5 COMPLEXITY IS THE NEW REALITY

Even if you don’t accept the ecological metaphor, there’s no doubt that our emerging information environment is more complex – in terms of numbers of participants, the density of interactions between them, and the pace of change – than anything that has gone before. This complexity is not an aberration or something to be wished away: it’s the new reality, and one that we have to address. This is a challenge, for several reasons. First, the behaviour of complex systems is often difficult to understand and even harder to predict. Second, and more importantly, our collective mindsets in industry and government are not well adapted for dealing with complexity. Traditionally, organisations have tried to deal with the problem by reducing complexity – acquiring competitors, locking in customers, producing standardised products and services, etc. These strategies are unlikely to work in our emerging environment, where intelligence, agility, responsiveness and a willingness to experiment (and fail) provide better strategies for dealing with what the networked environment will throw at you.

Another bullet point: Disruption Is A Feature, Not A Bug.

I had a loong evening a couple of weeks ago struggling to get my shiny new Motorola Droid (running Android 2.1) to synchronize Contacts, Calendar and Mail with my Microsoft Exchange 2007 server. Although I love the phone as a stand-alone phone, obviously for work purposes the ability to sync and sync properly with Exchange is a make-or-break feature.

There have been numerous reports of issues with Exchange synchronization and Droids. I spent the better part of yesterday afternoon and well into the night pouring over them. In the end my problem was simply a faulty configuration of the firewall rule that prevented the Droid from making an SSL connection to our server on port 443. Doh!

In fact, most of the issues I read about seem to involve server configuration problems, not Droid feature related. Once I got my server configuration and firewall settings sorted, everything worked a treat with no third party applications required.

If you are an end-user without control of your company’s servers, most of this will be useless to you. For Exchange admins, here is the rundown.

System Requirements

• Exchange 2000 Not supported.
• Exchange 2003 Service Pack 2 required. I would recommend at least R2. But if you don’t have R2 and it doesn’t work, you are probably going to want to upgrade to 2007 anyway.
• Exchange 2007 Service Pack 2 required.

Sync Methodology
Droid prefers Exchange ActiveSync. This will produce the best results with regards to synchronization of sub-folders and inclusion of attachments.

SSL is supported. Forms-based authentication with Active Sync is not. See the awesome Daniel Petri for a breakdown of your options and implementation. They are basically: turn off forms-based authentication (bad!), install a dedicated front-end server (very good but expensive), create a virtual OWA directory that does not require FBA (okay but kind of tricky).

Also not supported: Pasword security and remote wipe. (As of Android 2.1) Be aware that these are deal-breakers for many businesses that have strict regulatory requirements.

Client Certificates are a bit of a problem. There are work-arounds. Manual install of certs can be an issue. The consensus seems to be to configure Outlook Web Access to push a certificate to the client. Then use the Droid browser to go the OWA site and accept the cert.

Configuration
The official Motorola Exchange configuration settings are here. It breaks down like this:

• Exchange 2003 SP3
  1. In Exchange System Manager expand Global Settings. Select Mobile Services and get properties.
  2. Make sure the Enable Unsupported Devices box is checked. Click the Device Security button.
  3. In the Device Security dialog check the bottom option, Allow access to devices that do not fully support password settings. Note, this will not affect devices that support the other features. They will still be enforced.
• Exchange 2007 SP2
  1. Open Exchange Management Console, expand Organization Configuration, then Client Access
  2. You will need to either change or create a new Active Sync Mailbox Policy by checking the box, “Allow non-provisionable devices.” This setting and policy will not affect other devices that do fully support Exchange security policies. They will continue to function normally.
  3. If you changed the default policy you are done, otherwise proceed to the next step.
  4. Now go to Recipient Configuration and select the mailbox(es) that you wish to allow Droid access. Select the mailbox properties, then the mailbox features tab, select Active Sync and click the properties button.
  5. If you created a new policy, apply the new non-provisioned device policy to this mailbox. Apply, close all windows.

Once I got that all done the Droid mail, calendar and contacts all synchronized flawlessly, including sub-folders using the native programs. I get my attachments properly and the push synchronization works fairly well. Sometimes I do have to manually refresh the link. I haven’t tried out-of-office yet.

For some users whose Excahnge servers and profiles are just too… weird for the native Droid apps, Nitro Desk makes a very good third-party Exchange sync and mail-calendar-contact-task management app called Touchdown. A 30 day demo is free on the Marketplace but the full version is $19.99.
Troubleshooting

• The Exchange Remote Connectivity Analyzer is awesome. It provides a test bed for the authentication methodologies available to Droid and gives connection logs that can help pinpoint problems. In my case it was the tool that told me that the server was not responding to requests to set up the SSL connection.
• In order for folders to sync they have to be nested within the Inbox. Folders outside of that hierarchy may not sync at all.

