Sidekick – a Cloudy object lesson

In the last few days, a cautionary tale has been unfolding in the world of cloud computing. There’s a Smartphone offered by T-Mobile, called ‘Sidekick’. It does the usual stuff – Internet access, email, diary, camera, contacts database, etc.

One of the key features it espoused was its close integration with ‘the cloud’ via a central datacentre for many of its functions. It was ahead of the industry in many respects, and gained a loyal following.

The product itself was created by a company called ‘Danger Inc’, which was bought by Microsoft last year.

On 1st October, ALL Sidekick users, worldwide, started to experience problems – and some completely lost their data-connections – which meant that a lot of users suddenly couldn’t do basic things, like accessing their contact databases.

After several days of erratic behaviour, T-Mobile have announced that, following some problems at their datacentre, many users may have permanently lost all of the data that was being stored, and advises current users not to reset their devices at any cost, because of a risk that they will also be wiped.

While the full details are yet to come out, it apppears that, during an upgrade of the servers at the Danger datacentre, something went wrong, and it then transpired that NO BACKUPS had been taken before the upgrade got underway.

To coin a phrase…..”Doh!”

Let’s be clear – this isn’t some startup company running on a wing & a prayer – it’s a subsidiary of Microsoft. Early reports are that the problem is being blamed on a sub-contractor who was hired to perform the upgrade, so it looks like one of those classc cases where everybody thought someone else had a certain responsibilty, only it turned out nobody did.

What to take from this?

Microsoft are not novices at the Datacentre game – they are putting HUGE resource into it, and are recognised as one of the world leaders in terms of technical design and development of best practices in the field. Yet despite this – something fell through the cracks, Sod’s Law kicked in, and hundreds of thousands of users were left high and dry, with very little chance of much more compensation than a refund of this months’ subscription fees.

If cloud computing is to succeed, then it is critical that suppliers can demonstrate they can be trusted with our data, and that they have processes and technologies in place to deliver on that. They may also be forced to offer Service Level Agreements that provide better compensation levels than are currently offered before they will ever stand a chance of gaining contracts with larger organisations. If Facebook goes down and loses your Mafia Wars score (or whatever), it would be annoying but not fatal. If your ERP system suddenly vanishes….

Emailing Attachments – A Car Crash waiting to happen

It’s long been said that emails should be treated like postcards – only use them when you don’t mind them being read by the postman.

Email, by its nature is horribly insecure. The underlying technology (SMTP) was designed and built by a bunch of Californian geek types (at UCLA, mainly) who gave almost NO thought to security because it was assumed that it would be used within a single organisation only.

When you send an email – it travels to its destination via other people’s hardware – that’s the way the Internet works. The exact route taken can vary from minute to minute.

If you send a draft tax-return to a client as an unencrypted PDF file – that file can be intercepted and read with an ease that makes postcards look like paragons of discretion.

Now, let’s not overstate things. The reality, of course, is that the chances of this actually happening are tiny – not many people are THAT interested in your client’s tax returns, and they’d have to wade through the VAST quantities of other data that is streaming across that corner of the Internet.

Nevertheless – it can be argued that sending something like a tax return over unencrypted email could be a breach of your responsibilities under the Data Protection Act. All it would take is the right combination of high-profile client and tabloid feeding-frenzy, and your PII providers will be earning their money for the next few months.

The solution doesn’t have to be complex. Every PDF-creation system I’ve seen (including the ones built into tax products) has an option to set a password. This feature encrypts the data in the PDF to a degree that will deter all but the most determined (and well resourced).

Make arrangements with each of your clients to use a standard password for all email communications, and make sure that this password is used whenever sending email attachments. It’s an extra hassle for your staff, but one day, it’s going to save your bacon.

More techy things not many people know….

The ‘TWAIN’ scanner communication protocol is widely (and incorrectly) reported as being an acronym…

Technology Without AInteresting Name

Sadly, this is a myth.

Actually – the name was coined by the working group as an indicator of how painful it was to connect scanners to computers BEFORE there was a standard (‘Never the twain shall meet”)