Thursday, December 17, 2009

How to tell it's not a cloud.



People always ask what is cloud computing? - and it's not always simple to explain. Perhaps it's easier to just explain what cloud computing is not.

1. If you can’t buy it on your personal credit card… it is not a cloud

2. If they are trying to sell you hardware… its not a cloud.

3. If there is no API… its not a cloud.

4. If it takes more than ten minutes to provision… its not a cloud.

... and 12 other things that cloud computing is not via James Governor.

Here's what I think cloud computing is all about.

Too Much Energy Efficiency?



Is it possible for technology to be too energy efficient? Looks like that's the case. New LED traffic lights don't produce enough heat to melt the snow that builds up around them.

Saturday, November 28, 2009

What's so sacred about 140 characters?

Why 140 characters? The obvious answer, which I'm sure you know, is so that a tweet can fit into the 160 character limitation of an SMS text message. In other words, the Twitter user name (which can be up to 15 characters) followed by the 140 character tweet can all be packaged nicely into a single SMS text message.

Which begs the next question: Why restrict a tweet to the limits set by SMS when this is the World Wide Web? One of the "limitations" of e-mail and the Web is that you need Internet access for connectivity. In developed countries, we take Internet connectivity for granted. Having spend some time living in East Africa I was amazed to see how important SMS was to the locals who don't own computers, printers, or even have an e-mail address. But, nearly all of them had pre-paid cell phones and they used SMS just like we use e-mail (they also had trivial SMS to e-mail and e-mail to SMS bridges).

Additionally, their cell phone networks have features which I wish we had here in the US. Basically, people in developing countries have substituted the computer, printer, and Internet with the cell phone, fax, and the carrier's wireless network. This is how most of the world gets "online" with technology.

Imagine if Twitter didn't just go after the consumer market who own computers and smart phones with Internet access (I'm guessing about one billion people), but, instead, what if Twitter went after every person on the planet who's an active cell phone subscriber (which will reach 4.6 billion by the end of 2009). Now, that would be a fantastic communications tool!

Tuesday, November 24, 2009

Tuesday, November 17, 2009

Script Kiddies SSH Attack Solution

Are you tired of seeing attacks against port 22 (SSH) on your public servers?

The attacks generally look like the following log snippet which is a simple dictionary attack (usually against root or admin).


Nov 15 07:41:58 static-171-163-154-171 sshd[5470]: Failed password for rootfrom 68.152.76.202 port 50818 ssh2
Nov 15 07:41:58 static-171-163-154-171 sshd[5472]: Invalid user password from 68.152.76.202
Nov 15 07:41:58 static-171-163-154-171 com.apple.SecurityServer: authinternal failed to authenticate user password.
Nov 15 07:41:58 static-171-163-154-171 com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.


You could try reporting the offending IP address, but the attacking computer will frequently turn out to be a compromised Windows machine owned by grandma and grandpa.

Solution
Your best bet, after ensuring that you're using a strong password, is to have SSH listen on a port other than 22, such as 8080. Since port 8080 is usually used as an alternative to port 80, attackers will try using the http protocol to exploit it, which will fail before the attack even has a chance to begin. At this point, script kiddies will move along since there are so many other servers, with vulnerabilities, to choose from.

Tuesday, October 13, 2009

eBay Hacked?

Today, I received some automated spam, related to eBay, through an HTML form submission on one of my websites. While researching it I opened Terminal on my Mac and typed:

whois ebay.com

Imagine my surprise when I scrolled back to the top of the results and saw this.


My immediate thought was that eBay was hacked! But, it turns out that's not the case. Running whois on the Mac just returns all results beginning with ebay.com and some people have taken advantage of that.

It's even worse if you run a whois on microsoft.com.

Tuesday, September 1, 2009

AWS: Two Account Credentials

Amazon Web Services (AWS) now allows each AWS account to have two credentials. In other words, one AWS account can have two active Access Key ID and Secret Access Key pairs.

Do not confuse this feature with yesterday's announcement by AWS on Multi-Factor Authentication (MFA) which is similar to a SecurID fob.