Now, must get our Exchange server patched to allow for sync.

Why, you make everyone a contractor.

IT giant IBM told Personnel Today that the firm’s global workforce of 399,000 permanent employees could reduce to 100,000 by 2017, the date by which the firm is due to complete its HR transformation programme.

Tim Ringo, head of IBM Human Capital Management, the consultancy arm of the IT conglomerate, said the firm would re-hire the workers as contractors for specific projects as and when necessary, a concept dubbed ‘crowd sourcing’.

“There would be no buildings costs, no pensions and no healthcare costs, making huge savings,” he said.

Okay, first of all “crowdsourcing” as it is normally understood is the idea that an organization’s customers, stakeholders and other interested parties can often come up with a solution to a particular problem better than insiders who are often blinded by organizational groupthink and prejudices. Thus the problem is thrown out to the public where people, usually for free or for credit only work away at all or parts of the problem.

Wikipedia is crowdsourced.

What IBM is doing is firing a two-thirds of its workforce and then hiring them back on an as-needed basis, sans benefits like retirement and HEALTH INSURANCE.

At first blush (and second) this looks like a pretty cold-blooded, typical Evil-Big-Corporation thing to do, you have to admit that for a company that is in IBM’s line of work — increasingly in the business of using smart people to solve problems on a project basis, less in the “making stuff” business — then this kind of business model makes a lot of sense. Given the increasing ubiquitousness of broadband connections and applications “in the cloud” that allow for long-distance collaboration it is probably inevitable.

Which brings into even starker contrast the need to get away from the employer-based model of health care financing and to an individual-based, portable model. All of which means we are going to have to revisit the single-payer and cost containment parts of health care again sooner rather than later.

This isn’t really that much of a shock. Microsoft itself has been pushing its users to dump IE6 for more than a year. Not just because the shiny new IE7 and then IE8 came out. But because IE6 is a security nightmare and they don’t want to expend the resources any longer. Also, newer technologies like advanced JavaScript and the new HTML5 extensions will not be supported by IE6 ever.

Google is pushing its Chrome browser. I use it every day and like some of the features, but for my money, Firefox, even with its large memory footprint is still the best browser out there. Explorer is a distant third.

If you sill use IE6, notable by its plain blue logo, then you should, at a minimum upgrade to IE8. But really, you should just get Firefox or Chrome
.

The plain vanilla Internet Exlorer 6 logo.

The logo for Internet Explorer 8

I think that in the early part of this century that the technology that will really begin to work magic in the day-to-day lives of people and businesses is the technology of fabrication. Briefly, fabrication technology uses (relatively) cheap hardware to allow people and businesses to make stuff. That stuff is made-to-order and is produced very rapidly. 3D printers are already becoming very affordable for prototyping and making molds for custom parts.

But this fabricator blows me away. A 3d printer that can produce customized replacement organs using the patients own cells.

The 3D bio-printer allows scientists to place cells of almost any type into a desired 3D pattern. It includes two print heads, one for placing human cells, and the other for placing a hydrogel, scaffold, or support matrix. The cells used by the device need to be the cells of what is being regenerated – building an artery requires arterial cells for example. Because the patient’s own cells are used the new organ will not be rejected by the body. The printer fits inside a standard biosafety cabinet for sterile use.

Its creators say that one of the most complex challenges in the development of the printer was being able to repeatedly position the capillary tip, attached to the print head, to within microns. This was essential to ensure that the cells are placed in exactly the right position. A computer controlled, laser-based calibration system was developed to achieve the required repeatability.

The 3D bio-printers include a software interface that allows engineers to build a model of the tissue construct before the printer commences the physical constructions of the organs cell-by-cell using the automated, laser-calibrated print heads.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas.

First, “the emergence of a shadow cyber war” is probably wrong. The very rapid innovation-reaction-innovation cycle has been going on since the first IED’s in Iraq back in 2003. This cycle of open-source warfare is well documented and predicted.

Second, my initial geek reaction was: this is going to be terribly hard to fix because those high-resolution video streams are going to be a bitch to encrypt. There is a delicate balancing act between the available bandwidth (fixed, finite) and the video resolution versus security. With fixed bandwidth, as you add encryption it increases the size of the packets taking up bandwidth.and thus lowering the video resolution.

John Robb concurs:

Iraqi and Afghan insurgents are currently using cheap software to hack the video feeds of Predator (and likely Reaper) drones. Due the difficulty of adding encryption to a large number of deployed systems high bandwidth video flows (particularly the “Gorgon’s Stare” with 10 separate feeds), a quick fix is very unlikely.

