two key strategies in spam identification: Keyword monitoring and Spam tagging.

Keyword monitoring is (of course) monitoring key words in the email's subject line. Based on the ISP's pre-studied list of words that are most likely to contain spam, ISPs control the distribution of messages that have these words. Instead of going to the recipients' Inbox, they go to the Junk or Bulk mail folder.

This means that if you send email with words such as "tits" or "dicks" in your email, this will probably be sent to the Spam folder of the recipient if the email server has that approach in spam detection.

While this seems logical, the downside of this is not supported by certain groups as this same rule may be applied to the words such as "breasts" or "penis" which may be required in medical professions. Useful emails may be forwarded to the spam folder without knowledge of the recipient (obviously) even though they intend to receive it.

Spam tagging refers to the use of the "Report Spam" or "This is spam" feature of your email service provider to report that the email you are reading is actually a spam. Most of the email service providers have this feature, but the level of effect of the feature varies.

With this feature, what happens usually is that the email you use is transferred to your Spam folder. What you may not know, however, is that what you actually do is not just tag the email as spam, but tag the sender as a spammer.

This indicates that if a certain number of users tag that email sender as a spammer, the email server of the recipient will automatically tag it as spam, resulting to the future emails of that sender to be forwarded to the Spam folder, even for other receivers.

Spam identification focus on two parts of the communication model: the message (Email subject line)b and the sender (Email sender / address), with the channel (email service provider) processing also the setting of rules in spam identification.

The implication of these technologies is simply discretionary use of spam identification. Spam costs a lot of money for organizations as they have to deal with wasted resources (bandwidth) and time (for deleting spam), not to mention privacy and other security issues, so proper identification of spam is really useful. On other hand, be careful with tagging an email as "spam" if you are in an organization where the sender is sending relevant information that only you do not appreciate receiving. You may be costing the inconvenience not just to the sender but to the other recipients.

Resolution for recipients who have discovered they have received an email but it is in the Spam folder when it is actually not spam:
  1. Use the "Unmark as spam" or similar feature
  2. Add the recipient's email address to your address book. This adds a rule to your email that the sender is a valid contact.

Thursday, September 10, 2009

What is cloud computing?

Wikipedia defines "cloud computing" as a "paradigm of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet." For me, it is just a way of computing (or doing your work with your computer) with your data or your applications--or both--on the Internet.

To concretize, look at Google Docs, or Zoho, or ThinkFree. Also, previously, when one conceives of a website, you use either your Notepad or Microsoft Frontpage. Now, you can do so with Google Sites, which reduces your need to learn HTML or similar languages. Further, Google Sites allows collaboration, multiple types of access, and easy addition of content. Imagine if you will have to write all these in code, and you are not a computer science graduate.

Why "cloud compute?" As Eric Knorr and Galen Gruman say, it "comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software."

The previous paragraph summarizes the benefits. What are the costs? As I see it, it is minimal. Access to the Internet and necessary software for connecting to the internet (which can be free, considering open source solutions), which are all being used anyway.

I will stop here. But I hope this short post stimulates your creativity--focusing on your own interest while expanding your capability at minimal if no cost.

Friday, July 17, 2009

Understanding Patches

Cyber Security Tip ST04-006

When vendors become aware of vulnerabilities in their products, they often
issue patches to fix the problem. Make sure to apply relevant patches to
your computer as soon as possible so that your system is protected.

What are patches?

Similar to the way fabric patches are used to repair holes in clothing,
software patches repair holes in software programs. Patches are updates that
fix a particular problem or vulnerability within a program. Sometimes,
instead of just releasing a patch, vendors will release an upgraded version
of their software, although they may refer to the upgrade as a patch.

How do you find out what patches you need to install?

When patches are available, vendors usually put them on their websites for
users to download. It is important to install a patch as soon as possible to
protect your computer from attackers who would take advantage of the
vulnerability. Attackers may target vulnerabilities for months or even years
after patches are available. Some software will automatically check for
updates, and many vendors offer users the option to receive automatic
notification of updates through a mailing list. If these automatic options
are available, we recommend that you take advantage of them. If they are not
available, check your vendors' websites periodically for updates.

Make sure that you only download software or patches from websites that you
trust. Do not trust a link in an email message—attackers have used email
messages to direct users to malicious websites where users install viruses
disguised as patches. Also, beware of email messages that claim that they
have attached the patch to the message—these attachments are often viruses
(see Using Caution with Email Attachments for more information).
______________________________
___________________________________

Both the National Cyber Security Alliance and US-CERT have identified this
topic as one of the top tips for home users.
_________________________________________________________________

Author: Mindi McDowell
_________________________________________________________________

Produced 2004 by US-CERT, a government organization.

Note: This tip was previously published and is being re-distributed
to increase awareness.

Originally Published at: http//www.us-cert.gov/cas/tips/ST04-006.html

Wednesday, July 1, 2009

Understanding Anti-Virus Software

Cyber Security Tip ST04-005


Anti-virus software can identify and block many viruses before they can
infect your computer. Once you install anti-virus software, it is important
to keep it up to date.

What does anti-virus software do?

Although details may vary between packages, anti-virus software scans files
or your computer's memory for certain patterns that may indicate an
infection. The patterns it looks for are based on the signatures, or
definitions, of known viruses. Virus authors are continually releasing new
and updated viruses, so it is important that you have the latest definitions
installed on your computer.

Once you have installed an anti-virus package, you should scan your entire
computer periodically.
* Automatic scans - Depending what software you choose, you may be able to
configure it to automatically scan specific files or directories and
prompt you at set intervals to perform complete scans.
* Manual scans - It is also a good idea to manually scan files you receive
from an outside source before opening them. This includes

* saving and scanning email attachments or web downloads rather than
selecting the option to open them directly from the source
* scanning media, including CDs and DVDs, for viruses before opening any
of the files

What happens if the software finds a virus?

Each package has its own method of response when it locates a virus, and the
response may differ according to whether the software locates the virus
during an automatic or a manual scan. Sometimes the software will produce a
dialog box alerting you that it has found a virus and asking whether you
want it to "clean" the file (to remove the virus). In other cases, the
software may attempt to remove the virus without asking you first. When you
select an anti-virus package, familiarize yourself with its features so you
know what to expect.

Which software should you use?

There are many vendors who produce anti-virus software, and deciding which
one to choose can be confusing. All anti-virus software performs the same
function, so your decision may be driven by recommendations, particular
features, availability, or price.

Installing any anti-virus software, regardless of which package you choose,
increases your level of protection. Be careful, though, of email messages
claiming to include anti-virus software. These messages, supposedly from
your ISP's technical support department, contain an attachment that claims
to be anti-virus software. However, the attachment itself is in fact a
virus, so you could become infected by opening it (see Using Caution with
Email Attachments
for more information).

