This week I have been working with a client to put together some very complex scripts for doing business intelligence (data transformation and reporting). As these scripts got really complex, we began to have version control problems and decided to setup subversion to manage that. Additionally, the Trac ticketing system was a great add on as it integrates with SVN and gave us a simple, low overhead way to track tickets, to-do’s, etc. for the project.

We currently build virtually all of our Linux servers on Ubuntu Hardy 8.04 LTS. There is an excellent tutorial available here for setting up Trac and SVN on Ubuntu that I found (after were finished of course) so I won’t repeat all of that. This is an excellent tutorial to get everything up and running. The other trouble we ran into however was the hassle of setting up multiple projects.  So, I wrote a shell script to automate new project setup in both Subversion and Trac and thought I would post here in case anyone might find it useful.

Simply download the script here, make it executable, and (assuming you buil your system in accordance with the above tutorial) run the script and follow the prompts. Nice little quick version management system for managing multiple projects like this.

I find it hard to give an elevator pitch about what I do. I found this hard at my old job also but it was because I performed a disjointed and somewhat non-interrelated set of services. None the less, I always hated that. I am in a somewhat better spot now as I can clearly articulate what our businesses (Trimtab and Linford & Company) do which I really couldn’t in the business unit I used to work in.

Trimtab Business Technology delivers high-impact technology services to small to midsize organizations. We eliminate headaches and increase profit through technology design and experience… at a superior price.

Linford & Company LLP delivers enterprise level accounting, audit, and governance services using highly experienced people, extremely strong communication skills, and very favorable pricing.

My problem is my personal elevator pitch… like when a neighbor I just met across the street asks what I do. I have a split role as the both an L&C partner and the head of Trimtab. “I am an accountant and a technology consultant” (awkward and confusing, no good). “I do consulting” (sound like I am unemployed and looking for work, no good). I think you probably understand where I am going with this.

The problem is that I don’t really understand why we are all conditioned to think that being both accountant and a tech guy is not possible. Or both an accountant and a sales person is not right. Or a sales person and an operations person. All these functions are so closely connected and intertwined that it seems we should all be at least reasonably well versed in two or three of them. If you are an accountant and don’t understand operations, how are you going to develop financial reports that fairly represent what is going on in the business? If you are a tech person and don’t understand the sales cycle, how can develop technology strategies that drive revenue?

Seems like a lack of consciousness overall to me really and cultural indication that our organizations are still not getting real, deep integration between “the business” and these support functions. But until we solve this problem, I guess I will just tell people I go out and help businesses run the computer and count the money.

It seems like every week still a story comes across my desk about “Laptop with sensitive data stolen… no encrypted hard drive”. Well after 26 years, one thing I have learned is that people (big companies especially) learn slowly. I mean, there have been countless damaging stories and cases of actual money paid out because a company lost a laptop with sensitive customer or employee data on it and the hard drive was not encrypted. In fact, when I still worked at Ernst & Young, I remember one day seeing Google Alerts come in for a story that E&Y had lost a very sensitive laptop (which honestly all of our laptops working there were at least pretty sensitive). It was exactly one week later when we were all required to bring our computer into the office so our tech support could install hard drive encryption for us.

That all said however, if there was one place on the entire planet that you would think would have caught on, it would be Stanford University. After all, Stanford is perhaps the world’s finest learning institution in the area of high technology. Well according to THIS STORY IN COMPUTERWORLD, even Stanford has managed to blow off the warnings until it was too late to avoid public embarrassment.

I only bring this up because we want you to know that it is NOW too late. You need to get those laptops you use encrypted yesterday. If you are a managed services customer of ours, your laptop (like mine personally) is already encrypted with either Windows Vista BitLocker or, even better TRUECRYPT, a FREE and open-source disk encryption utility that works beautifully. Feel free to get in touch if you want help getting protected!

Unfortunately, unless there is interesting tech news and a computer somewhere in the South African bush, this blog is about to die for three weeks. It is going to be crazy hard to be gone that long, but I have a great team to cover for me. Talk to you June 1!

