Empire Avenue’s Century Club

Yesterday, my Empire Avenue Stock is at 99.37. I believe the share price will be in 100’s territory. When your share price reaches 100, you are officially admitted into the “Century Club” on Empire Avenue. I think it’s time for me to summarize my experience with Empire Avenue.

I started Empire Avenue about 4 and half months ago. I have heard the game before I started. At that time, I was checking my Klout scores daily, but have heard some negative comments about Klout. I was having hard time to keep my Klout scores going up. I was pretty active on Twitter and thought I should have better scores. I also tried some other social measurement sites and was not happy with the results. When I found EA through searching online, I thought it may be a good idea to give it a try. How bad could it hurt?

So initially I considered EA as a way of measuring my social activities. As I said, I was pretty active on Twitter at the time and was much less active on Facebook, LinkedIn, and Google +. My stock price went up quickly at beginning just like many other newbies, because my Twitter account looked decent. After the initial drive, my stock stopped growing and there are some days you could see negative. I was totally lost about what happened. Worse, I got sold by some, which drove my stock further south.

I felt panic, just as I had experienced with Klout before. Although I stayed active on Twitter, it didn’t help much on my stock sliding trend. That’s when I decided to add all my social accounts. I added Foursquare, Youtube, LinkedIn, and Flickr. When Google+ was made available, I immediately added it. Also I started this blog at that time. Adding these accounts boosted my social engagement and participation on all different channels. My stock started grow again.

I started asking questions about EA and joined some Facebook groups and EA communities. I started Pinterest about this time. The engagement on Facebook caught attentions of EA vets. I was then invited to join Dom’s Picks and EAs Chat, organized by Des Daughter Diethylstilbestrol and Jeroen van Zelst. These groups help me opening up more interactions with Facebook friends. I also learned a lot about Facebook and EA. Two important lessons I learned are (1) how to select and complete EA missions more responsibly; and (2) how to make new friends in EA and Facebook. By helping others in EA and Facebook, I gained trust from people who I never knew before.

I created my first missions to celebrate Mother’s Day in US (May 10th) by giving 2000 eaves away to anyone. A lot of positive feedback came in. This taught me a lesson, most people are decent and we should trust them to reward good gestures and good will. I then set up a goal to help people’s missions with good cause.

I have to tell you this, on my birthday (May 19th), I replaced my profile photo on all my social channels with the same clean and latest picture. I believe this had also helped a lot in building my social presence. If you can’t choose a photo to show yourself consistently across all your social profiles, how can people trust you?

At this important day of my EA life, I would like to thank the following people for their continuous support.

Des Daughter Diethylstilbestrol
Barry Gumm
Wayne Hurlbert
Jeroen van Zelst
Kamal Bennani
Mary E Haight
Meetu Singhal
Gerrit Bes
Gaye Crispin
Susan Davis Cushing
Kimberly Reynolds
Janet Callaway
AriadnasFantasy Embroidery
Dina J Lindquist
Tina Monod
Amy Lynn
Dubie Bacino
Debra Pearlstein
Liz Strauss

PS. As I was writing this blog, I received Century Club achievement badge.



Why I don’t follow you?

I normally would follow back to people as a general rule, because I believe I could contribute to the content of the Internet. Based on this belief, I consider the more people follow me, the bigger an audience I can reach. The following set of tweeps I normally do not follow.

– You have hundreds even thousands of followers, but you have only a few tweets. This clearly tells me your followers are fake ones and I don’t care how you get them to follow you.

– You don’t have a profile or bio. I don’t know your purpose to use Twitter.

– Your only tweets are promoting your own business and they don’t contribute to the community.

– Early you followed me and I followed back, but later I found you unfollowed me. In that case, I would immediately unfollow.you. I think this is the basic mutual respect. If you don’t like my tweets, let me know. 

– Your only purpose is sex. 

– Your taste is low, or like to use bad language. 

The Security experts I follow on Twitter

My primary interests are cloud, social media, and security. Anything related to information, web, data, and computer security would attract my attentions. So I spent a lot of time to try to find what security experts research on and are interested in. So I compiled my own list of security experts. I watch their tweets daily and learn what they blog and talk about. It is a public list and you are free to follow (@fangfeng88/security). Here is the top 30 in the list (format is “name | @handle: blog site | job”):

Bruce Schneier | @schneierblog: http://wwwschneier.com/blog | the Chief Security Technology Officer of BT.