How do you get the current virus information?

This process may differ depending what product you choose, so find out what
your anti-virus software requires. Many anti-virus packages include an
option to automatically receive updated virus definitions. Because new
information is added frequently, it is a good idea to take advantage of this
option. Resist believing email chain letters that claim that a well-known
anti-virus vendor has recently detected the "worst virus in history" that
will destroy your computer's hard drive. These emails are usually hoaxes
(see Identifying Hoaxes and Urban Legends for more information). You can
confirm virus information through your anti-virus vendor or through
resources offered by other anti-virus vendors.

While installing anti-virus software is one of the easiest and most
effective ways to protect your computer, it has its limitations. Because it
relies on signatures, anti-virus software can only detect viruses that have
signatures installed on your computer, so it is important to keep these
signatures up to date. You will still be susceptible to viruses that
circulate before the anti-virus vendors add their signatures, so continue to
take other safety precautions as well.
______________________________
___________________________________

Both the National Cyber Security Alliance and US-CERT have identified this
topic as one of the top tips for home users.
_________________________________________________________________

Authors: Mindi McDowell, Allen Householder
_________________________________________________________________

Produced 2004 by US-CERT, a government organization.

Note: This tip was previously published and is being re-distributed to
increase awareness.

Terms of use

http//www.us-cert.gov/legal.html

This document can also be found at

http//www.us-cert.gov/cas/tips/ST04-005.html

Friday, June 26, 2009

Spam, Phishing, and Malicious Code Related to Recent Celebrity Deaths

US-CERT is aware of public reports of an increased number of spam
campaigns, phishing attacks, and malicious code targeting the recent
deaths of Michael Jackson and Farrah Fawcett. These email messages may
attempt to gain user information through phishing attacks or by
recording email addresses if the user replies to the message.
Additionally, email messages may contain malicious code or may contain
a link to a seemingly legitimate website containing malicious code.

US-CERT would like to remind users to remain cautious when receiving
unsolicited email. Users are encouraged to take the following measures
to protect themselves from these types of attacks:
* Do not follow unsolicited web links received in email messages.
* Install and maintain up-to-date antivirus software.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

Relevant URLs:

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

Originally posted at:

http://www.us-cert.gov/current/index.html#spam_campaigns_based_on_recent

Wednesday, June 24, 2009

Sharing data on health with patients: An IT policy question

I saw this article about IT policy in the health service delivery. Considering that we are in a health science center, maybe we ought to be aware of some trends in other countries.

Original article follows:
================
A new push for health data rights
by Dana Blankenhorn

A coalition of health IT reformers today offers a Bill of Heath Data Rights aimed at moving the heart of the health IT debate away from doctors and insurance companies, toward patients.

This is the brainchild of former Google Health executive Adam Bosworth and Patientslikeme co-founder James Heywood. My copy was forwarded by David Kibbe.

The actual proposal is postcard simple:

In an era when technology is allowing personal health information to be more easily stored, updated, accessed and exchanged, the following rights should be self-evident and inalienable. All people:

  • Have the right to their own health data.
  • Have the right to know the source of each health data element.
  • Have the right to take possession of a complete copy of their individual health data, without delay, at minimal or no cost. If records exist in computable form, they must be made available in that form, without delay, at minimal or no cost.
  • Have the right to share their health data with others as they see fit.

These principles express basic human rights as well as essential elements of health care that is participatory, appropriate and in the interests of each patient. No law or policy should abridge these rights.

The expected reaction from the industry is “yeah, but.” Yeah, but it’s not that simple. Yeah, but most people don’t care. Yeah, but how do you express that in software.

The hope is that the principles behind HIPAA can be maintained while the costs of HIPAA, and the use of it as a smokescreen for luddism by the health IT industry, can be foregone.

That’s a big hope for such a short document.

I’m afraid that if this became part of some law passed by Congress it certainly would become a new HIPAA law. But if NCHIT David Blumenthal can convince the President to make this part of an executive order, something that exists in spirit and is defined on-the-fly, it might be worthwhile.

Originally posted on: http://healthcare.zdnet.com/?p=2373&tag=nl.e019

Friday, June 5, 2009

Good Security Habits

Cyber Security Tip ST04-003

There are some simple habits you can adopt that, if performed consistently,
may dramatically reduce the chances that the information on your computer
will be lost or corrupted.

How can you minimize the access other people have to your information?

You may be able to easily identify people who could, legitimately or not,
gain physical access to your computer—family members, roommates, co-workers,
members of a cleaning crew, and maybe others. Identifying the people who
could gain remote access to your computer becomes much more difficult. As
long as you have a computer and connect it to a network, you are vulnerable
to someone or something else accessing or corrupting your information;
however, you can develop habits that make it more difficult.
* Lock your computer when you are away from it. Even if you only step away
from your computer for a few minutes, it's enough time for someone else
to destroy or corrupt your information. Locking your computer prevents
another person from being able to simply sit down at your computer and
access all of your information.
* Disconnect your computer from the Internet when you aren't using it. The
development of technologies such as DSL and cable modems have made it
possible for users to be online all the time, but this convenience comes
with risks. The likelihood that attackers or viruses scanning the
network for available computers will target your computer becomes much
higher if your computer is always connected. Depending on what method
you use to connect to the Internet, disconnecting may mean disabling a
wireless connection, turning off your computer or modem, or
disconnecting cables. When you are connected, make sure that you have a
firewall enabled (see Understanding Firewalls for more information).
* Evaluate your security settings. Most software, including browsers and
email programs, offers a variety of features that you can tailor to meet
your needs and requirements. Enabling certain features to increase
convenience or functionality may leave you more vulnerable to being
attacked. It is important to examine the settings, particularly the
security settings, and select options that meet your needs without
putting you at increased risk. If you install a patch or a new version
of the software, or if you hear of something that might affect your
settings, reevaluate your settings to make sure they are still
appropriate (see Understanding Patches, Safeguarding Your Data, and
Evaluating Your Web Browser's Security Settings for more information).

What other steps can you take?