- Dan

I have personally been a Quickbooks user, in several capacities different capacities, for the last 8 years. It is an OK product from a functionality perspective. It is relatively easy to use and has become the default standard for accounting software in small businesses. For that reason, we are often required to deal with supporting it for our customers. The problem is, the more we have to use it (as an accountant and as tech support) and especially the more we have to deal with Intuit for support or sales, the more all of us get tired of it. After today, I am past being tired of it, I think I just hate it.

So yes, we do a lot of accounting with Quickbooks. And in the course of doing so and supporting it from a technology perspective, here is a list of several of my major gripes:

1. Intuit support (for lack of a better word) sucks. A company file just corrupted today through no fault of the users. Call Intuit support… “Sorry, this license has not paid for a support contract. Our data services group can fix the file but you must buy a support contract”. Pay Intuit to fix a file that their software broke? Bad design in the first place to use company files but then to pay them to fix their own problem is really crazy.
2. Remote access to Quickbooks is next to impossible. You cannot use the company file over any kind of VPN so if you are outside the office, you are next to hosed. You can take the file with you every time (headache) or use terminal services to sign into an unused computer at the office and use it to run Quickbooks (also a poor solutions). It is 2008, yet Intuit still doesn’t realize the workforce is mobile.
3. No way to write custom reports. Once data is in Quickbooks, it’s kind of stuck there. There are no ways to pull a custom set of data out for use somewhere else if Intuit hasn’t built that functionality into the software (another drawback of using a file to store data rather than a database). The export functionality is no good.
4. Operating system support is terrible. We continue to fight all kinds of crashing and compatibility problems with Quickbooks on Vista. There are some problems with this in the latest (2008) versions even but if you have a slightly older copy and got a Vista computer you are really out of luck. Hello upgrade purchase for an upgrade you don’t care about. Worse though is if you have a Mac. Just read this article and I need say no more about how great an experience using Quickbooks on a Mac is. Last stop, Linux. This is an easy one; there is no Linux version (surprise).
5. The licensing is a headache. Advertised as the great $99 accounting solution for small business, oh, unless you need to set prices by customer type (upgrade to premier required) and want two people to be able to use Quickbooks (multi-user license required)… hello $999 worth of accounting software.
   
6. The sales pitches are ANNOYING. After support was no help at all today in fixing my corrupted file, they actually had the nerve to ask about selling me payroll and credit card processing services. They cannot be serious. As if the 12,000 popups I have said no to while using the software weren’t hint enough, I guess they had to ask once more while I was really happy with them.
   

The long and short of it is this… time to start looking into new accounting solutions. We can’t afford to keep putting our customers through this headache and definitely can’t afford to continue providing them the support to resolve the headache. I hope someone at Intuit is listening. Now, back to restoring a two-week old version of our corrupted file and reentering all of the interim transactions. Nothing better to do.

Thanks and have a great day!

This is an old cartoon and I’m sure many have seen it before but how can you not love it? This is so typical of the experience small business owners have with technology projects. I like to think that we build tire swings, repeatedly and predictably because of a new approach to business technology… but I will let our customers decide if that is the case or not. Let us know if it is not.

For many years now, the “IT” industry has been focused mainly on “securing the network”. The idea here being that the way the company secures it’s information assets is like the way it secures its physical assets… computers outside the corporate building can’t get onto the corporate network, which where all of the corporate data is stored. The problem has been however that data creeps outside the corporate building much more easily than does a physical asset. For example, all the time data goes right out the door on company laptops.

This phenomenon has led to a significant effort in many organizations to “secure the client”. The idea here is to put firewalls and other security software on individual computer systems as well so when they are outside the physical network and connected back (via VPN for example), the individual computer does not create a weak link in the overall network’s security.