Update: According to CBS News and other sources. This vulnerability has existed since the drones were built.

he Air Force became aware of the security vulnerability when copies of Predator video feeds were discovered on a laptop belonging to a Shiite militant late last year, and again in July on other militants’ laptops, the Journal reported. The problem, though, is that the drones use proprietary technology created in the early 1990s, and adding encryption would be an expensive task.

The implications of the Predator’s unencrypted transmissions have been known in military circles for a long time. An October 1999 presentation given at the Air Force’s School of Advanced Airpower Studies in Alabama noted “the Predator UAV is designed to operate with unencrypted data links.”

In 2002, a British engineer who enjoys scanning satellite signals for fun stumbled across a NATO video feed from the Kosovo war. CBS News correspondent Mark Phillips reported then on the apparent surveillance security shortfall, and the U.S. military’s decision to essentially let it slide.

The source of this is the same bone-headed thinking behind every proprietary or limited-access network vedor’s logic: We don’t need encryption/strong security on our network because only our people will have access to it. Normally, my reaction to that is: you deserve whatever you get. However this is tempered in this particular case because “you” is actually “us.” Heads should roll though. This is beyond stupid.

Mediacom officially blames an influx of spam on the outage. And some customers report that in the mail they are receiving there is lots of spam. However, this does not fully explain why inbound mail — which is where one would see traffic related to spam the most –seems to work okay and outbound is so bad. Unless Mediacom’s customers’ computers are just congested with malware that relays spam. Which isn’t outside the realm of possibility.

The other problem is that although Mediacom says that they announced the changes some time ago via e-mail to their customers, I have yet to talk to one who acknowledges ever having seen such a thing.

Here is Mediacom’s official FAQ on the mail situation and the officially supported settings.

Outgoing SMTP Server: mail.mediacombb.net. Port 465 Require SSL ON
Incoming POP3 Server: mail.mediacombb.net. Port 995 SSL ON

Check the FAQ linked to above if you don’t know what these settings mean. It has pictures and arrows and stuff. Or just call Riverfront Technology and we’ll walk you through it.

A Mediacom technician who I spoke with on the phone this afternoon said that the problems are ongoing and those settings may not work. The mail servers will be the same but he said some people are having success with

POP3 on the standard port, 110 with no encryption;
SMTP on the standard port, 25 with no encryption.

For the time being, he said, just play with the settings and see what works. The server-side settings are changing hour-by-hour as they work through their problems.

Regardless, this is the biggest major ISP fail in as long as I can remember. My experience and thoughts regarding Mediacom Internet services over the years range between outright contempt and very grudging acceptance. They treat their business customers like cattle despite charging more for the same level of service as they provide to everyone else. Their overall quality and reliability has always been substandard at best. Outages are frequent and configuration changes that wreck service settings happen in the middle of the night with very little or no advanced notice.

I have had very good luck and good experiences overall with their technicians on the business side of things. Although they are often a beleaguered lot, they are pretty helpful and give the right advice. There appears to be a call center in Des Moines, so many of the techs are Iowans or at least midwestern-based.

For profit health care lobbyists and boobs? Brilliant!!

Health insurance industry trade groups opposed to President Obama’s health care reform bill are paying Facebook users fake money — called “virtual currency” — to send letters to Congress protesting the bill.

Here’s how it’s happening:

Facebook users play a social game, like “FarmVille” or “Friends For Sale.” They get addicted to it. Eager to accelerate their progress inside the game, the gamers buy “virtual goods” such as a machine gun for “Mafia Wars.” But these gamers don’t buy these virtual goods with real money. They use virtual currency.

The gamers get virtual currency three ways:

Winning it playing the games
Paying for it with real money
By accepting offers from third-parties — usually companies like online movie rentals service Netflix — who agree to give the gamer virtual currency so long as that gamer agrees to try a product or service. This is done through an “offers” provider — a middleman that brings the companies like Netflix, the Facebook gamemakers, and the Facebook gamemaker’s users together.
It’s this third method that an anti-reform group called “Get Health Reform Right” is using to pay gamers virtual currency for their support.

Instead of asking the gamers to try a product the way Netflix would, “Get Health Reform Right” requires gamers to take a survey, which, upon completion, automatically sends the following email to their Congressional Rep:

“I am concerned a new government plan could cause me to lose the employer coverage I have today. More government bureaucracy will only create more problems, not solve the ones we have.”

Under the “Who We Are” tab on the gethealthreformright.org website: Association of Health Insurance Advisors, America’s Health Insurance Plans, American Benefits Council, BlueCross BlueShield Association, Council of Insurance Agents & Brokers, Healthcare Leadership Council, Independent Insurance Agents & Brokers, National Association of Health Underwriters, National Association of Insurance and Financial Advisors, and the National Retail Association.

The practice of rounding up a fake grassroots “reaction” to something is called, astroturfing. Get it? Fake grass. I suppose we could call this, Facetroturfing.