Sometimes the threats to your information aren't from other people but from
natural or technological causes. Although there is no way to control or
prevent these problems, you can prepare for them and try to minimize the
damage.
* Protect your computer against power surges and brief outages. Aside from
providing outlets to plug in your computer and all of its peripherals,
some power strips protect your computer against power surges. Many power
strips now advertise compensation if they do not effectively protect
your computer. Power strips alone will not protect you from power
outages, but there are products that do offer an uninterruptible power
supply when there are power surges or outages. During a lightning storm
or construction work that increases the odds of power surges, consider
shutting your computer down and unplugging it from all power sources.
* Back up all of your data. Whether or not you take steps to protect
yourself, there will always be a possibility that something will happen
to destroy your data. You have probably already experienced this at
least once— losing one or more files due to an accident, a virus or
worm, a natural event, or a problem with your equipment. Regularly
backing up your data on a CD or network reduces the stress and other
negative consequences that result from losing important information (see
Real-World Warnings Keep You Safe Online for more information).
Determining how often to back up your data is a personal decision. If
you are constantly adding or changing data, you may find weekly backups
to be the best alternative; if your content rarely changes, you may
decide that your backups do not need to be as frequent. You don't need
to back up software that you own on CD-ROM or DVD-ROM—you can reinstall
the software from the original media if necessary.
______________________________
___________________________________

Both the National Cyber Security Alliance and US-CERT have
identified this topic as one of the top tips for home users.
_________________________________________________________________

Authors: Mindi McDowell, Allen Householder
_________________________________________________________________

Produced 2004 by US-CERT, a government organization.

Note: This tip was previously published and is being re-distributed
to increase awareness.

This document can also be found at

http://www.us-cert.gov/cas/tips/ST04-003.html

Thursday, May 28, 2009

Official Google Blog: Went Walkabout. Brought back Google Wave.

Official Google Blog: Went Walkabout. Brought back Google Wave.

This is an interesting development on collaboration. As I understand, Google Wave is a realtime collaborative (as in online) tool that mixes collaborative document management (ie, creating, editing, sharing and publishing) and communication. It is like (to my limited understanding) having a whole page of your instant messenger where you also display your online documents, videos, images and other digital content.

I am very interested in how this can be applied to education. Expect me to blog about this after I use it. If you are interested, try going to the website at http://wave.google.com.

Wednesday, May 27, 2009

Using your mobile phone as a high speed modem - Part 2

Previously, I have blogged about my intent of using the mobile phone as a high speed modem. I indicated there that I will try it so that I can post about it.

Well, I got myself a Samsung SGH-U800 phone, a relatively affordable (ie, cheap) phone which, among other things, is HSDPA-capable. I was afraid that it would not work (considering I gave up my dual-active China mobile phone with television and I paid for the Samsung phone 7+++.++), but I am so thankful when I tried it and it worked.

How fast was it?
I used Azureus Torrent client and it came to a high of 220 kbps (3G speed) at 10 am. It was fast (faster than the connection at UP Manila at peak times), and I was mobile. (I have used only for fifteen minutes because I need to go back to admin work.)

Click here to see what HSDPA promises (Globe website).

System Requirements
Before continuing, let's check the requirements:
  • A 3G/HSDPA mobile phone. How will you know? Check the features list of your mobile phone. If it says it has 3G but has no HSDPA, then it does not have HSDPA. It is fast, but not as fast as HSDPA.
  • Software for your mobile phone (particularly if you have Windows)
  • Computer with USB port (some mobile phones allow Bluetooth)
  • Credit (load) on your mobile service (3G/HSDPA is a paid service.
  • A browser or any Internet software.
How to Connect
So, how did I do it?

For Windows: It consists of three parts: 1) Enable your mobile phone and your SIM for 3G/HSDPA; 2) Install the mobile phone software on your computer; and, 3) Connect to the internet using the mobile phone as modem.

For Ubuntu: It consists of 2 parts: 1) Enable your mobile phone and your SIM for 3G/HSDPA; and, 2) Connect to the internet using your mobile phone as modem.

For the first part, it is best that you contact the customer service representative of your mobile service provider (ie, Globe, Smart, Sun, Red). If you are a Globe postpaid subscriber, as far as I know, your SIM is pre-activated for 3G (together with HSDPA*). If not, send GO to 2951. You will then be sent instructions on how to do it. For Smart and Sun, no idea, contact your CSR.

*Please note that having a 3G phone does not mean you also have HSDPA. HSDPA runs on top of the 3G technology. Check the features of your phone to see if it indeed has HSDPA functionality.

Once that is done (you have confirmed that your phone has 3G/HSDPA enabled), you now install your mobile phone software. If your phone has a CD with it, now is the time to install it (if you have Windows). If you use Ubuntu Linux, skip this part. If you have Mac, check if the CD with your mobile phone also is applicable for your Mac.

After installing the software, connect the phone to your PC (in my case, a laptop). Usually, there is a USB data cable for 3G/HSDPA-capable phones.

If you use Ubuntu 9.04, it practically ends here. A pop-up would appear at the upper-right hand of your screen saying it detected a USB modem. It will show you a list of networks (Globe, Globe WAP, Smart Telecom, etc.). Select your network of course. For me, I selected "Globe Telecom" (without the "WAP").

It will then show a pop-up sign saying that if you want to connect, click there. In my case, I missed it, so I just clicked the network icon (the four vertical bars indicating wireless signal strength), then selected Globe Telecom. It will ask for username and password. Just leave them blank and select "Dial" or "Connect." Once it finishes the handshake, it should say that you are now connected to the Globe Telecom network.

I opened my Firefox and Pidgin, and I got connected!

If you use Windows (XP in my case), open the mobile phone software, connect the mobile phone to the laptop. Wait for the process to finish detecting the phone (In my case, the software indicated it detected the SGH-U800 phone), then click the option for networking.

It may prompt you for username and password. As in Ubuntu, leave them blank. Windows would tell you something about using sending username and password on unencrypted network. Basically, you ignore this since there is no username and password. Click "Dial" or "Connect," wait for the handshake, and the pop-up should appear at the lower righthand side of your screen indicating the speed of your connection. When you receive this, that means you are connected already.

The next time you want to connect with your mobile phone and you use Windows, you just connect your mobile phone to your computer, and then double-click the dial-up connection icon with the symbol of your mobile phone.

Reminders:
  • If you are used to connecting your laptop to the UP Manila network, remember to disable the proxy settings.
  • If you use an Acer laptop with webcam, you would experience the webcam being disabled. I don't know why it happened, but it did. I know it is because of the Samsung software because when I uninstalled the software, the webcam worked again.
Using your mobile phone as a high speed modem is a viable and cost-effective alternative to getting USB devices (eg, Globe Broadband Tattoo and Smart Bro Prepaid) which requires you to get another number. Since you do not use your mobile phone 24 hours a day, you could use it at night, during the day or on the road (with your laptop), to connect to the internet where there is 3G/HSDPA signal.

To know if you have 3G signal at your location, try this site: Globe. Click Item number 16, "LOCAL COVERAGE."