Two AWS Account Credentials
AWS supports multiple concurrent access keys. This allows you to rotate keys without impact to your applications' availability. AWS recommends that you rotate keys on a regular basis. To rotate keys, create a new key below, update your applications to use the new key, and then deactivate/delete the original key.

You are allowed two access keys at any point in time, and the keys may be in the following states:


So What?
This new feature can ensure a smooth transition when rotating your keys. In the past, when you created new credentials it overwrote your old credentials. You were out of luck if you missed an application or web service that was using the old credentials. Now, you can create new credentials and update your apps. If you notice an app no longer working when you click "Make Inactive" then you can reactivate the old credentials while you fix the problem.

You can find more details when you access your AWS security credentials.

Twitter Redirects: Nice and Clean

Twitter's website begin counting clicks inside of tweets. Obviously, they do this to track stats, i.e. how many people click on links from the Twitter web site.

The interesting thing is that they're passing on the simple referrer that you'd expect. In other words, instead of the referrer looking like:

http://twitter.com/link_click_count?url=http%3A%2F%2Fadjix.com%2Fsx4d&linkType=web&tweetId=3696834541&userId=-1&authenticity_token=8c678e082a5ee88d47f03b05cf6f6887b8903acd

It simply looks like:
http://twitter.com/joeMoreno

This is very clean for link tracking websites like Adjix which track clicks by IP address and referrer:


Update: Just discovered a clear downside - when the Twitter website is slow, clicking on these links are painfully slow since you have to first be redirected by Twitter's servers.

Monday, August 31, 2009

Twitter's "Track" Command: Gone But Not Forgotten.

Twitter used to have a fantastic real time search command: Track

Sometime in 2008 it seems to have been turned off - probably because it generated too much SMS (text messaging) traffic.

Fire!
During the San Diego Wildfires of 2007 I was splitting my time between San Diego (Carlsbad) and Santa Cruz (Capitola). The wildfires broke out over the weekend when I was in the Bay Area. By Monday morning two separate fires were threating our home in Carlsbad. I went to sleep, Monday night, trying to prepare myself, mentally, for what it was going to be like once our home burned down.

Tuesday, as I drove down to Carlsbad, I wanted every piece of information I could find about the fires. Listening to XM channel 247 (emergency channel - a wordplay on 24/7) helped, but it was too broad since it was covering all the fires burning in San Diego, Orange County, and L.A.

This is where Twitter's Track command was a saviour (keep in mind that there were no iPhone apps back then). I simply texted some keywords to Twitter and every time someone's tweet contained one of those words it was relayed to me via SMS. I had Twitter track "Carlsbad" and the major road near my home, "Palomar".

Retweeting wasn't as popular back then as it is now so I received very few duplicate tweets. Nearly every tweet that I received - and I was receiving a new tracking tweet every five minutes - was helpful:
"It doesn't look like the fire's reached Carlsbad."
"Winds dying down and reversing direction - I can see flames from Carlsbad."
"Voluntary evacuation south of Palomar Airport Road."
"KPBS reports that fire in San Marcos, near Carlsbad, is 20% contained."
etc.

Luckily, the closest both fires got to our home was about four miles. Now, if only Twitter could bring back the Track command and ignore retweets.

Saturday, August 29, 2009

My Experiences with DNS Hosting

Overview
The Domain Name System, better known as DNS, is probably the most critical part of the Internet. DNS converts domain names, such as google.com, into IP addresses like 74.125.45.100. Since it's so important it's also the most robust and redundant Internet infrastructure in place. Attacks against this system usually go unnoticed by the public. If an attack were to successfully bring down all 13 root name servers then Internet traffic would, for all practical purposes, be unroutable - and the Internet would stop working. Luckily, each root server is actually a farm of servers which appear, from the outside world, as a single server.

Taking Down the Internet
Taking down all 13 root servers at the same time would have the effect of removing every street sign on every road in the world. Unless you know where you're going, and you've been there very recently, then your network packets used for web browsing, e-mail, etc, won't know how to reach their destination.

The Root
Top Level Domains (TLDs) are the last portion of a fully qualified domain name (i.e. .com, .net, .us, etc). To be completely correct, all TLDs end with the same character ("." pronounced "dot"). If you have a decent web browser then the following link should work: http://www.cnn.com./ (include the ending .) If this example doesn't work, then try pinging it from the command line. Think of the . as the root of DNS.

