Tuesday, August 12, 2008

Effect of Gas Prices on Emergency Notification

Gas prices are affecting everything. From the obvious, like the decrease in sales of SUVs and the increased charges for deliveries, to the not-so-obvious, like the increase of the cost of milk and the resurgence of the locally-grown-produce trend. One of the not-so-obvious affects is on emergency notification, business continuity and disaster recovery.

Gas prices affect where people live and how they work. People bought large houses in the exurbs during the 1990s because gas was cheap and it was easy to get to work. People got used to commuting 15 miles in a large SUV. Since many of these cars get 10 miles to the gallon, that meant people were paying for 3 gallons of gas a day. At $2.50/gallon, that's $7.50, or roughly the cost of taking the BART from Oakland to San Francisco. Or the cost of commuting from New Jersey to New York along the Erie Lackawanna train system. Or maybe double the cost of taking any large city's metro system from the 'burbs.

Even with a small difference in price, people will often opt for using their car. It's just a lot easier than riding the bus or light-rail. I take the bus sometimes. I have an incredibly easy route, just one bus to take and it stops within a block on both sides. Still, if it's raining or snowing or really cold, I'll drive because it's better than waiting for the bus in the rain. So, at $7.50/day for driving and maybe $3.50/day for metro service, it's easy to justify the extra $4.

Fast forward to 2008, where gas is $4/gallon, and now you're looking at $12/day. At that point, it makes sense to look for either alternative transportation or increasing the amount of time you work from home. Either way, you're spending more of your day outside the office.

The purpose of emergency notification is to contact the responsible parties during an emergency, wherever they are, whatever time it is. Any notification that relies on your employees being in the office is bound to fail. This is only exacerbated by the new trends towards mass transportation and increased telecommuting. The ability to respond to those emergencies, even if it's just to escalate the alert, from whatever mobile device you are currently using, is critical.

My product, Reliable Response Notification, addresses this problem. By supporting many device types, and multiple devices per person, your monitoring, ticketing and security systems are able to reach your employees on the bus, in their car, at home, at the local coffee shop, wherever. Store-and-forward technologies, like email and SMS, allow the employees to answer at his or her convenience. They don't have to miss the bus to take the call, they can get on the bus and read the message when it suits them. Escalation allows the system to adapt to times when an employee is simply unavailable, whether that's in a tunnel on the BART or because they're on a bike and can't hear the ring.

Thursday, March 27, 2008

My Ideal Hosting Environment

Before I even start, let me say that I haven't found the perfect hosting company, but eApps comes pretty darn close. They hit all the big points, and only miss a few smaller "nice to haves". This is why I promote them to all my consulting clients and use them exclusively for hosting Reliable Response Notification.

#1 - Reliability
This is more than the server not crashing. I've been on hosting companies that switch around the file system structure without telling me. Since RRN uses a few absolute paths in the config file, moving these paths have negative affects. I've also had hosting companies simply switch off Tomcat, or exceed the allotted maintenance windows, or change IP address. I need to know that my hosting company won't break my app on me.

eApps does require you go through some hoops to get everything working reliably. You need to set Apache directives through the control panel...just editing files is a no-no. I got caught by this. But, they patiently explained how and why it works, so I'm on board.

Also, I don't mind being on a shared server, but there needs to be some protection against the other customers. I've been a bad shared customer at times, too. I had a nasty bug where Yahoo IM access would occasionally drive CPU utilization to 100%. Some hosting companies happily allow you to continue driving CPU up. Others will stop your app and boot you off the server. A good hosting company simply reduces the CPU cycles you have available.

#2 Support -
I *HATE* when someone tells me "I rebooted it and it works now". I need to know why it failed, so I can avoid that in the future. Customer support isn't about answering emails. It's about populating those emails with useful information. Phone support is nice, too. Online chat doesn't work well for me.

#3 Features -
Virtuozzo/OpenVZ is a wonderful thing. I suppose Xen and VMWare are, too. Most of my apps don't require an expensive hosted server. OpenVZ gives me the ability to purchase a small, cheap server that acts like a dedicated OS. Plus, it can dynamically scale, restrict resource usage, and migrate between physical servers.

Linux has a lot of good software for it. Some of that should be available to the hosted server. MySQL, PostgreSQL, Tomcat, Apache, PHP, curl/wget, Nagios, and some web stats package. If you don't support those, then at least allow us to use the standard package installers, yum, apt or whatever, to install them. Failing that, then, we should be able to install from source.

#4 Scalability
With most hosting plans, you can move up and down plans fairly easily, ie scaling vertically. eApps takes it to an extreme. You can move up and down, most of the time without stopping your application. 0 downtime. As well, they support clustering, using excellent hardware load-balancing. This allows you to scale horizontally, by adding new servers. Combine that with their super-cheap, super-flexible OpenVZ servers, and you have one of the most affordable, scalable solutions on the planet.

All in all, I've been very happy with eApps. They have some competition from Amazon, which I imagine will get tougher soon. They also have competition from the classic providers like Verio, GoDaddy and Network Solutions. None of these companies provide the individualized support, attention to your particular app, and general excellence that eApps does.

Friday, February 15, 2008

Privacy in a Twittery World

Reliable Response is in an office building across from the Capital of Colorado. We get a lot of political groups in here. The most excellent Colorado Statesman is downstairs. The Colorado Right to Life group is next door. My favorite is Jim from the Colorado DLC. He and I talk occasionally. He lets me rant, and I help him with technical issues. Coming soon...webcam-based interviews with politicos around the state. Maybe he'll let me rant on camera.

Jim was asking me what I thought about the phone companies eavesdropping on us. Obviously, no one wants their private conversations to be listened to by anyone, especially some low-level government or telecom flunky. As a former low-level flunky, I can attest that we flunkies *love* listening in on internet traffic.

The fact is, to quote Scott McNealy, "Get over it. You have no privacy." I couldn't agree more. The government can't give it back to you. We can sue whomever we want, but the RBN will always be willing to sell your information to anyone who's willing to throw down a couple bucks for it. Try asking Putin to help...let me know how that turns out.

Anyone who knows me knows that I have worked in security, including a long-ish stint for RSA Security. I believe in encryption. I love it! Mostly because it puts the control over your privacy back in your hands.

To answer questions about telecommunications security, I will always say that counting on the government and the telecommunications companies to keep out of your business is naive at best. There's only one person you should trust. You. Make sure you have the best encryption you can use.

On the other hand, the government can, and should, make it easy for you to do that. To this end, the IETF has released RFC 3711, the Secure Real Time Protocol. This is an extension on top of the most popular VoIP protocol to provide real security. People should start using it. We should demand it's support for all VoIP phones, including Skype!

Reliable Response Notification doesn't use any of these mechanisms. It's a problem we're looking to address. We're publishing some pretty private information. Stuff like IT outages, purchase requests, and internal marketing communications. It keeps me up at night to think that someone might at AOL might be looking at these IMs streaming past. The problem is that the communication methods people use simply don't support these encryption standards. Even support for PGP, an encryption standard that was old 10 years ago, has seen so little uptake as to be considered effectively dead. This is a problem.

The government can help. Richard Clark's cybersecurity efforts are a start. The government should lead, promote and market security solutions. But, it should never make them mandatory. When there's critical mass, people will use them. I hope one day, people will tell me that they won't purchase Notification without built-in security.