Other considerations
Please note that since you will install another software in your computer, this software which will run will consume memory (or affect speed of your computer). While the speed of your computer may not noticeably change, the presence of another software running means programs may react slower than without that program.

Please note also that service providers have different billing schemes (time-based or KB-based). Make sure to take note which one is enabled in your SIM or you might get surprised with the bill.

Concluding Remark
HSDPA by Globe or any service provider is subject to certain technical limitations. Since I have no use for them I have not tried using Globe HSDPA for SSH, VPN, or other highly technical modes. For basic browsing, chat, email and content downloading and uploading, as far as I know, it works.

If you need assistance, ask me. I appreciate your feedback.

Disclaimer: I am not promoting Globe. I use it as an example because that is the one I have.
Update: I'll see if I can update this to include screenshots from Windows XP and Ubuntu.

Thursday, May 21, 2009

Choosing and Protecting Passwords

Cyber Security Tip ST04-002

Introduction

Passwords are a common form of authentication and are often the only barrier
between a user and your personal information. There are several programs
attackers can use to help guess or "crack" passwords, but by choosing good
passwords and keeping them confidential, you can make it more difficult for
an unauthorized person to access your information.

Why do you need a password?

Think about the number of personal identification numbers (PINs), passwords,
or passphrases you use every day: getting money from the ATM or using your
debit card in a store, logging on to your computer or email, signing in to
an online bank account or shopping cart...the list seems to just keep
getting longer. Keeping track of all of the number, letter, and word
combinations may be frustrating at times, and maybe you've wondered if all
of the fuss is worth it. After all, what attacker cares about your personal
email account, right? Or why would someone bother with your practically
empty bank account when there are others with much more money? Often, an
attack is not specifically about your account but about using the access to
your information to launch a larger attack. And while having someone gain
access to your personal email might not seem like much more than an
inconvenience and threat to your privacy, think of the implications of an
attacker gaining access to your social security number or your medical
records.

One of the best ways to protect information or physical property is to
ensure that only authorized people have access to it. Verifying that someone
is the person they claim to be is the next step, and this authentication
process is even more important, and more difficult, in the cyber world.
Passwords are the most common means of authentication, but if you don't
choose good passwords or keep them confidential, they're almost as
ineffective as not having any password at all. Many systems and services
have been successfully broken into due to the use of insecure and inadequate
passwords, and some viruses and worms have exploited systems by guessing
weak passwords.

How do you choose a good password?

Most people use passwords that are based on personal information and are
easy to remember. However, that also makes it easier for an attacker to
guess or "crack" them. Consider a four-digit PIN number. Is yours a
combination of the month, day, or year of your birthday? Or the last four
digits of your social security number? Or your address or phone number?
Think about how easily it is to find this information out about somebody.
What about your email password—is it a word that can be found in the
dictionary? If so, it may be susceptible to "dictionary" attacks, which
attempt to guess passwords based on words in the dictionary.

Although intentionally misspelling a word ("daytt" instead of "date") may
offer some protection against dictionary attacks, an even better method is
to rely on a series of words and use memory techniques, or mnemonics, to
help you remember how to decode it. For example, instead of the password
"hoops," use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all." Using
both lowercase and capital letters adds another layer of obscurity. Your
best defense, though, is to use a combination of numbers, special
characters, and both lowercase and capital letters. Change the same example
we used above to "Il!2pBb." and see how much more complicated it has become
just by adding numbers and special characters.

Longer passwords are more secure than shorter ones because there are more
characters to guess, so consider using passphrases when you can. For
example, "This passwd is 4 my email!" would be a strong password because it
has many characters and includes lowercase and capital letters, numbers, and
special characters. You may need to try different variations of a
passphrase—many applications limit the length of passwords, and some do not
accept spaces. Avoid common phrases, famous quotations, and song lyrics.

Don't assume that now that you've developed a strong password you should use
it for every system or program you log into. If an attacker does guess it,
he would have access to all of your accounts. You should use these
techniques to develop unique passwords for each of your accounts.

Here is a review of tactics to use when choosing a password:
* Don't use passwords that are based on personal information that can be
easily accessed or guessed.
* Don't use words that can be found in any dictionary of any language.
* Develop a mnemonic for remembering complex passwords.
* Use both lowercase and capital letters.
* Use a combination of letters, numbers, and special characters.
* Use passphrases when you can.
* Use different passwords on different systems.

How can you protect your password?

Now that you've chosen a password that's difficult to guess, you have to
make sure not to leave it someplace for people to find. Writing it down and
leaving it in your desk, next to your computer, or, worse, taped to your
computer, is just making it easy for someone who has physical access to your
office. Don't tell anyone your passwords, and watch for attackers trying to
trick you through phone calls or email messages requesting that you reveal
your passwords (see Avoiding Social Engineering and Phishing Attacks for
more information).

If your internet service provider (ISP) offers choices of authentication
systems, look for ones that use Kerberos, challenge/response, or public key
encryption rather than simple passwords (see Understanding ISPs and
Supplementing Passwords for more information). Consider challenging service
providers that only use passwords to adopt more secure methods.

Also, many programs offer the option of "remembering" your password, but
these programs have varying degrees of security protecting that information.
Some programs, such as email clients, store the information in clear text in
a file on your computer. This means that anyone with access to your computer
can discover all of your passwords and can gain access to your information.
For this reason, always remember to log out when you are using a public
computer (at the library, an internet cafe, or even a shared computer at
your office). Other programs, such as Apple's Keychain and Palm's Secure
Desktop, use strong encryption to protect the information. These types of
programs may be viable options for managing your passwords if you find you
have too many to remember.

There's no guarantee that these techniques will prevent an attacker from
learning your password, but they will make it more difficult.
________________________________________________________________

Authors: Mindi McDowell, Jason Rafail, Shawn Hernan
_________________________________________________________________

Produced 2004 by US-CERT, a government organization.

Source: http://www.us-cert.gov/cas/tips/ST04-002.html

Monday, May 18, 2009

Official Gmail Blog: Tasks, now in Calendar too

Official Gmail Blog: Tasks, now in Calendar too

This new feature in Google Calendar makes listing tasks related to events easier to manage. This is particularly useful to managing numerous tasks related to an event, instead of listing the tasks as numerous events in your Google Calendar.

If you read my previous post about "Free SMS Pre-Event Reminder?" you would already be familiar with the creative and useful feature of Google Calendar and in using it as a reminder. With this additional feature of Tasks, it will help event managers (be it a big event such as a conference or small event as in committee meeting) in preparing by having the option to identify specific tasks with identifiable outcomes or outputs.

Go to the readable blog post here.