There is problem however. It is impossible to secure a company’s DATA with this approach. There are just too many ways to get inside a network. For example, there are always systems that need to be available to the internet and some kind of hole to the network must be created to make that possible. Also, there are just too many ways to physically get on the network either by actually walking through the company doors and physically plugging into a network port behind the firewall or by connecting to a wireless access point that is effectively spreading the physical network outside the office walls wirelessly. Finally, there is always the threat of an unsuspecting user just emailing it out or burning a CD and giving it to someone outside the company. Like I said earlier, just too many easy ways to get at data assets that the traditional “secure network” approach can’t deal with, no matter how good a company may be at securing it network and computer operating systems.

This is why we really have changed our view on security to a different paradigm. That paradigm is securing DATA rather than the NETWORK. Network and operating system security is one layer of protection for data, but when you don’t rely solely on that, you see threats more broadly and implement things like sensitive data encryption (no matter where that data might sit), data redirection and centralization, and heavy user awareness training.

The question in my mind is where does this go in the future. Well… could it be where DRM comes in perhaps? Let me backup…

We often protect data itself by encrypting it… on laptops, on desktops, even on servers if it is really sensitive data. The problem is an individual file sitting on a hard disk may be encrypted, but when you pull it off that encrypted volume and email it out to someone who is not authorized to view it (leak the file), it is no longer encrypted and the unauthorized party can read it. However, if I email you an iTunes song that I bought, you may have the file (which you are not authorized to use since you didn’t pay for it) but you cannot play it in iTunes. What prevents you from doing this is DRM (Digital Rights Management) which is a method of encrypting the individual file so it is unplayable by an unauthorized user.

Now, I hate DRM on my music but my question is this… could this DRM (individual file encryption) be the way to truly protect corporate data? If the DRM were effective, even if an attacker found a way to get through network security and operating system security, the data they got would still be unusable. This, in theory, would be a perfect way to protect company data instead of depending on protecting the network and a very nice change in paradigm. The problem would be all the same problems that currently exist with DRM on music… first it always ends up cracked and second it annoys users. Could a brilliant system of DRM though solve these drawbacks and make it the killer app for corporate data security?

I suppose a third paradigm is available… assume privacy is dead and learn to move that much faster in business. Not sure I’m totally against that idea either.

Today I finally found in my news reader an article that discusses a credible vulnerability in Windows Vista with Service Pack 1. Windows Vista really has been reasonably secure thus far… most vulnerabilities have taken very sophisticated attacks to exploit and have been terribly threatening in general. However this one could in fact be a big problem if it gets out into the wild. Basically, any visitor who visits a website that is hosting a malformed video file and plays it through their browser could have the attacker gain complete administrator control of their machine. VERY SCARY (so as always, be careful the sites you are visiting).

Here’s the thing… the video files/player causing the problem are Apple’s QuickTime. If you have iTunes on your computer you have QuickTime, and QuickTime has a very distinguished history of security vulnerabilities (not mention poor performance in my opinion). So thank you Apple for creating the latest, “critical” Windows vulnerability.

Not to rag on Apple all the time, but it just seems to me that if stuff like this is going to continue to come up, the “I’m a Mac I’m a PC” commercials should be amended in the spirit of ethical advertising.

PC: “Hi Mac”
Mac: “Hi PC, I see you’re feeling sick again today”
PC: “Yeah, suffering from a serious virus… very contagious”
Mac: “That’s terrible PC”
PC: “Yeah, I know. Thanks for passing on it on from the 12 of you to the millions of us”

My Apple bashing for today is finished, but here is a link to the Computerworld article. After my last couple of posts you would think I’m a real Windows bigot but for the record, I just installed two Ubuntu Linux desktops. I am actually a closet Linux/open source bigot, but more on that on a different day.

Last night was the big open house event at the new Linford & Company offices. It was a very nice time I think. Lots of friends and colleagues came, everyone seemed to enjoy meeting others in the diverse crowd, and there were a couple of bottle wines left over that we got to take home! While I am personally not great at “networking”, I sure did talk to a lot of folks, met new people, and caught back up with some I hadn’t seen in a long time. Out of all those conversations however, one sticks out in my mind still this morning.

