I couldn’t resist this Post – after all, it is a cloud!
Go to Wired for some more weird clouds …
[?]
Archive for September, 2009
The use of Username and a Passwords for on-line user authentication is ubiquitous, it’s common, and therefore it’s a risk. Technically it’s known as single-factor authentication, and as this phrase suggests it’s the weakest process used to verify somebodies identity and let them have access to your critical information on the web – other than giving them completely free access.
Salesforce use single-factor authentication to control login, but then potentially compromise even this. The common error is assuming that you must use your email address as your Username, but this isn’t strictly correct. The risk of using your actual email address is that leaves just one less thing to hack – a password. Compound this with a weak password, and your Salesforce data (given any restriction imposed by the users profile) is open to the world.
Consequences of an insecure website • Loss of business • Destroy customer confidence and brand • Legal liability • Financial loss • Costs of incident handling (from a presentation at Barcelona DrupalCon, 2008)
So, firstly don’t use your email address as your Salesforce Username. It will have to resemble an email address in structure, but not your actual email address. You still need to enter a valid, and accessible, email address in each users profile – but more on this in a moment!
Secondly, use a good password. For a good password do consider using, frequently changing, not sharing, and certainly not write down on a Post-it note and sticking it to the side of your monitor, …, a Secure Password. Take a look, for example, at the on-line generator at the PCTools website, also available as an off-line generator – you should consider a password length of least six, and eight if you have Administrator rights.
If you’re not keen on these totally cryptic passwords then do try the following: use the first characters from each word in a line from a poem, or memorable phrase. Sprinkle in a couple of digits, changes of case, or punctuation characters and you’ll have a secure password.
So, your Salesforce data is now secure. Well – consider this: information security is all about identifying, and fixing, the weakest link. If your Salesforce users have email access, which they must have, and they’ll certainly need in order to access Salesforce off-site, then their password to your email system is the weakest link! Salesforce, and let’s be fair as do most Blogs and other Social Media sites like LinkedIn, Facebook, … allows users at the login stage to request that their password be emailed to them. So having a weak, or freely displayed, email password gives access to Salesforce …
[?]
I use it so I must recommend it. But, actually I do think it is the best of breed platform for Blogging, and probably the most popular blogging platform.
Now a Blog is your Real Estate, your property that is fixed in location, on the web. Your blog’s content is not like your content in LinkedIn, Facebook, or even Twitter – for it’s accessible by search engines, and not closed like those other forms of social media – you don’t have to login to view the full content. So to be fully visible on the web you must have a Blog, and your choice of Blogging platform is critical.
So, here once you’ve got WordPress installed, are two links to get you started. From Lifehacker (tag line: Tips and downloads for getting things done) is The Beginner’s Guide to Tricking Out Your WordPress Blog, and from Mark Ghosh’s WeblogToolsCollection Schwag is WordPress for Beginners.
Of course, you must then install the All in One SEO Pack (SEO: search engine optimization) for a properly “executed SEO techniques will bring your website increased exposure, recognition, and will generate free traffic“, and Google XML Sitemaps a plugin that generates a XML-Sitemap of your blog that supports “Ask.com, Google, YAHOO and MSN Search.”
Then it’s just a matter of regularly generating interesting content, and “they will come” … easy. in’it.
[?]
Earlier this week Google acquired reCAPTCHA (16th September 2009).
CAPTCHA tests are those squiggly letters that are displayed when you are buying items online, or accessing some sites. Already more than 100,000 sites use reCAPTCHA, but Google is more likely interested in reCAPTCHAs experience in OCR (Optical Character Recognition) - a process “that converts scanned images into plain text [and] powers large scale text scanning projects like Google Books and Google News Archive Search.” For more on Google’s once again contentious book-scanning programme see this article by Reuters.
Salesforce uses reCAPTCHA, and you may have already experienced it when accessing some Salesforce resources. There’s also a brief introduction to understanding CAPTCHA on the Salesforce developerforce site, some of which is copied from the reCAPTCHA site.
So, what’s all this to do with salesforce leads?
Salesforce allow you to very easily generate the code for capturing lead contact data entered into a web site form. The so called Web2Lead functionality. But there’s a problem with the default code. Essentially your organisation Id is exposed and unscrupulous coders could easily use you Web2Lead details to propagate SPAM (see the Salesforce Ideas entry).
reCAPTCHA to the rescue! As a proof of concept I have created a web page to capture lead details. I’ve extended it to include extra custom fields (e.g. a picklist: prefered method of contact), immediate (a fully configurable) validation of the data entered, and reCAPTCHA to prove your human …
You can test all this functionality on my other site: http://www.bdgreen.it …
Note: The web page also makes use of the another reCAPTCHA function that enable you to obscure (again to prevent SPAMMERS) your contact email address.
[?]
Steve Anderson has provided an excellent, and very accessible YouTube video guide to upgrading the nonprofit salesforce edition:
See my earlier post on this upgrade here
[?]
I’ve been listening to several of Leo’s podcasts over many years now. His TWiT podcast has proven to be essential listening for me at the gym. So when Leo started TWig – This week in Google (and the Cloud) – I new it would be worth downloading.
Take for example This Week In Google 4: Filers vs. Pilers, it’s probably one of the most accessible of the current series. The cast is usual suspects: Leo Laporte, Gina Trapani, Jeff Jarvis and the guest, for this session, Kevin Marks (Google: Open Social, and now BT). It’s talking heads at its best.