Friday, May 15, 2009

Online Journal Options

The Office of the Dean is currently looking into the feasibility of setting of up an online journal. It might be an online version of the UP Manila Journal or a college-based peer-reviewed journal.

An online journal is not that difficult to implement--thanks to open source systems. And the idea is not that too alien, either. UP Diliman and UP Los Banos both have online journals using the system provided by the Public Knowledge Project.

There are two ways to implementing the Open Journal System (OJS):
  • You can set up the journal which INASP will host (easier to maintain--if at all--but may be a bit long to initiate due to legal requirements, but not so much).
  • Download the OJS code to the organization's server and implement it from their end (might need a bit of technical know-how, but is faster as the code is available at the site).
Either way, the system allows the journal organization to publish articles and share knowledge to a wider audience (talk about the world) without investing a lot. Further, if the journal is added to the online directory of online journals (eg Open Science Directory and Directory of Open Access Journals), the journal is connected to a global network of knowledge seekers. This helps the journal (and the supporting or host organization) highlight (if not promote) the expertise of its members or researchers, and--more importantly--the knowledge is shared with those who need it. Hopefully, this knowledge-sharing attitude will result in more effective and efficient ways of resolving concerns the journal organization seeks to address.

The online journal promises many benefits that the printed version cannot give. It even reduces the required library space for journals, and the journal is accessible anytime (no need to have the library open 24 hours). Of course, I like reading from a piece of paper or book, but you can always print the online journal (reducing the cost of printing for the organization).

Sources:
Public Knowledge Project
International Network for the Availability of Scientific Publications or INASP
Open Science Directory
Directory of Open Access Journals
UP Diliman Journals Online
UPLB Journals Online

Acquiring and Managing Electronic Journals. ERIC Digest.
"Electronic Journal Frequently Asked Questions" Prifysgol Aberystwyth University.

All links accessed May 16, 2009.

Tuesday, May 12, 2009

Using your mobile phone as highspeed modem

Globe, Sun and Smart probably would be hunting me when they read this post. With the idea that has been in existence (but not promoted extensively) since GPRS was born, using the existing device (your mobile phone) to connect to the Internet instead of buying the USB adapter which costs average of PhP 1,800 is a great idea and more cost-effective.

What am I talking about?
If you have a mobile phone which has 3G or HSDPA feature, then you can use that to connect to the internet, having the same speed as that of SmartBro, Globe Tattoo or Sun Broadband.

(Actually, instead of looking at it that way, think of it the other way: SmartBro, Globe Tattoo and Sun Broadband use the same technology as using your cellular phone as modem. The USB adapters you use actually have mobile phone accounts, which is why you have to load them with credits, at any loading station!)

How exactly do you do that?
Google this topic " SPACE Philippines SPACE Using cellphone as modem HSDPA."

Try it.

I will try it as soon as I get my mobile phone with 3G. I use Globe. I'll post the results here.

(Although I may not have the experience of configuring it, I saw my professor in Management Information Systems (Master of Management) do it for our class at CAS - UP Manila. It works!)

Limitations
Any limitation that the 3G/HSDPA USB adapters would have. That means, if you cannot connect to WAP using your mobile phone, definitely, you cannot use it to connect to the Internet as a modem. They use the same signal/channel.

I am not sure, but I think if you are online, and someone calls your mobile phone, it might get disconnected. But I am not sure. I'm inclined to compare it to DSL (you are online even if someone is using the phone) than to dial-up internet connection (disconnects when you get a call). Any ideas on this will be welcome.

Additional Resources
For Globe Users, try this link.
If you're using Sony Ericsson with 3G/HSDPA, click here.
For Sun users, try reading here.

Saturday, May 9, 2009

Recovering deleted files easily (even if you have deleted them in your Recycle Bin)

I have deleted some files in the past month or so, and today realized that I needed them. So I had to try to find a way to delete files which I also deleted in the "Trash" folder of my Ubuntu. I thought I had to download the big video files again, but I learned better.

Using PhotoRec, I was able to recover those files. And it was easy.

It uses a somehow scary command line interface, but the how-to provided made it so easy--whatever operating system your computer may have.

PhotoRec works with Linux, Mac and Windows. So if you ever deleted something (whether using the graphical interface or command line), there is still hope.

If you need help on how to use this, you know where to find me.

Source: http://www.cgsecurity.org, accessed May 10, 2009.

Wednesday, May 6, 2009

Why is Cyber Security a Problem?

Re-published from US-CERT Cyber Security Tip ST04-001
========================================================================

You've heard the news stories about credit card numbers being stolen
and email viruses spreading. Maybe you've even been a victim yourself.
One of the best defenses is understanding the risks, what some of the
basic terms mean, and what you can do to protect yourself against
them.

What is cyber security?

It seems that everything relies on computers and the Internet now --
communication (email, cellphones), entertainment (digital cable,
mp3s), transportation (car engine systems, airplane navigation),
shopping (online stores, credit cards), medicine (equipment, medical
records), and the list goes on. How much of your daily life relies on
computers? How much of your personal information is stored either on
your own computer or on someone else's system?

Cyber security involves protecting that information by preventing,
detecting, and responding to attacks.

What are the risks?

There are many risks, some more serious than others. Among these
dangers are viruses erasing your entire system, someone breaking into
your system and altering files, someone using your computer to attack
others, or someone stealing your credit card information and making
unauthorized purchases. Unfortunately, there's no 100% guarantee that
even with the best precautions some of these things won't happen to
you, but there are steps you can take to minimize the chances.

What can you do?

The first step in protecting yourself is to recognize the risks and
become familiar with some of the terminology associated with them.
Hacker, attacker, or intruder - These terms are applied to the people
who seek to exploit weaknesses in software and computer systems
for their own gain. Although their intentions are sometimes fairly
benign and motivated solely by curiosity, their actions are
typically in violation of the intended use of the systems they are
exploiting. The results can range from mere mischief (creating a
virus with no intentionally negative impact) to malicious activity
(stealing or altering information).
Malicious code - This category includes code such as viruses,
worms, and Trojan horses. Although some people use these terms
interchangeably, they have unique characteristics.

* Viruses - This type of malicious code requires you to actually do
something before it infects your computer. This action could be
opening an email attachment or going to a particular web page.
* Worms - Worms propagate without user intervention. They typically
start by exploiting a software vulnerability (a flaw that allows
the software's intended security policy to be violated), then once
the victim computer has been infected the worm will attempt to
find and infect other computers. Similar to viruses, worms can
propagate via email, web sites, or network-based software. The
automated self-propagation of worms distinguishes them from
viruses.
* Trojan horses - A Trojan horse program is software that claims to
be one thing while in fact doing something different behind the
scenes. For example, a program that claims it will speed up your
computer may actually be sending confidential information to a
remote intruder.