Graham Cluley | @gcluley: http://nakedsecurity.sophos.com/ | Senior Technology Consultant at Sophos

Mikko Hypponen | @mikko: http://mikko.hypponen.com/ | F-Secure Chief Research Officer

Eugene Kaspersky | @e_kaspersky: http://eugene.kaspersky.com/ | Chairman and CEO, Kaspersky Lab;

Luis Corrons | @Luis_Corrons: http://libertariansecurity.wordpress.com/ PandaLabs Technical Director –  Spokesperson

Christien Rioux | @dildog: http://www.sourceconference.com/ | Chief Scientist & Co-founder of Veracode

Kevin Mitnick | @kevinmitnick: http://www.mitnicksecurity.com/ | CEO, Mitnick Security Consulting LLC

Sean-Paul Correll | @lithium: http://pandalabs.pandasecurity.com/ | Threat Researcher at Panda Security and Founder of Malware Database.

Dave Marcus | @davemarcus: http://www.davemarcus.com/ Director of security research at McAfee Labs

E J Hilbert | @ejhilbert: http://www.kroll.com/solutions/cyber-security-information-assurance/ | Managing Director at Kroll Cyber Security and Information Assurance

Stewart Room | @StewartRoom: http://www.stewartroom.com/ | London-based lawyer practising in privacy, data protection and data security law.

Josh Corman | @joshcorman: http://blog.cognitivedissidents.com/ | Co-Founder of Rugged Software

Mike Dahn | @mikd: http://chaordicmind.com/ | Director of Threat and Vulnerability Management at PricewaterhouseCoopers

Aaron Portnoy | @aaronportnoy: http://dvlabs.tippingpoint.com/team/aportnoy | Manager of the Security Research Team at TippingPoint Technologies

Rafal Los | @Wh1t3Rabbit: http://hp.com/go/white-rabbit | Chief Security Evangelist at HP Software

Bill Brenner | @billbrenner70: http://www.csoonline.com/ | Managing Editor at CSOonline and CSO magazine, part of CXO Media and IDG Enterprise

Richard Bejtlich | @taosecurity: http://taosecurity.blogspot.com/ | Chief security office at Mandiant

Gene Kim | @realgenekim: http://www.realgenekim.me/ | Founder and former CTO of Tripwire, Inc

Alex Hutton | @alexhutton: http://newschoolsecurity.com/ | Director of Operational Risk at Verizon

Anton Chuvakin | @anton_chuvakin: http://www.chuvakin.org/  | Research Director at Gartner

Adam Ely | @adamely: http://www.adamely.com/ | CISO of Heroku at Salesforc.com

Brian Krebs | @briankrebs: http://krebsonsecurity.com/ | computer, internet security journalist

Christofer Hoff | @beaker: http://www.rationalsurvivability.com/blog/ | Chief Security Office at Juniper

George Hulme | @georegvhulme: http://www.linkedin.com/in/georgehulme  | Business & Technology Journalist

Martin McKeay | @mckeay: http://www.mckeay.net/ | Security Evangelist at Akamai

Eric Jacksch | @EricJacksch: http://jacksch.com/ | Ottawa-based security professional

Dan Mintz | @technogeezer: http://www.ourownlittlecorner.com/ | Chief Operating Officer at Powertek Corporation

Nick Shelby | @nselby: http://nickselby.com/ | CEO and co-founder of Cambridge Infosec Associates, Inc

Kenneth Smith | @ken5m1th: http://www.linkedin.com/in/1ksmith | Senior information security solution architect, GreenPages Technology Solutions

Thomas Wilhelm | @thomas_wilhelm: http://hackingdojo.com/ | the “Hacker Junkie”

Dave Lewis | @gattaca: http://www.liquidmatrix.org/blog/ | | security practitioner

I listed the top 30 names, but the Twitter list “security” contains more than 200 names, many of them are well-known security experts.

Gregory D Evans: the Hacker

Gregory D Evans is famous. He had appeared on TV shows, University platforms, security conferences keynote speakers. He’s an example of a soul coming back from the dark side. According to his own web site,

He reminds me of Skywalker from Star Wars. I kept comparing him with Anakin, the young Skywalker. Without a doubt, both Evans and Skywalker were extremely talented. At young age, they were able to master high difficult skills in their own fields.

Anakin became the best of Jedis though he was trained relatively late. He fought hard with his masters against the dark force, and won the love and blessing of Padame Amidala. However, gradually he became more and more obsessed with hatred and revenge, personal feelings overcame the duty as a Jedi. This was taken advantaged by Supreme Chancellor Palpatine, eventually became his tool to take down the Jedi temple and completely fell to the dark side, and transformed into Darth Vader.