Domain Name Registration
When you purchase a domain name the registrar usually configures your DNS with some default settings. Generally, it'll point your domain to a generic landing page until you either upload your own web page or reconfigure the DNS to point to either another DNS server or web site. Once you've changed a DNS record, it can take some time until ISPs are updated. How long these updates take to propagate is configurable when creating a DNS record - the typical range is from an hour to a day.

DNS Configuration
You have two options when configuring DNS. Either you can configure it through your registrar or you can run your own DNS server. Over the past decade I've tried both methods, extensively.

DNS Self-hosting: QuickDNS Manager
In the beginning, domain registrars did not have sophisticated DNS management tools so I ran my own DNS server using QuickDNS Manager from Men & Mice (They no longer sell this great product, under this name, anymore). QuickDNS made it extremely simple to configure DNS using the QuickDNS Manager's GUI.

Click to enlarge

In this example, the TTL (time to live) column sets how long, in seconds, third party DNS servers (i.e. ISPs) should cache this information before going back to the the registrar. The defaults in the upper right are used when the TTL column is blank for a particular record. Therefore, this DNS configuration tells third party DNS servers to cache the www.example.com and example.com records for 300 seconds (five minutes).

Although self-hosting my own DNS server gave me a huge amount of flexibility the biggest draw back was that it requires a dedicated server machine. Since running a DNS server doesn't require heavy lifting by the server's CPU, I was successful in running my own DNS server for business purposes on an old 233 MHz (Wall Street) and then later a 500 MHz PPC G3 (Pismo) PowerBook with no problem at all. The beauty of using an old laptop as a server is that its battery acts like an internal UPS. As a matter of fact, about five years ago, I used to run e-commerce web servers, mail servers, DNS servers, etc., "on the cheap" using a farm of laptop servers.

There are other many other DNS server software options, but I particularly liked QuickDNS due to its ease of use.

GoDaddy's DNS in the Cloud
These days, it's hard to beat using a DNS service that's hosted in the cloud - especially when, in the case of GoDaddy, it's free. For the cost of registering your domain name (about $10/year), you can configure your domain's DNS either through a web browser or through a text file that can be uploaded and downloaded to/from GoDaddy.

GoDaddy UIs
GoDaddy's DNS notations deviate slightly from the DNS BIND standard, but it still works as expected. Specifically, they have eliminated the need for each domain to end with a dot - after all, it's implicit. Also, when you want to reference the domain's root name (i.e. example.com) you use the @ symbol.

Here's a screenshot of how I've configured AdjixSucks.com to be a static web site hosted on Amazon's S3 (more about hosting websites on S3 can be found here):



Here's the text file, from GoDaddy, which can be downloaded, edited, and then uploaded (Be sure not to upload duplicated DNS records. If there's a duplicate record then GoDaddy will not apply any changes and return an error. This is a great safety mechanism to prevent accidents which could bring down a website.)


Using GoDaddy's web interface, you can configure your DNS record's TTL for 30 minutes, one hour, 12 hours, one day, or one week. To configure with a finer level of granularity, i.e. 300 seconds, you'll have to upload the updates to GoDaddy via a text file.

Out Source or In-house?
While there are other DNS hosting options, and some cost a small amount of money, it makes a lot of sense to use a professional DNS hosting solution instead of running your own DNS server. If you don't own the hardware then you don't have to support it. (While software may have bugs, it never fails in the manner that hardware can.) Due to the critical nature of DNS, third party hosting solutions do an excellent job at supporting this service.

Thursday, July 23, 2009

Lunar Module Instruction Manual & STS-127

Many years ago, my neighbor, Wynne Trenholme, who's now in his mid 90s, gave me several lunar module training manuals. Tonight, I scanned one of manuals into a PDF (Introduction to the Lunar Module programmed text, March 1969). This manual introduces the student astronaut to the LM's electrical power and environmental controls along with explosive devices and propulsion & reaction controls as well as some other lunar module systems.