This series of information security tips will give you more
information about how to recognize and protect yourself from attacks.
_________________________________________________________________

Authors: Mindi McDowell, Allen Householder
_________________________________________________________________
Produced 2004 by US-CERT, a government organization.

Terms of use

<http://www.us-cert.gov/legal.html>

This document can also be found at

<http://www.us-cert.gov/cas/tips/ST04-001.html>

Monday, May 4, 2009

Home security myths

This is a post from PC Doctor, a blog which I follow. I hope you find it informative and useful.

====================

I keep coming across loads of home security myths on forums an din blog posts on the web. Most of these myths start out as good intentions but spread widely to become damaging urban myths.

Here are a few for you:

  • Hiding the SSID on your WiFi router makes you safer - it doesn't, and the same goes for MAC ID filtering and switching off DHCP
  • Writing down a password is bad - depends who you are trying to keep out!
  • A really long password is better than one that is 8 to 10 characters long - not usually.
  • You should run more than one antivirus/firewall software - that'll cause more problems than it solves.
  • Trust your security software - no piece of software can replace common sense!
  • Most PC problems are the result of malware/hacker - no, most problems are down to the user!
  • Most data loss is down to hacker/malware - again, no
  • If you see HTTPS in the address bar of a browser, you are safe - there's a lot more to it than that.
======================
Source: http://www.pcdoctor-guide.com/wordpress/?p=5017

Why you should subscribe to blogs

Why should you subscribe to blogs? For that matter, why should you click that orange icon in this blog?

Before I answer that question, I would have to introduce the idea of readers. A readers is a software (which maybe an online or computer-based application) pulls new information from an online source to your computer. Readers are related to RSS. RSS is a topic of its own, but in the interest of blogging, let’s define RSS as a system (a feed) that allows a blogger to easily announce to the subscribers that there is new content to the website.

If you have a Yahoo! Mail account, you might have come across the My Yahoo! Homepage, which is essentially a start page. There, you could add a certain blog or any RSS feed, and your page would just display if there is new content (or post). There is a similar feature in iGoogle (Google’s user-based homepage). Mozilla Firefox and Thunderbird also have readers. The software (or the Start Page) will just display the headline, and you have the option to download the content of that headline if you find it interesting.

Unlike subscribing to newsletters, subscribing to blogs does not require you to reveal personal information (such as email addresses). Also, you only receive information from that source that you need or are interested in, so you will not waste time downloading data that you might then learn you do not need. You will not receive spam from other receivers of that e-group or marketing communication from the e-group administrator.

The summary of this short post answers the question above. When you subscribe to a blog (by clicking the orange icon and then selecting your reader), you (the readers) get update about new content (information) that you may be interested in without revealing your email address and you can select the content that you want to download or read, thus saving you time from downloading the content.

Friday, May 1, 2009

Blogging for learning

You might already be familiar with weblog, or blog (Otherwise, you are NOW reading one.). Blogs, in my observation of faculty members whom I know, are often used to do one or some of the following:

  1. Provide an easy-to-go-to website which contains links to other websites
  2. Announce short messages
  3. Re-publish articles from other websites.

While these are certainly useful support functions to traditional classroom teaching, blogs can be better used as an interactive mode of communication—not just student and teacher, but also student-student and student-other readers.

Blogging, as a communication channel, allows one to communicate with multiple people considering geographically dispersed locations and asynchronous (different times of sending/receiving messages) setup—again, not just between the blogger and the audience, but also between the audience themselves.

Also, blogging allows the blogger to communicate to multiple readers on the Net without the need to ask the audience their email addresses (which is what you would have to do if you were to set up an electronic group).

Considering this potential, blogging should be done with proper and some basic considerations.

Blogging Considerations
Topic – I would suggest that you choose a topic which is specific. When I say specific, I mean not like “marketing” as related to “business,” but rather like “informing and communicating in a public educational institution.” The reason for this is that your blog, as a niche in the Internet world market (with readership as buying), must have a clear offering—how it will benefit your readers. Also, having this specific of a topic allows you to draw from multiple fields of study (that is, cross- and trans-disciplinal) on what to post, which you will integrate. This will allow your post to be practical, not just opinions or theoretical discussion which readers can find elsewhere.

Interactive – Allow in the home page and in every post an opportunity to discuss and react—whether you like the reaction or not. Every reaction is a new content that increases the presence of your site. Also, usually, reactions automatically subscribes the reactor to your blog. That increases your blog readership. Soliciting feedback also gives you other ideas that you might blog about. This makes your blog driven by your readers' interests, which drives their interest and will make them read your blog more often.

Contact the Author – Make sure there are ways of communicating you besides the comment. Some readers might want to contact you for a private message. You do not want to publish your email address, however, as this invites spam. Just consider a “Contact me” page where readers can include their comment/question and their contact email so that you can contact them. Of course, make sure to contact them within a reasonable amount of time, which should be clearly identified in the blog.

Design – Most blogging sites have default designs and layouts. Consider how you can customize it to what is complementary to your topic but is still pleasing to the eyes of your reader. You might also want to consider how it might display in mobile devices as mobile internet is becoming more common.

There are other things that you may consider, but these are basic considerations in using blogging as a learning tool. Like any learning tool, however, consider your learner on how to deliver better the content.

Project Management Software

(Disclaimer: I am not PM-certified.)

If you are familiar with the concept of project management or PM, you might have come across the term project management software. In essence, it is a software that allows the user (usually a project manager or coordinator) to manage events and resources of a project to achieve the project’s objectives or goals.

The most popular PM software is Microsoft Project, which is not included in Microsoft Office suite. MS Project allows the user to break down the project’s tasks, schedules, human resource, and see the status of various activities. I have not used Microsoft Project myself, so I am not in any authority to evaluate its capabilities nor its weaknesses (In fact, I am not speaking in any authority at all! I am just sharing my points of view and experience in using certain systems as a user.).

In any case, what I want to share with you is an opportunity to manage resources, activities and events of a project using free and open source software. You could Google the term “open source project management software” and you would come across probably Wikipedia’s list of project mangement software (here). PMS can be classified based on license or on platform base. According to license, of course, there are open-source and proprietary; according to platform base, there are desktop-based and there are web-based.

From a teacher’s or a faculty administrator’s point of view, a project management software can help one minimize uncertainty and ensure accomplishment of objectives by accomplishment of broken-down activities with specifically identified objectives, schedules and resources.

Take for example, a faculty conference. Any academic activity (particularly in CAS) has a strong academic principle and rationale behind it. Everything is done or happens for a reason. So a certain committee might think of doing something, with the given reasons or assumptions.