Kevin introduces the word phatic, a social scientist term, in relationship to much that is Social Media. According to Kevin, Social Media is “full of social gestures that are like apes grooming each other.” That is, full of expressions that only function to perform a social task, rather than to conveying information.
Other nuggets from TWig#4 are that:
- there is a limit (i.e. accessible by API) of 3200 tweets on Twitter
- Google Wave, is best viewed as tool that will support collaborative editing of a stored document – rather than a new email paradigm (Kevin)
- TWig’s has a friendfeed at http://friendfeed.com/twit-twig
[?]
On Friday 11th September a new release of the Salesforce.com nonprofit starter pack was made available. Steve Andersen, a Solutions Architect at the Salesforce.com Foundation, who helps nonprofits organisations use Salesforce.com, recommends that “everybody upgrades“. The full article can be read on the NPSP Announce (a Google Group) – the article has many links including how to install the nonprofit pack, and release notes. For administrators of the nonprofit pack this Google Group is well worth you joining.
The full release notes for Salesforce.com Winter ’10 can be found here (a pdf document) (note there’s no explicit reference to “nonprofit” in these release notes).
If you haven’t already found it there is a very thorough introduction to the Nonprofit Starter Pack on Salesforce’s Developerforce wiki. In this wiki you will find details on the purpose for the nonprofit pack, some links to descriptions on its functionality, a list of the packs Strength and Weaknesses, some notes on how to deal with Individuals, some notes on installation issues, and a link to Feature Requests and Wishlists. In particular there’s a link to Nonprofit Starter Pack Upgrade Best Practices.
In the first instance you should find out which version of the Nonprofit Starter Pack you already have. There’s an excellent short video by Steve on YouTube just for this.
The developerforce link has the following advise for when you are considering upgrading your version:
- Always back up your data before upgrading packages
- Burn a sandbox of your production database and upgrade the sandbox first, checking for any errors
- Upgrade Contacts and Organizations package first, then Households, then the others
- Spend extra time testing if you have written any Apex code or have Workflow rules to make sure they don’t conflict with package features
- Carefully follow any special instructions provided on the individual package install pages
Now, item 1. should be a given. Your Administrator should be doing at least a Weekly, or Monthly (if you have a very low data volatility), backup. To access this function follow this menu chain:
Setup | Administration Setup | Data Management | Data Export | Export Now or Schedule Export
(Do remember to have, and follow, some well documented good practice for naming, storing, and verifying your backups!)
If you’ve never used a Sandbox (item 2.) they’re well worth exploring – not the least for testing new Applications, for training, and for checking upgrades.
To create a Sandbox follow this menu chain:
Setup | Administration Setup | Data Management | Sandbox | and click New Sandbox
Click on the link and read the Help for this page! Do give your Sandbox some appropriate short name – as Salesforce automatically appends the sandbox name to usernames and email addresses … So if you name your sandbox upgrade, and your login username is user@company.domain, then your login for the upgrade sandbox is user@company.domain.upgrade (but use the same password). You will see a reminder, like Force.com Sandbox: Upgrade, near the top right of your page so that you know your you’re in your Sandbox.
The generation of the Sandbox can take some time – so don’t leave it until the last minute on Friday afternoon to explore Sandboxes! You’ll receive an email from Salesforce advising you of its availability. Do note there is no direct way to replicate any modifications you make in your sandbox in your “live” instance – you’ll have to re-install the App’s, adds those customised fields, redo the workflows, …
Finally, the NPSP – Nonprofit Starter Pack on Google is another valuable site to bookmark. Here you can find a community, supported by Steve, for airing your problems with your instance of the nonprofit pack.
I hope something in the above is of some help to you.
[?]
In the Financial Times of August 28th 2009 there was a page on advertising: “Out of the box.” The centre piece of this article was about advertising using augmented reality (AR).
Apparently augmented reality is one of the latest technologies for capturing your consumers imagination. “It’s about creating buzz …”, says Chris Jenkins of Tribal DDB.
Want to try it?
You’ll need a computer with a webcam, an internet connection, and Adobe Flash 9 or higher. Print off the following document. Go to http://www.ft.com/ar, and show the camera the image on the page you printed off – you should see a three dimensional “augmented” image …
OK, a bit geeky! But, good fun.
[?]
Do you have time for another webinar on Social Media? Then Social Media Magic offer, for that crucial limited time only, a free webinar on Social Media marketing. The webinar is primarily a vehicle for introducing Social Media Magic’s outsourced “strategic, comprehensive social media solutions”, but it does include some relevant advise and strategies, including details on its on-line learning offering.
Essentially, the argument goes that you should expect managing your Social Media profile will take, at the end of your first 12 months, in excess of 32 hours/month. This leaves you with, so Social Media Magic claim, a number of alternatives. Do it yourself, employ somebody to do it for you (with all the inherent risks of them not truly representing your voice), or outsource the task to Social Media Magic …
What caught my interests in their webinar are the Social Media tools covered, and the associated experts selected to present their on-line “University Style” course. This, paid for, course is formed of eight sessions over four weeks. Each session focuses on a specific Social Media tool, and is presented by an respected expert in that area – there’s also a live Q&A component with the expert at the end of each session.
The Social Media tools covered, and experts are:
- Blogs – Denise Wakeman
- Twitter – Warren Whitlock , and Joel Comm
- Facebook – Clara Shih
- LinkedIn – Jason Alba, and Chip Lambert
- Niche sites – Charles Fellingham (founder of QAlias)
- Video/Youtube – Lou Bortone
So that’s your 8 hours on your profile for this week …
[?]