This story involved a company that was buying services from a friend of ours. The details of the story aren’t all that terribly interesting but lets just say that the outcome was someone having to ask another professional person outside the organization what their birthday was. This wouldn’t be that interesting except the reason was that they wanted know this person’s birthday so they could give it to the company’s Corporate Astrologer so they could determine what the best date would be this action they were considering.

Now, my business, just like theirs, could use a little luck. I don’t buy into the astrology deal myself but to each his own I guess. The only thing I really kind of want is the Corporate Astrologer’s job! Can you imagine the looks you get at cocktail parties when you tell people you are actually a gainfully employed, full-time astrologer in corporate America?! AND… how hard could being a corporate astrologer possibly be? It has to be totally cushy.

I wonder if it would be dangerous job to have though, sounds like something that could easily be outsourced to India (or Sedona, Arizona).

The short answer to this question in our opinion is no. It is very easy though for one to feel like they are in very much in the minority if they happen to be of this opinion. This is not the post that lays out a full review and all of the pros and cons of Vista compared to XP in great deal. However, I have very recently seen several articles on effectively the topic of “Why Vista Sucks” printed in mainstream, non-tech journalistic publications and I think they are very unfair. Criticizing Vista has become both fashionable and a good way to get journalism numbers. The truth is we design, deploy, and support technology in small business and operate our small business with complete dependence on technology… and we run Mac OS X (just kidding, we run Windows Vista Business Edition on our business critical desktop systems).

Windows is an overwhelmingly broadly used platform and must cater to that very broad range of use cases and requirements (i.e. those of home users, students, small businesses, large enterprises, etc.). On that note, there are many reasons why I think after they make it through switching, home users would like Vista better (including the new “prettier” user interface, improved media center functionality, etc.) but for now let’s focus on the improvements that will improve life for small businesses (and do improve my life as a small business owner). Here is a short and simple list:

1. Integrated “Start Menu” Search – The days of clicking Start –> All Programs and then searching through the list of programs for the one you need are over. In Vista, click start, type the first few letters of the program, and there it is. It works for quickly accessing files as well. Saves me 20 minutes every day I would guess than when I ran an XP system.
2. BitLocker – Full disk encryption for hard drives is truly one of the smartest (even critical) thing a business can do to secure laptop computers and protect the data on them in the event it gets lost, stolen, etc. In Vista, a feature called BitLocker encrypts the entire drive and is very easy to use. Big plus.
3. Backup Utility – The backup program in Vista is far better than XP. Good enough to actually use it for backup.
4. UAC and Security – Security in Vista has clearly been better than any prior Windows version (and than in Mac OS X as several of the recent hacking competitions have proved). Much of the reason is User Account Control which is not available in XP.
5. Auto-Logon – There are many very small things that turn out to be very useful in Vista. I really think auto-logon is a good example. For a shared “on all the time” workstation, it is often handy to have the system automatically logon. In XP you had do an actual hack in the registry where in Vista, you just check a box. Small but convenient, stuff like that comes up all the time.
6. Integration – Some of the best of Vista in small business is yet to be seen. I think that is the integration with the new Microsoft Server products including Server 2008, Essentials Server 2008, and SBS 2008. This integration will make managing your network and security much nicer than I think it ever has been in the past.

These are just a few quick things, the bottom line is that why people are still buying XP machines today (and even complaining that they won’t be able to in a few months) is crazy to me. Yes, there are a few compatibility problems, I had a scanner that is not supported on Vista myself. You know though, it was a terrible old scanner and it’s time was up anyway. I found the rumors about software incompatibility to be false. There are ways to run old software in compatibility mode and it works great in every case I have had to do so.

OUR RECOMMENDATION

Don’t run out and buy copies of Vista for all of your current hardware. However, don’t go buy new hardware and get XP machines unless you have an old line of business application you are just sure won’t work on Vista (and if you’re not sure if it will and you’re a managed services customer of ours, we can just come in with one of our test machines and find out for you… we have found there are very very few that this is actually the case). When you replace computers, buy Vista computers. Do not obsolete your system the day you buy it.

Let us know if you would like a Vista machine to try out, we’ll loan you one to test drive if you don’t want to take our word for it!