Gregory started his hacking career since 7th grader. He broke into the school system to change fellow students’ grades for money. He stole money from banks, millions of dollars. He was self-claimed “World’s No. 1 hacker”, had been arrested and convicted felon by the FBI and law enforcement. It’s reported that he was charged to owe millions for his felony. He was also accused of plagiarism, fraud and unethical practices in the security industry. Many don’t believe he is who he claimed to be.

He had turned around since and now helps FBI to try to catch the bad guys, to educate public about cyber threats, and to give speeches about importance of cyber security. He’s the founder and CEO of security firm LIGATT, http://www.hitechcrimesolutions.com/.

Whether he is like what he was accused or not, it can be investigated and discussed. I don’t want to be judgemental here. What I want to say is that even you had been convicted in the past, you are still welcome to be on the right side of the fight. Your hacking knowledge may be invaluable. Continuously doing unethical hacking for personal gain will likely be considered as a threat to national security. Although you may say I am not a bad guy, real bad guys or even nation sponsored terrorists could advantage of the murky water to cause real damage or massive loss of life, like 911 type of attack.

Now is a critical time for security experts to form a strong alliance with former and current hackers who’s willing to participate in a constructive dialog, to create a strong defense to protect the nation and the Internet. Otherwise, we may really lose the war against cyber terrorists and hostile nations.

A picture is worth a thousand words

Yesterday, the keypad garage door opener stopped working. It’s apparent that the battery ran out. I tried to open it to replace the battery. The model of the garage door opener is Genie Intellicode wireless keypad opener. When the keypad cover was slid up, one can see the battery is in the compartment below the keypad.

How should I open the compartment? Do I have to ply somewhere to open it up? Do I have to take the entire unit down?

A Google search found several links. From Genie site, I found this link. If you search “replace battery”, you would find an answer without clear instructions, and there are no pictures given. So you don’t know whether that’s what you are looking for, and the instructions are not linked (“click here to..” didn’t give any hyperlink.).

eHow gave some instructions at here. I was grateful, but was stuck at step 2. What did they mean by “indentation”? If they gave an image like the following and say press the indentation at the red circle, it’s much easier to understand and there would be no confusions.

Once the cover is opened, it’s a no -brainer.

I don’t understand why sometimes people don’t take a little more effort to illustrate the procedure. This could save a lot of time for customers. I fully understand now “a picture is worth a thousand words.”

I am also document the process here, because I may forget this myself.

Twitter chats

Last night and tonight, I participated in two different Twitter chats, #pinchat and #blogchat. I  have gained a lot more yesterday than today. The main reason, too many people tonight.

Twitter chats are a very good way to learn some tools for doing social business and I had a lot of fun by chatting with total strangers. Soon enough, strangers become friends. When  there are not that many people in the chat, you can catch up easily and have time to retweet and reply to others. On the other hand, if there are many people, the tweets are running too fast. It’s almost impossible to follow. When you tried to reply or retweet, the entry quickly scroll down a screen or two.

After the chat, I went to http://hashtracking.com to get the statistics for this the chat hashtag #blogchat. It showed 1500 tweets. One can see, within 1 hour, at least 1300 tweets were posted, average less than 3 seconds per tweet. For a slow reader like me, it’s  like running 1500 meter with pros. I had to give up about half way.


Convenience in Customer Support

Today I was trying to run “yum update” on one of my RedHat 5 lab system when I saw the following exception appeared,

up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate failed verification.

I searched and found some solutions on RedHat support site. When I accessed the links, I was asked to login. Since I had never registered at the site, I decided to be a good citizen to register. After I went through their long Sign-Up procedure (15 fields) , I submitted the form, and I was thrown back to the same sign-up form without any error or warning. All the filled values are blanked out. I was really pissed off.

I am working in the customer support and understand how customers are frustrated when they have a problem. We would not only try to provide solutions into their hands such that they could resolve their issues quickly. So all of our answers and technical notes are open to public to view. They are also searchable on search engines, like Google, Bing, etc.

For high quality technical support, all your contents are created for your customers to read. I don’t see any reason someone has to register and log in to be able to read them. I understand you may want to have some statistics. If you are still using this login mechanism to count site visits, you are really way behind technology. I can understand some controls to be applied when downloading files from your site, because there are regulations that you have to follow.

I want to bring another point. Even you want your customer to login, you should seriously consider using widely used single sign-on solutions like OpenID, Facebook, Google, Twitter, etc. These are really easy to implement and customers will appreciate that.