Monthly Archives: August 2013

Is the privacy of your email a real concern?

So, users of Google Apps for Business, are you OK with Google reading your commercial email?

Last week’s revelation that users of Googles email services should have no expectation of privacy, caused quite a stir. Even when this was clarified as applying only to the privacy of emails sent to Google users, it was still a shock to some.

In case you missed all this, Google was submitting a Motion to Dismiss in response to a class action suit. The salient words are…

Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed,”a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” (my emphasis)

This was later clarified and justified on the basis that:

  • the text is not about users of Gmail, but rather people to send emails to users of Gmail (presumably including other Gmail users)
  • this indeed is what US Law dictates.

For a fuller explanation of the issues, visit Naked Security

My view is that if it prompts more businesses, and individuals, to pay attention to their information security, then it will have been good thing.

Misconceptions about information security

I find that most people suffer from a number of misconceptions when it comes to the privacy of their data in the online world:

  1. They think that sending an email is like sending a letter: i.e. the contents are sealed. It isn’t, unless you have taken additional measures like encryption.
  2. They adopt the view that if you haven’t done anything wrong then you have nothing to hide.

Both statements are plainly not true if you are using Gmail for business purposes. Do you really want Google looking through your correspondence with clients, with accountants, or, perhaps most worrying, your legal representatives?

Of course there’s no suggestion that a human being is trawling through your emails. In fact it’s an automaton that is trying to profile you in order to target advertising more effectively.

In of itself this may be a good thing. After all, if we must be bombarded with adverts, at least if they are relevant, it’s maybe not as bad as random ads of no interest. I appreciate this is being a bit too forgiving; but after all, everybody’s got to make a living πŸ™‚

Of greater concern is the potential for the automaton to get it wrong.

How it can all go wrong

Take a look at this Forbes article. It illustrates how Target used data collected from their website to predict that a teenage girl was pregnant and then use that knowledge to target[sic] her with maternity products. It may be an anecdote, but it shows how everything you do online can be aggregated and maybe used against you.

The lesson

The lesson is to be more aware of the implications of living your life online. Whilst you can take measures to reduce your digital footprint, as Tom Henderson did, for most people this will be over the top. However, at least realise this problem exists and take measures where you feel it is appropriate: e.g.

  • by installing something like OpenPGP and using it to encrypt and digitally sign sensitive email correspondence;
  • or by installing TrueCrypt to create an encrypted virtual disk on your computer, or on your cloud storage service.

Can I help you?

If you’ve found any of this interesting, or if you disagree, let me know in the comments. If I can advise you further on your specific issues, let me know through the comments.

What’s your business side-line?

What other sources of revenue do you have that keep you busy when your main business is slow?

This was the topic of conversation at this morning’s Pitch and Mix in Cambridge.

Many freelancers and micro business owners have more than one source of revenue. This may be because their main business is seasonal, or maybe it just doesn’t generate enough revenue.

Examples that were given were: renting out spare rooms in your house; selling stuff on Ebay; and various Network Marketing programmes. The best idea however, was probably busking!

There was a general feeling that if you have spare time, the best place to invest it is in your primary business. Use your time to improve your product or service; improve your message; or get more customers. However, for some people this isn’t an option: mainly because their business is seasonal. Let’s face it, not many ice creams get sold from vans during December!

Pitch and Mix

In the absence of Massimo, I ran this morning’s meeting, so I thought I’d write it up. Pitch and Mix is a weekly meeting that is held every Thursday morning at Clowns in King Street, Cambridge.

  • We start the formal proceedings at 09:15 with short introductions.
  • We then give up to six people the opportunity to have up to three minutes to tell us more about them, what they do, what they’re looking for, or to practise a pitch.
  • After this we spend the time up to 10:00 discussing a topic of mutual interest. Most, but not all, topics are of general interest to a micro business owner or entrepreneur, and focus on business, marketing and sales issues.

It’s a tried and tested format that works. We regularly have more than 20 people in the room, though our limit is 25.

Why not come along and see it action for yourself? Go to Meetup.com and join the group. We’d love to see you, and the coffee is superb πŸ™‚

Using OpenIndiana as a file server

I’ve talked before about using ZFS as the basis for a file server that contains valuable information; like family photos and music collections. My first attempt at this was to use Ubuntu as the basis for the server and add the ubuntu-zfs package so that I could create and manage ZFS pools. The performance wasn’t great with this solution, so I’m taking another approach: using OpenIndiana to deliver a set of ZFS volumes to a separate installation of Debian (I’ve become disillusioned with Ubuntu of late. Basically, I don’t like the new UI).

Architecture

  • The base hardware is the same as before, except that I am adding 2 off 64GB Solid State Disks (SSDs) and a 16GB SSD
  • VMware vSphere is installed on the 16GB SSD
  • A new Host Bus Adapter (HBA) with the current 2 off 3TB disks is passed through ESXi
  • OpenIndiana is installed into the first VM and configured to use the 2 off 64GB SSDs as a ZFS Mirror for its root pool
  • The existing ZFS pool is then imported into OpenIndiana and the appropriate volumes exported as NFS mounts
  • A new ZFS Volume is created to hold further VMs and exported back to ESXi as an NFS mountpoint
  • Debian is then installed into a new VM and used to serve the various NFS resources to the house clients.

This may sound a bit complex, but it gives some significant advantages:

  • ALL filesystems (apart from the very small ESXi filesystem) are created on redundant ZFS volumes.
  • Client operating systems like Debian (and Windows Server 2012) can benefit from the speed and integrity of ZFS without being aware of it.
  • There’s no need to add non-standard additions into Debian for it to take advantage of ZFS.

Progress

So far, I have been playing with OpenIndiana to get used to it. I’ve replaced the Ubuntu/ubuntu-zfs combination with OpenIndiana to gain speed and more functionality.

This is only a first step. Once I have the SSDs and a replacement for the existing HBA, I’ll install vSphere and build up.