Secure Your Presence

The web is a system where establishing yourself requires you to worry about all manners of data issues. You must consider and address data security. Greedy goblins will try to find ways to access your most secure information online. You must consider consistency in your data. When you change a value or write a post, who is to say that your data will be stored exactly as you set it or wrote it? And what about other users, should they be allowed to modify existing data? You must consider the general access of your information. If a user wants to view a post or you want to update an existing page, how can you be certain that they or you will get the information when needed?   These are all addressed in the data security concept of C-I-A triad or confidentiality, integrity, and availability. Depending on the tools you use, implementing these concepts can be easier.

Amazon Web Services(AWS) advise their best practices in their security document going over system design, user management, data protection, and damage mitigation. There are four areas of concern AWS aims to address. These include accidental information disclosure, data integrity compromise, accidental deletion and general availability. These can be prevented by using strategies such as permissions, encryption, data integrity checks, backups, and versioning.  

AWS suggests different levels of key sharing and permissions depending on the level of operation. Simply for infrastructure, the responsibility falls solely onto the developer. They are in full control of what is developed, operations and who gains control. In a container or developed database service, the server mostly handles the key security. It gives permissions based on user identity or responsibility. For a service that is abstracted, most permissions are handled by the server and service itself leaving most of the configuration away from the developer and possible error. AWS also suggests ways to protect data confidentiality that pertains to internal data and data transfer. For internal data, it is recommended to utilize encryption for the data such as Microsoft EFS, BitLocker, SafeNet ProtectV, Linux dm-crypt or TrueCrypt. It protects data further than normal permission access and you can also integrate these keys with management facilities. For data in transit, there are also a variety of tools that can be used to ensure data is secure. But the main idea again is to encrypt the data before transit. AWS recommends establishing virtual private networks(VPNs) and utilize Secure Sockets Layer(SSL)/Transport Layer Security(TLS) administration and be sure to know where the data transits and routes between hubs and nodes.  They also suggest using private IPSec connections if available and currently established services if they can be used. For even more confidentiality at the software level, AWS suggests managing security groups, define isolated networks, using Network Access Control Lists(NACLs), host firewalls per instance, create a protection layer to force traffic through a filter and access control in the programs and services themselves. For example, a user wants to look at a file or site that they have read permission access to. They are authorized by the system from the database by their credentials and their connection is not blacklisted therefore they are given the encrypted data and a key. The data is decrypted, and the user now has the file.  

Integrity compromises is an issue in which the magnitude can be catastrophic. However, there are ways to ensure that integrity is secure in our systems. AWS suggests, such that in confidentiality, to use permissions which reduces the risk of compromises or deletions. There is also versioning that has a ‘snapshot’ of ever change an object has had in its lifetime which can allow the object to be restored to a previous state. Another concept that is used is Backups which do also help with availability in some services. Backups ensure that if data or logs are lost on one system, another system can come and restore the discrepancies. Lastly, just as discussed in confidentiality, encryption can not only protect against unauthorized priers, it can ensure the data that is sent and stored to be exactly replicated and complete upon request. Continuing from the same theoretical user from before, let say they have no permission to write into the database. They want to save a new file under a different name and delete the previous file. The user passes on their credentials and their connections are not blacklisted. However, the server cannot authenticate their permissions and the requests are bricked. In another theoretical, let us say the user does have write permissions and the request was passed. Later, the administrator notices this in the logs and requires that the file needs to be restored as the user deleted important information. The administrator can either version back to the previous state of the file if it was saved under the same name, which in this situation was not the case, or the administrator can restore a previous backup. Thanks, administrator!

For availability, AWS recommends duplicating data to multiple servers and regions. The user can select which regions the data is available to users. This structure provides a producer to control where the content can be viewed and can protect data in case one of these servers has a catastrophic event where the data would be expunged. This separation of data in regions also can provide customization options tailored to those in those regions. Some critical information in one region may not want to be observed or be widely known in another. AWS recommends usage of their proprietary services such as Amazon S3 and Amazon Dynamo DB for these purposes. AWS also states to be aware of the integrity of data as for some services, there is no protection of deletion or integrity compromises as there is no backlog or backups in some systems. They also recommend dispersing the data between regions as opposed to duplicate to the same region as most systems can survive outages but cannot survive heavy catastrophic disasters. In fringe cases, DoS/DDoS attacks can remove availability from a location. AWS suggests a shield service, such as CloudFront, in which a secondary infrastructure would absorb the brunt of the attack.  The user is trying to access the webpage but mean ol’ jokey jester over here is just barraging a single server with his malice. The user can be deferred to another server or the server can deflect the attacks to different endpoints. The user in the end still gets to view the data he requires. Likewise, if the server burns down and a user wants to view his not existent data, his data exists in another server the same as how he left it in his previous session.