The other two manuals I have which are equally as fascinating:
1. Self Instruction Programmers Study Guide Lunar Module, October 1968.
2. Untitled, April 1969. This manual contains mostly diagrams of the LM-5 (Eagle).

Diagram from Introduction to the Lunar Module

Click to enlarge

I've always been fascinated by the Apollo program. Especially the lunar module since it was built where I grew up (Long Island) and it was the first spacecraft designed to work entirely in the vacuum of space.

Over the past few weeks, my interest in the space program has been re-energized for two reasons. First, because of the 40th anniversary of the Apollo 11 mission. Second, because a college classmate of mine, Chris Cassidy, is currently in orbit on the space shuttle Endeavour (STS-127). I travelled to Florida to watch Chris's launch. It will probably be the only shuttle launch I'll see since there are only seven more planned before the space shuttle is retired.

Click to enlarge photos below.

Lift off of Endeavour (15 July 2009)


Presenting Cassidy with a USNA 1993 ball cap to bring into space.


Cassidy's first EVA lasted 5 hours 59 minutes. (22 July 2009)
Image Credit: NASA

Save the Seals

Save the Seals
Seals at the historic kiddy pool in La Jolla were kicked off the beach, again, and then their eviction was stayed, again. Lather, rinse, repeat. Should they stay or should they go?


Adam Fitch aptly described the scene at the kiddy pool, complete with photos:
mrfitch: Media circus for the seals at La Jolla's Children's Pool. http://twitpic.com/b80z0 http://twitpic.com/b811k


As a matter of fact, nearly all Twitterers aren't happy that the seals are being kicked out. Some are "up in arms" and ready to protest:
buffynerdgirl: I am fully prepared to stand arm in arm with my fellow San Diegans in protest of the forcing out of the La Jolla seals. People suck.


It was hard to find anyone in favor of removing the seals. Who would want these cute little guys to be kicked to the curb? For starters, swimmers and triathletes who train there are not particularly fond of their presence since the seals bring sharks, looking for a snack, closer to shore.

But, if you "listen" closely enough, you'll find some people willing to speak their mind in favor of removing the seals. John Kelly, from San Francisco, tells San Diegian Rachel Kaplan a few of his reasons:
JohnHedge: @Rachieheather IMO [in my opinion] the seals should be removed. They are a health hazard and their fanatic supporters take things too far. Try diving there.


JohnHedge: @Rachieheather My problem with the seals is that Children's Pool is a manmade public beach and they are polluting it. It is not a sanctuary.


The decision hasn't been finalized - meanwhile, the seals continue soaking up the Southern California sun oblivious to the legal battle surrounding them.

Wednesday, July 1, 2009

Entrepreneurs Connecting In San Diego With Springboard

Thinking of starting a high tech or bio-medical business in San Diego and need some help? CONNECT.org might be what you need.

Steve Hoey, a program manager at CONNECT for the past two years, says that the organization is “designed to engender and support innovation in San Diego through a culture of collaboration.” CONNECT, which was founded in 1985, has several programs and most entrepreneurs start with the free Springboard program, which first began assisting entrepreneurs in 1993.

Even in the current economic downturn Hoey points out the fact that innovation doesn't slow down. More and more entrepreneurs have taken the plunge since many people have recently found themselves out of work.

To apply for the Springboard program, which typically lasts three to five months, an entrepreneur simply fills out the application form on their website (http://connect.org/springboard). Applications are then reviewed and matched to CONNECT's subject matter experts known as Entrepreneur's in Residence (EIRs).

Each year, 50 companies go through the Springboard program and about 35 complete it. These companies range in size from one or two founding entrepreneurs, with just an idea, to companies that have raised millions of dollars in funding. Two recent success stories, which Hoey mentioned, are Benchmark Revenue Management, which helps make hospitals more effective and efficient, and Biomatrica, which stabilizes biological samples at room temperature.

EIRs will coach entrepreneurs and help them refine their business plan and fill in the gaps. For example, if an entrepreneur is technical and their plan needs help with the financial forecasts then interns can be brought in from UCSD’s Rady business school to help.