The committee may work as the project team (unit, committee, management office, whatever), with one person taking the lead. The project manager is the primary person for the implementation and achievement of the goals identified in the creation of the project (This is where the project charter comes in.).

The PM or his/her executive assistant or the committee’s secretariat will need a strong sense of project management if the conference is to succeed—that is, achieve its objectives both as an academic exercise and as an event to be managed.

This situation presents a need to have a software that helps the person to do just that. Considering the cost of MS Project (which I did not bother researching the price of), I tried searching for open source PM software instead.

Project management software like OpenProj allows you to identify your general objectives, project milestones, human and other resources, identify task predecessors, look at status of different activities, and make necessary adjustments.

A web-based project management software like Collabtive, Zoho Project and dotProject even works better. As it is web-based, the user can assign projects to other users, who can then enter the status of their own part/tasks. As such, status of different tasks is based on input of other people. This also makes management of projects which are geographically dispersed (like research projects in different communities).

What is the cost of open source PMS? Well, if you are not familiar with PMS but you are interested with its potential, the cost is absolutely zero! Why zero? Because you would exert the same (perhaps even less) effort to learn a new software as you would if you were to start learning a proprietary (and expensive) PMS.

Further, using open source PMS allows you to have software without paying for unnecessary features, like server-stuff and email (which I didn’t bother reading about).

Of course, using PMS is not guarantee of success, as PMS only allows one to have better understanding of project and information related to it. It still depends on the project manager on how to respond to contingencies, for example.

In a nutshell, a project management software allows you to manage a project which consists of multiple different types of objectives, resources, activities through easy-to-understand and summary information in one program. And an open source option allows you to do accomplish the objectives with significantly less the cost.

If you have more questions about PM, PMS or related info, just ask!

Sources: (All accessed 1 May 2009)
Wikipedia.org
http://collabtive.o-dyn.de/
http://www.dotproject.net/
http://projects.zoho.com/jsp/home.jsp
http://www.egroupware.org/Home

Monday, April 27, 2009

Swine Flu Phishing Attacks and Email Scams

Original release date: April 27, 2009 at 3:04 pm
Last revised: April 27, 2009 at 3:04 pm


US-CERT is aware of public reports of email scams circulating related
to the Swine Flu. The attacks arrive via an unsolicited email message
typically containing a subject line related to the Swine Flu. These
email messages may contain a link or an attachment. If users click on
this link or open the attachment, they may be directed to a phishing
website or exposed to malicious code.

US-CERT encourages users to take the following measures to protect
themselves:
* Do not follow unsolicited web links or attachments in email
messages.
* Maintain up-to-date antivirus software.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

US-CERT will provide additional details as they become available.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.avertlabs.com/research/blog/index.php/2009/04/27/swine-flue-spam/>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

====
This entry is available at
http://www.us-cert.gov/current/index.html#swine_flu_phishing_attacks_and

Sunday, April 26, 2009

Staying Safe on Social Network Sites

Re-Published from United States Computer Emergency Readiness Team
______________________________
Cyber Security Tip ST06-003

The popularity of social networking sites continues to increase, especially among teenagers and young adults. The nature of these sites introduces security risks, so you should take certain precautions.

What are social networking sites?

Social networking sites, sometimes referred to as "friend-of-a-friend" sites, build upon the concept of traditional social networks where you are connected to new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on establishing business connections.

Although the features of social networking sites differ, they all allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, email, instant messenger) that enables you to connect with other users. On some sites, you can browse for people based on certain criteria, while other sites require that you be "introduced" to new people through a connection you share. Many of the sites have communities or subgroups that may be based on a particular interest.

What security implications do these sites present?

Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same amount of caution as they would when meeting someone in person because

* the internet provides a sense of anonymity
* the lack of physical interaction provides a false sense of security
* they tailor the information for their friends to read, forgetting that
others may see it
* they want to offer insights to impress potential friends or associates

While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information that's available. The more information malicious people have about you, the easier it is for them to take advantage of you. Predators may form relationships online and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack (see Avoiding Social Engineering and Phishing Attacks for more information). Using information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data.

Additionally, because of the popularity of these sites, attackers may use them to distribute malicious code. Sites that offer applications developed by third parties are particularly susceptible. Attackers may be able to create customized applications that appear to be innocent while infecting your computer without your knowledge.

How can you protect yourself?

* Limit the amount of personal information you post - Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections.
* Remember that the internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines (see Guidelines for Publishing Information Online for more information).
* Be wary of strangers - The internet makes it easy for people to
misrepresent their identities and motives (see Using Instant Messaging and Chat Rooms Safely for more information). Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.
* Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, an exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taking any action.
* Evaluate your settings - Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile. You can customize your settings to restrict access to only certain people. However, there is a risk that even this private information could be exposed, so don't post anything that you wouldn't want the public to see. Also, be cautious when deciding which applications to enable, and check your settings to see what information the applications will be able to access.
* Use strong passwords - Protect your account with passwords that cannot easily be guessed (see Choosing and Protecting Passwords for more information). If your password is compromised, someone else may be able to access your account and pretend to be you.
* Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam (see Reducing Spam for more information). Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join.
* Use and maintain anti-virus software - Anti-virus software recognizes most known viruses and protects your computer against them, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

Children are especially susceptible to the threats that social networking sites present. Although many of these sites have age restrictions, children may misrepresent their ages so that they can join. By teaching children about internet safety, being aware of their online habits, and guiding them
to appropriate sites, parents can make sure that the children become safe and responsible users (see Keeping Children Safe Online for more information).
_________________________________________________________________

Author: Mindi McDowell
_________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Note: This tip was previously published and is being re-distributed to increase awareness.
____________________________________

While this article is from a US government agency, I believe that the tips here are practical and necessary for everyone's peace of mind when using social networking sites.

Friday, April 17, 2009

To save or not to save: Passwords and your laptop

Should you save your passwords in your browser if you log in to websites using your laptop?

I would recommend that you use the password saving option of your browser if you:
  • are careful of websites where you go to
  • are careful of software that you download or install
  • are the only one using your laptop or you are mindful of people who use your laptop
  • clear your browsing history appropriately.
I do not recommend saving your password in a browser if you:
  • are not careful of websites where you go to (i.e., you go to websites which are prone to malicious software, such as porn sites)
  • are not careful of software that you download and install (you might actually be downloading a virus, a Trojan, or a worm).
  • too many people use your laptop and you do not consider how they use your laptop (security-wise)
  • do not clear your browsing history at all.
Security is everybody's concern. The first level of security should start with the user. And forget about hackers. When you consider security, consider virus, rogue virus, spyware, and data loss.