Now that wasn’t so hard! Was it? There are many tools out there to handle these functions and integrate nicely with most applications. You should not worry about C-I-A too much, but it is a priority and is fundamental for any individual or organization. Remember to just be careful what you put on the web.

Image: https://www.eldoradoinsurance.com/wp-content/uploads/2019/03/hiring-security-guards.jpg

Google + Blog = Knowledge

The first thing about this particular blog post is to teach anyone how to set up google analytics for any website.

You first got to have a google account and any would do. Then you go to this link: https://analytics.google.com/ and you start filling out what you want account name and website profile to be called. The most important thing is to make sure to associate the right domain name. For example, mine is charlespelton.cikeys.com as you can tell from the web address above. And that is all you need to do to see and analyze traffic.

For a WordPress blog, it might be better to have an additional layer of data analysis. Most websites also require javascript tracking code. You can download a variety of plugins to do both of these tasks. I personally have chosen Analytify. At this point you associate your google account to the plugin. The next thing that needs to be done is to configure which website profile to use. If you only have the single domain name then there should be a single profile name. Lastly, ensure that you allow the plugin to add in the tracking code so it is all taken care for you.

So why should you allow google analytics or any other traffic analysis system to monitor your website? The answer can be simple. You may need it to see which pages are most effective or successful in driving viewers. You can also use it to find the pages that keep the users on the longest. That way you can adapt new pages to the tastes of the userbase.

You may also want to get more people into the website. You can see which buttons they press to see the flow of their traversal and experience. That way a better website infrastructure can be developed. You can also see which social media they come from as well as what keywords were typed into google to reach your website.

There are many more things you can do with web analytics but you should read more about it to make sure it is the right choice for you. I’m sure it is and you will not be disappointed after integrating it into your website!

Image: Freepik.com

Linkedin Integration

I would like to inform everyone of how to connect your Linkedin to your WordPress.

It is a very important to interconnect your media together.

Unlike the WP to Twitter integration, this integration is far more simpler. All you need to do is download and add the plugin “WP Linkedin Auto Publish”. Once downloaded, you need to connect the plugin to Linkedin. To perform this task, all that is needed is a login. At this point, you should be able to share on Linkedin when you post.

All of this is absolutely free of cost. I hope this short post was helpful to you in integrating LinkedIn.

Digital Minimalism

Striving for Digital Minimalism: Why We Need a Human-Centric Approach to Technology by Casey Chalk

Intentionality or the deliberate purpose is framed here for technology as a consideration to dispose of the technology if the purpose does not outweigh the detrimental effects. I for one completely agree on the author here. They poise the situation like how the Amish asks themselves, “Is this new technology going to bolster our life together, as a community, or is it somehow going to tear it down?” And this something that people need to ask internally if the material works well for them.

However, I disagree about the concept that “using apps just because they claim to provide convenience or connectivity”. I personally believe that these technological advances are more beneficial then harmful as market forces dictate that these apps and devices survive for long periods of time. Even though I personally don’t find myself on social media until recently, I still have little reason to utilize the technology but that doesn’t mean other people have those needs. Other people on the Maslow Hierarchy of needs are fulfilling those belonging wants for better or worse. Looking at it from the perspective outside in, these people seem to be doing more harm then good to themselves with this technology because we are looking at it from a traditional lens of social interaction. What if this is the future of social interaction?

Alone time is not touched much and turns into the idea about staying away from your device to do real world social interactions. The idea of alone time to me is about internal inflection and analysis. Its time to take to compile yourself together and reflect about the actions that have been done in the past and prepare for the future. Usually this does mean putting down the device.

Leisure to me, in opposition to Newport’s definition, is a reason to enjoy something. After all, something that might not be fun to me would be fun to you. Maybe working your job would be fun and brings satisfaction. Maybe even being on your phone, doing some task, is how you enjoy your time. Leisure is anything you find enjoyable and not just “activities that serve no other purpose than the satisfaction that the activity itself generates”. There can be multiple other side effects doing a leisure activity could do such as expand your knowledge, expand your productivity or increase your wealth. Reasons and applied experiences is what differentiates an activity from being detrimental to an activity being productive or that being just fun. Or even an activity that could apply all three!

Image: https://unsplash.com/images/things/book

WordPress to Twitter Integration

Rhiannan Ruef’s post guided me in the right direction. So check out: http://rhiannan-ruef.cikeys.com/comp-347-response/integrating-wordpress-and-twitter/ when you get the chance.

When I first tried to integrate Twitter to WordPress, I went to this link provided https://en.support.wordpress.com/twitter/ . And there was this clause,

“To enable Publicize, on the My Sites → Sharing page click the Connect button by the Twitter option. You’ll be taken to Twitter where you’ll be asked to approve the connection between your WordPress.com blog and your Twitter account. Click Allow. “

What? My Sites? I am on my site. Sharing page? I guess I’m sharing my blog. There is no Connect nor blue bird.