The Springboard program consists of several phases. Beginning with filling out the online application and an initial meeting with one of the 80 to 90 EIRs to ensure that the Springboard program can support the applicant’s goals. Once this match has been made, the entrepreneur will meet with their EIR several times in order to solidify their plan. The entrepreneur then refines his or her business plan by conducting a dry run in front of one or two panels of experts leading up to their final presentation panel.

The final panel consists of three groups; CONNECT sponsors, investors, and domain experts. It begins with a 20 minute presentation by the entrepreneur followed by a 30 minute question and answer period and then it concludes with about 30 minutes of feedback and constructive criticism.

Once the graduation panel has been completed, most entrepreneurs usually hope to close a round funding from investors. Since this is naturally the next step, CONNECT launched a new program in December 2008 called the Deal Network where Springboard graduates now have a second opportunity to present to investors.

The most important traits that Springboard applicants require are “coachability” and a willingness to complete the entire program. If that sounds like you and you are a San Diego based entrepreneur then CONNECT's Springboard should be your first step.

Sunday, May 10, 2009

Amazon Web Service's Simple Storage Service: The 99% Solution

Amazon Web Services (AWS) Simple Storage Service (S3) was launched about three years ago as a simple way to store files on Amazon's servers. Each file, also known as an object, can be up to five gigabytes (GB) in size and the filename is referred to as the object's key. The beauty of S3 is that each object saved on Amazon's servers is backed up onto at least three different servers. Where exactly the object is stored is not important since any computer on the Internet can access it - this is commonly referred to as the cloud, since, just like a cloud, there are no hard boundaries.


Strengths
1. Uptime – S3 uses the same infrastructure that is used to host its own amazon.com website. While downtime isn't unheard of, it is extremely rare.

2. Hypertext Transfer Protocol (http) access – Accessing objects stored on S3 can be as simple as typing in the web address to the resource in your web browser. Storing and retrieving objects on S3 can be done programatically or graphically using a third party plug-in such as S3Fox: http://go.joemoreno.com/e5bf

3. Security – Objects stored on S3 can be made public, such as a web page, or private so that only a single user can access a specific object (great for backing up sensitive files). Additionally, items can be semi-private so that users can anonymously access an object, once they are authenticated, for a limited amount of time. A good use of this feature is to prevent other users from "hot linking" or "deep linking" directly to a photo or sensitive document on your website.

4. Domain Name Service (DNS) Access – Objects stored on S3 are placed into buckets which can be thought of as a folder or storage area network (SAN). An object in a bucket can be accessed in one of three ways:

a. http://s3.amazonaws.com/bucket/key
Update: This method only works for non-EU buckets.

b. http://bucket.s3.amazonaws.com/key

c. http://bucket/key where bucket is a DNS CNAME record pointing to bucket.s3.amazonaws.com. For this reason, bucket names must be unique throughout all of S3.

5. Price – Amazon only charges for its service based on use with no flat fees required. They refer to this as "Pay by the drink". Fees for storage, bandwidth, and access begin at $0.15/GB of storage, $0.17/GB of bandwidth, $0.01/10,000 GET requests and $0.01/1,000 PUT, COPY, POST, and LIST requests. For the first several months that I used S3 I received monthly bills for S3 totaling less than a dime (US$0.10). How Amazon can bill me that little and not lose money is a mystery. Here are copies of my first three bills from Amazon.

6. Bandwidth Throughput – While not advertised, the bandwidth throughput (speed) of objects served up by S3 is consistently in the 3-4 megabytes per second (MBps) [note: that is not megabits per second (Mbps), but megabytes per second - in other words, the throughput is approximately 24-32 Mbps]. Fast enough for nearly all users.


Weakness
Since objects stored on S3 are served up using http (and they can also be served up securely using https), it is possible to host an entire website on S3 for pennies/month with one small exception. Amazon has not implemented a way to serve up the default web page when a user initially visits a website.

The initial web page of a website is commonly named index.html. For example, when you visit cnn.com or apple.com, you are actually viewing http://www.cnn.com/index.html or http://www.apple.com/index.html. All web servers used for displaying websites automatically know how to serve up a default webpage - all but Amazon's S3. And users have been clamoring for this feature since 2006: http://go.joemoreno.com/esw2

Since a default object cannot be set to be automatically returned an entire website cannot be hosted on Amazon's S3 unless your users are willing to type www.example.com/index.html every time they want to visit your site - which, obviously, is not practical.