Thursday, April 16, 2009

Free SMS Pre-Event Reminder?

You probably have a cellular phone. It probably has a reminder/calendar/memo function--the one which alarms when the time and date you set it to remind you of something, like to give a speech, prepare a lesson plan, or buy a mouse. That's good.

However, usually, we want a reminder before the event. Most of the phones I had will only remind me that the event is happening now, which is practically useless, because I would have been in no position to make adjustments. Some cellular phones do have one--pre-event reminders--but it has limited capability to have multiple reminder (What for? How about preparing for a speech, when you have to be reminded to write a speech two days before the event, to print it night before the event, and to consider the travel time two hours before the event, and to practice it an hour before the event?).

In any case, another option that you have is to use Google Calendar's SMS reminder. This is a free service.

In order to be reminded prior to the event, you need to do things: 1) Register your mobile phone number; and, 2) Set up the reminder for every event that you are going to enter in your Google Calendar.

Setting up your mobile phone service to receive SMS reminders
  1. To set up your mobile phone service to receive free SMS reminders, log in to your Google (or @post.upm.edu.ph) email. Then click "Calendar" at the top of the page.
  2. Or you can go to Google Calendar's URL, http://www.google.com/calendar. If you have an @post.upm.edu.ph, the URL for the Calendar is http://www.google.com/calendar/hosted/post.upm.edu.ph
  3. Then go to "Settings." The link is found both at the upper-right hand of the page and at the left side of the page.
  4. Click "Mobile Setup" (obviously!).
  5. Enter your mobile number inthe field that says (surprise!) "Phone Number." (as of the moment of this post, Globe and Smart (and their sub-networks, TM and TNT, respectively) are recognized carriers. (Sun and Red subscribers, sorry...)
  6. Select your carrier from the drop-down menu, if applicable. However, if you see the link See Help Center for supported providers, please check if your provider is supported before requesting your verification code.
  7. If your carrier is supported, click the Send Verification Code button, and you'll get a text message on your phone.
  8. Once you receive this message, enter the code you received into the 'Verification code' box and click the Finish setup button.
That's it. Your mobile phone is now set up to receive SMS reminders.

Setting up a reminder
  1. If you have used Google Calendar, this should be easy. If not, just log in to your Google Calendar, select the schedules where the event is supposed to happen. You can do this by clicking and dragging your mouse on the schedules/periods when the event is supposed to happen. This will open a balloon. You can enter there the name of the event.
  2. After entering the event, click "Edit Event Details." This will open the details of that particular event.
  3. When the new page comes up, look at the lower part of the page, where you should see the available types of reminders. Make the appropriate adjustments, and remember to click "Save" at the top of the page.

For more information about Google Calendar and other options, such as setting up the default notification for new reminders and changing reminders, you can go here.

Source:
Google Calendar Help.

Friday, April 3, 2009

Switching to Ubuntu

You have been using a computer and your definition of a computer is a PC. If you are old (and I mean old in computer use context), you started probably with Wordstar 4.0 (like me) or WordPerfect (don't know what version). The last version of Windows you have used maybe Windows 2000, XP or Vista.

You saw ads and reviews of Windows 7. You recently used Microsoft Office 2007. But you also heard of this "free" software called Linux, and you saw the seemingly impressive and Windows-like interface in particular of Ubuntu. You became interested.

You contemplate on switching to Ubuntu. I don't want to talk about the pros and cons, but I guess it can't be helped. I'll just probably discuss basics, then give you some things to contemplate on regarding switching operating systems.

Pros:
  1. Ubuntu is free--like FREEDOM. Read.
  2. Ubuntu is stable.
  3. Technical support is available via paid (Commercial) or via Ubuntu Forums.
  4. Ubuntu is secure. Your computer will not do anything without your knowledge or permission.
  5. Impressive effects (right on the desktop!).
Cons:
  1. Requires learning (but not so much, because the interface is very similar to combined Windows and Mac). Unlike previous Ubuntu versions, Ubuntu 8.10 Intrepid Ibex (that's the codename) has GUI (graphic user interface, meaning menus you click) for everything. You don't have to remember command lines like you may have done with MS-DOS 6.11.
  2. May have compatibility issues (if you were using specialized software, such as non-linear editing software for videos or high-end publishing application like Adobe Pagemaker), but these will soon be resolved as the open source community is working on bridging the compatibility gap fast.
  3. Compatibility issue with people whom you are dealing with.
  4. Takes some effort in finding the application that deals exactly with your issue. This is because of the open source nature of applications in a Linux/Ubuntu operating system.
There are many things to really consider if you have specialized needs, but if you are a typical user of computer--that is, you use a computer to type documents, paste pictures, calculate using a spreadsheet, create presentations, maybe make a few songs or videos, Windows XP and Ubuntu 8.10 are pretty much the same.

Switching?
Now comes the answer to your question. Should you switch? By all means, because I am an open source enthusiast! However, I do not recommend doing so without due consideration. I would suggest rather that you try it without throwing your current system all away.

And with Ubuntu Linux, you can. I did this by running the Ubuntu installation CD inside the Windows operating system.

Doing this is running Ubuntu Linux. You would forget about Windows running on the background because it will run everything that you can do as if it were running solely in your hardware.

While trying it, try to do the following:
  1. Try to do the things that you normally do with your previous operating system.
  2. Think of the worst thing that you would have to do with your previous operating system. For example, running ten applications at once (!).
  3. Try to do the most complicated thing that you have done with your previous system.
  4. In the end, try to do a cost-benefit analysis. Cost would be the learning curve and the effort to learn, and probably compatibility issues. Benefit would be continuous free update, secure system, and learning something new!
Read also the system requirements of ubuntu. As of this writing, Ubuntu 8.10 is the latest stable version, while 9.4 is in Alpha 3 stage.

Bare Minimum Requirements:
  • 300 MHz x86 processor
  • 64 MB of system memory (RAM)
  • At least 4 GB of disk space (for full installation and swap space)
  • VGA graphics card capable of 640x480 resolution
  • CD-ROM drive or network card
Recommended System:
  • 700 MHz x86 processor
  • 384 MB of system memory (RAM)
  • 8 GB of disk space
  • Graphics card capable of 1024x768 resolution
  • Sound card
  • A network or Internet connection (for your updates) (from www.ubuntu.com, accessed April 4, 2009).
I have tried installing the Ubuntu 8.10 on a 4-gigabyte storage, 512-megabyte memory Asus eeePC. It works. However, it has to use a memory card for storage of files.

Happy experimenting! If something fails, you should know where to find me.