I don’t know about everyone else but I’m using CIkeys as my domain hosting for this WordPress Blog. So I go back there to see if there was any options to enable it there.

Guess what? No.

I saw nothing on the main page. I went into apps but nothing. BUT THEN I saw it – wordpress.org/support/ – under my user and admin links. If those automatically ensure I have credentials, this link might also hold the same power!

It didn’t. *Sigh* Installatron.

So I scoured the comp347 slack to see if anyone had finished such of a task. Lo and behold there was the holy grail. “WP to Twitter”

There is a plugin! A plugin that works.

So lets get started with the rundown on what you need to do to get your WordPress integrated to Twitter.

The first thing to do is to make a twitter account if you have not already. Likewise you also need a WordPress from a service that can host it. This includes any content management system and this includes WordPress themselves!

Next is the very important part and that is to go here: https://developer.twitter.com/en/apply-for-access.html and get a developer account approved. DO NOT DELAY. It can take a day or two to get access to the twitter API for the data and credentials that you need if you are crunched on time.

After you apply, now you wait and play some solitaire. But after they approve your developer account you download the plugin “WP to Twitter” through the dashboard menu -> plugins -> add new. You will need to activate via dashboard menu -> plugins-> installed plugins it after downloading it. And when you activate it, it will appear at the bottom of your dashboard.

Now click on WP to Twitter on your dashboard. There is instructions on what to do from there. Good luck!

You can also customize the automated posts or manually put your own touch on each post before publishing after you set up the plugin. You got this!

Image: Thumbnail from https://www.youtube.com/watch?v=BNRRvJxn_-s by Gem Webb

1

Check out Andrzej Kozlowski’s Film 1 Here: themovie1.com/

The film “1” is an interesting story enacted with no spoken dialog whatsoever. However, the actors communicate via gestures and body language. It is not like old silent films where cards come on-screen telling what someone says or does and Charlie Chaplin dances. This film attempts to tell an experience by slowly feeding the audience small amounts of context as the film progresses. As these small contextual pieces come together, all the pieces form a full picture to which the deeper meaning behind it becomes up to interpretation by the one who watches.

This film has many parallels about life hidden in its actor’s gestures and nuances in its scenes. In one example, there is a scene where a guy has five minutes of screen time just pensively thinking. There are many ways to interpret this scene. From how the film was until this point, I thought it had an allusion to relaxation and reflection. I applaud the film for presenting this scene in a way where it not only works but also creates an idea. There are many more scenes to talk about but it would be better if you were to watch the film yourself.

This film is packed full of small nuances, great cast, awesome sound design and a good plot. If there was ever a chance in your life to watch this film. Do it! You won’t regret it. You may pick up things from their communication that I couldn’t, find a different conclusion or an entirely different interpretation of the plot that I didn’t come up with. That is the power of this film; to make you think.

Image: By Jakub Kapusnak

Blog 1 – OC&S Assignment “Dying of Despair”

Dying of Despair by Aaron Kheriaty

Dying of Despair, it is quite an impactful headline but what does it mean? Aaron Kheriaty addresses in his article, Dying of Despair, the epidemic of suicide and depression. He puts forth the conclusion that the rising cases of suicide, drug abuse and depression are from social fragmentation.

Overall, people are getting more lonely out in the world and are dying of despair. He finds that people who practice virtues or attend social gatherings such that predominately found in religion are much less likely to commit suicide. People who attend religious services are five times less likely to commit suicide. It is the people’s sense of community, belonging or worth that prevents negative introspection.

What is most shocking about this is the revelation that life expectancy is going down in the United States due to this twenty to forty percent increase in loneliness or the lack of social interactions. People feel hopeless and powerless in their lives and it should not be okay to perpetually exist in such a state.

Another interesting factor of the increase in suicide is the desensitization of suicides due to how the social media handles those stories. The author describes the “Papageno effect” where people find alternatives to suicide. In the case of Valentina Maureira, people were only interested in her suicidal threats and not her change of heart. If people find that the only thing people do is suicide when in despair, then what else do they conclude about the options around them?

But the most inspiring thing out of this article is the notion that one person’s influence can ultimately save and prevent the suicide of another’s life. Just a simple acknowledgement of another person’s life can make all the difference in them. Likewise, a negative demeanor to another person can drive them to despair. A friend who commits suicide is likely to increase the suicide chance for those up to three social connections away. We all have to do a part to lift others up from hopelessness. And if not for yourself then for others.

If anything is to take from this article; its the concept that altruism is the savior of our society. And we should all practice altruism more often to fight against this mass infection of loneliness and hopelessness.

I do hope that all of you that read this blog have a wonderful day! I thank you for joining me on the summation and my introspection of the article.

Image: Automat by Edward Hopper