The 1% Solution
After grabbling with this problem since 2007, I finally implemented a solution allowing me to host an entire website on Amazon's S3 without requiring another web server to serve up the index.html file. While I did not discover this technique, it is certainly worth mentioning in detail since it is not very obvious.


Perfect Match: Amazon S3 & GoDaddy
Hosting an entire static website on Amazon's S3 requires a little DNS gymnastics, but its results can be seen here: http://www.adjixsucks.com

One of the first places a web browser checks, when a person enters a domain name in their web browser, is with the domain's registrar. The registrar is the company where the domain name was registered and this is how the domain name owner tells the world where to route users to find their website, route e-mail, etc.

Since the registrar is the first stop, this is the perfect place to intercept the request and send it to a website's index.html page.


How to do it
In order to forward a request to a website's index.html with GoDaddy you'll need to do a few things. For starters, since most people enter www.example.com or example.com into their web browser you'll have to store your entire website's files in an S3 bucket that is not named example.com or www.example.com. In my adjixsucks.com example, I choose to save the website in a bucket named web.adjixsucks.com - but you can call it anything, such as www1.example.com, static.example.com, etc.


Parked Name Servers
Once you've saved your website's files in an S3 bucket, you'll need to configure your domain name's DNS to use GoDaddy's "Parked nameservers" (ns11.domaincontrol.com and ns12.domaincontrol.com).




Total DNS
Under total DNS, you'll need to edit/add three entries for the "@", "www", and "web" hosts. Keep in mind that these updates can take hours to propagate throughout the Internet.

1. Under the A (Host) records, you'll need to set the @ host to point to GoDaddy's forwarding server (64.202.189.170).

2. Under the CNAME (Aliases) records, you'll need to add two CNAMES for www and web.




Domain Name Forwarding (back to your own domain)
Finally, you'll need to update the Forwarding section to your index.html. Once this it updated, it can take 20-30 minutes until the redirect is live.




When you're done, it should look similar to this:




Ta-Dah
When people enter your domain name into their web browser most won't even notice that the website begins with web instead of www. While this isn't a perfect solution, it's very close and the price is right: $10 for the annual domain registration and as little as a nickel or dime per month paid to Amazon for hosting your website.

Joe Moreno
President
Adjix
joes3@adjix.com
760.444.4721

Saturday, April 11, 2009

Over Lawyering on the Web

Is it just me or have lawyers gone too far with all things online such as terms of service, license agreements, and disclaimers in e-mails? Of course, the only people that can answer this question are probably the very lawyers who come up with these requirements.

How important are a website's terms? I don't have to agree to any terms of service when I go to the local mall. But, if I pull out a camera and begin taking photos they can ask me to leave since it's private property (with public access - very similar to a website). Being a guest would seem to be a good analogy. I invite you into my house (or my place of business) and I can ask you to leave at anytime.

The disclaimers at the end of e-mail seem to be a bit over the top. Shouldn't I have to agree to the disclaimer? And, if I don't agree with it should I be bound to delete the e-mail? It simply seems unnecessary. If there is any legal precedence for these e-mail disclaimers, I'd love to know more.

Sunday, March 15, 2009

East African Cell Phones

When I was living in Nairobi, Kenya, a few years ago, I was amazed at the state of their mobile phone networks. There I was, in one of the poorest countries in the world, and everyone had a cell phone. Not only that, but cell phone coverage was nearly ubiquitous and the features built into their networks impressed me - even on my bottom-of-the-line Nokia cell phone that I used in Kenya.

Since the Internet isn't very common there, their cell phones were the most sophisticated piece of technology which they used for communications. Texting was widespread.

There are four features that their cell phone networks had, which we still don't have here, in the US.

1. Business Cards
Have you ever needed to give someone a phone number that's in your phone's address book? Ten years ago, I could beam it to another person on my Palm Pilot. Today, I can't even do that with my iPhone - via Bluetooth or otherwise. In Kenya, there was a "B card" option on the phone's menu. Simply choose a person from your address book whose number that you wanted to share and then choose the recipient. Within a minute, the recipient receives a text message asking them to review the contact information and then choose to either accept or reject it.

2. Busy Signal Call Back
When calling a number that was busy I could tell the phone system to keep trying the number, then I'd hang up and wait for the phone to ring back once the number wasn't busy. This reminds me of a circa 1980s technology (Demon Dialer) that would dial a number, automatically, until the line was no longer busy. I'm sure phones have this feature, here in the U.S., but it's neither common nor basic.

3. Missed Calls
I could turn off my phone and when I turned it back on the system would tell me which calls I missed. Can't do that in the U.S. I only get to see missed calls if my phone was on when the call came through or if the caller left a voicemail.

4. Text Message Payments
This feature still blows me away. Kenyans, like most Africans, are unbanked. They live payday to payday (at least they don't have to worry about the sub-prime mess) and, for the most part, they don't use: banks, computers, e-mail, iPods, etc. The two key technologies they use are cell phones and faxes – and they Kenyans were fantastic at filing and retrieving paperwork; never losing a page.

While we rely on computers, printers, and the Internet; they have substituted the cell phone, fax, and the wireless carrier's network. In place of PayPal and charge cards, they simply used their cell phones.

I'll never forget the moment when my driver told me about Safaricom's Sambaza, which launched the month I arrived in Kenya, as a simple way to share cell phone minutes. I was truly amazed, thinking, "Why can they do that here and we can't do it back in the U.S.?"

Unlike cell phone contracts and subscriptions plans we use here in the U.S., the Kenyans primarily use a pre-paid payment plan. In order to add, say $10 worth of minutes (or, more accurately, 10 KSh [Kenyan Shillings]), you'd simply buy a scratch-off card with that face value, scratch off the number, and enter it into your cell phone. This works exactly like pre-paid cell phones in the U.S. No need to worry about subscription fees (but the minutes do expire, just like here, if not used within a certain time.)

The one thing you can't do here that you could do there is transfer your minutes to each other. This became an instant form of electronic currency. For example, people who grew up in a village would move to Nairobi to find a job. They'd take a portion of their paycheck, purchase a pre-paid card, and add minutes to their cell phone. Then, they'd text some of their minutes to their mother living hundreds of miles away, in a rural village - yes, mom has a pre-paid phone with network coverage in the boonies. Mom would go to the local market and text some of her minutes to the grocer at the market to pay for food. Very elegant electronic barter.

Sambaza soon evolved into M-PESA that transferred actual money which, obviously, is a much better feature if you're looking to pull cash out of the system at some point.

The only hitch with Safaricom's system is that the sender and receiver had to use the same wireless carrier (different carriers are incompatible in a way similar to a Visa credit card's incompatibility with American Express). In Kenya, which only has two wireless carriers (Safaricom and Celltel), this wasn't much of a problem. However, there are even better ways to make this system carrier agnostic just like PayPal doesn't care which bank, credit card, or Internet service provider you use. What's the hold up here in the U.S.? Simply put: the Patriot Act.

Thursday, February 26, 2009

Electricity in the Early 20th Century

I love this photo - it was probably taken almost 100 years ago.
(click to enlarge)



In this photo, you can see the wiring from the Christmas tree running into the light socket hanging from the ceiling.

In the late 19th century, electricity was used almost exclusively for powering incandescent light bulbs. But that changed around the turn of the 20th century. The problem was that offices and homes were only wired for light bulbs. So the light bulb socket was used like we now use a wall socket.

Back then, electrical appliances didn't have on/off switches - you'd just screw it into the ceiling socket. Appliances like electric fans, beginning in 1890, and open top washing machines of 1908 could be fairly dangerous. You can't turn them off and you can't yank out the cord. There are some unpleasant stories of people getting their hair and clothing caught in washing machines.

Innovation and good engineering takes time, no matter how obvious it seems.

Source: Jeff Bezos at TED

Monday, February 16, 2009

Sensory Deprivation Tank


Today I floated, for the first time, in a sensory deprivation tank. For years I've been wanting to try one and I finally took the plunge.

The tank's about the size of a twin bed and it's filled with eight to ten inches of water heated to 93-94 degrees (skin temperature). About 800 pounds of epsom salt has been dissolved in the water so there's no problem floating.

The facility I went to was definitely up scale. Each person gets a private room with their own shower, a place to change, and, of course, the tank. Since it's private you get to float in your birthday suit (but you can wear ear plugs to keep the water out of them).

After rinsing off in the shower I entered the tank. Most people float with their head on the far end of the tank since it's slightly warmer there. The door to the tank is very light and you can keep it fully opened or close it - whichever makes you most comfortable. Just outside the tank is a spray bottle of fresh water in case you accidently get salt water in your eye.

Very soft music plays for about ten minutes which fades to silence. At this point I was in total, complete, darkness and quiet. Neither a photon of light nor decibel of sound could be seen or heard. I  knew when my time in the tank was up because the music started playing again and, just like the Academy Awards, that's my cue to exit.

So what happened inside the tank? Sorry to say that it wasn't anything like the 1980 movie Altered States; nor did I have visions like Lisa did on the "Make Room For Lisa" episode of The Simpsons (about 14:30 into the full episode).

But it was relaxing - very relaxing. I guess it's the closest you can get to being back in the womb as you float in solitude. There's nothing to distract you so you can focus (or not focus) on what ever you want. I could definitely get used to relaxing in one of these. The cost is similar to a massage ($40-$90 per hour).

I should sleep well tonight.

Saturday, February 14, 2009

Lessons in Customer Service

Not So Great Service
Good customer service is a pet peeve of mine. Recently, I wanted to order some pajamas with feet for my wife for Christmas. The company's website was out of stock, in her size, in early December so I wrote to them asking when they'd expect more. Three weeks later (between Christmas and New Year's) they responded and told me to keep checking the website.

Fast forward to February when their inventory levels on their website hadn't changed at all - I'd been checking about every 10 days. I e-mailed their customer service department again asking about their inventory and the response I got was that they were working to increase their inventory levels over the next few weeks.

I replied asking to be put on the back order list and they asked what specific item I wanted and this was their response:
I can actually answer this quite quickly - we don't expect to run another production on the penguin print until late summer to be available for fall.

I think they just lost a customer for life.

Unexpectedly Great Customer Service
Today, I experienced unexpectedly great customer service at a tea shop in San Clemente called the Lavender Lounge Tea Company. The shop is located off the beaten path, above a 31 Flavors. When it opened, about eight years ago, I thought that it would soon go out of business due to its location. I lived on this street from '94-'98 and had seen many businesses come and go.

Today I found out why it's still around.



When my wife and I arrived there were about five patrons that were just leaving so we had the place to ourselves - along with what looked to be about a hundred different kinds of tea. The only employee was a young woman (early 20s) who we asked for some recommendations. She wasn't the owner, but she clearly knew her teas.

I am not a tea person and I'm not a coffee connoisseur either - by the time I've prepped my coffee it has sugar, syrup, and cream. I ended up having the Ruby Cocoa Kiss tea (would a tea aficionado tell me that this wasn't "real" tea?). This tea was good - very good - and I didn't need to add anything to it which is a first. It was so good I bought a tin of Ruby Cocoa Kiss tea as I listen to the employee explain some differences in teas.

As I was being rung up, I saw a coconut meat cubes dessert, from Indonesia, that I had never heard of before called Jubes Nata De Coco. When I asked her about the dessert I was impressed that she knew all about it and how it compared to boba (pearl), but, what impressed me the most was that she told my wife and I that we should visit the Jubes website. She told us how cute the website was because you had to put the cubes into the Jubes mascots' mouth to navigate from webpage to webpage.


Exercise: Ask a Starbucks employee when was the last time they were on the Starbucks' website or visited the website of a third party whose products they stocked. (Of course, I ask this knowing full well that, when I worked at Apple, I was on the apple.com website at least daily.)

No, this wasn't a Starbucks barista who only knew how to make coffee according to an operations manual - she obviously was well trained in most every aspect of the business. It turns out that all of the Lavender Lounge Tea Company's employees are "students of tea".

I'm impressed.