PingMe Hiccup

2007-08-16 20:00:00 -0400


PingMe experienced a service interruption starting shortly after 5pm EDT on the 16th that interfered with the delivery of outbound pings. The issue affected approximately 60 people whose messages were either delayed or not delivered.

I’d like to report that we were able to identify and resolve the problem and that we have taken steps to protect against this happening again. We’ve also added multiple monitors as an added precaution.

We know that you rely on PingMe for timely and accurate reminders so we take this type of problem very seriously and sincerely apologize for any inconvenience. If you are one of the people affected we will let you know directly, but anyone can feel free to contact us (support at gopingme dot com) with questions or concerns.

Update 08/18/07 – Here is some additional information on the useful new monitors that we’ve added…

  1. A proactive monitor that alerts us of any ping waiting for delivery for more than a few minutes
  2. A reactive monitor that alerts us to any ping who’s delivery was delayed by more than a few minutes
  3. A primary monitor that continuously checks dispatch and receipt services to ensure availability and actively restart if there are problems
  4. A secondary monitor that alerts support if the dispatch service becomes unavailable
  5. A monitor that checks the availability of our web and mail services from multiple remote networks
  6. Daily reporting of delivery time statistics and error reports

PingMe has been live for almost 6 months and this is the first outage of its kind. We’re taking it seriously and working hard to make PingMe the most reliable service possible.


PingMe - feeling the buzz!

2007-08-16 20:00:00 -0400

PingMe - What *should* you be doing?

2007-08-12 20:00:00 -0400


Our goal with PingMe is to help you answer one question: What should you be doing? So we’ve been hard at work on PingMe over the past few months adding frequently requested features and making it even easier to use. We’ve made so many improvements that we wanted to roll them up and let you know about them in one spot.

You can check out the site over here

Contacts

PingMe’s gone social! You can now share Pings with your significant other, friends, or co-workers. Just log into PingMe and hit the Contacts tab to link up with your close friends and family.

Once you are joined up with other PingMe users you can add them to your Pings to coordinate reminders for events or tasks with other people. Shared Pings are just like personal pings except that they show up on everyones Ping list and can be sent to other people’s targets.


Learn more about sharing Pings

-or-

Add contacts to your account (requires login)

Tagging

Some of our frequent PingMe users suggested that it would be great have a way to keep Pings organized and categorized. Now you can – each time you create or update a Ping you can Tag it. Your tags show up on your PingMe screen and clicking on a tag name will filter to only show Pings in that category. People are already using this to organize reminders for birthdays, phone calls, bills, personal events, etc. You can even use Tags to create contextual next action lists, ala Getting Things Done.

Mobile Creation

PingMe has always let you reply to Pings from the system to reschedule them. Now you can also create new pings directly from your mobile while you are away from your computer.

Each PingMe account has a unique “PingMe Address” (you can find this address in your profile screen or in the confirmation email sent by PingMe when you create an account). Lets say your PingMe address is shoes45rockets@gopingme.com. Just add that address to your email or cell phone address book and you can create a new Ping by sending it a message. The general format is


[Time code] [your pingme message] [options]

So send a message like this…


1 day Poker game tonight - don't forget the chips and your bankroll

…and a new ping will be scheduled for tomorrow.


Learn more about creating Pings on the Go

Confirmations

PingMe was originally intended as a simple reminder service. Set up a reminder with a day and time and PingMe drops you a note so you don’t forget whatever needs to be done. If it’s not a good time reply back and reschedule it on-the-fly. Once we send the reminder, we’re done with it unless you reactivate the Ping.

Yet, some enterprising users have started to use PingMe as a more traditional to do list (something about the the sticky pad look and feel make people feel right at home storing general tasks). So we’ve added a new option to Pings when they are created called “require confirmation”. When you mark a Ping to “require confirmation” it will remain on your PingMe home screen until you actually mark it as Done or reply to a mobile ping with the word done or stop. This lets you track on items other than time sensitive reminders.


Learn more about creating Task Pings

New Time Codes

Time codes are a core part of PingMe’s mobile feature. While they may seem daunting at first, our time codes let you quickly interact with PingMe from moblile devices, even if they have limited keypads.

In the past all PingMe time codes were relative. So “1 day” in actual time would mean tomorrow at the same time. Now we’ve added whole new set of mobile time codes that let you specify exact times. The format for these new time codes is reversed, so you might say “day 20” if you wanted to move a ping to the 20th day of the current month, or “hour 10pm” if you wanted to reschedule a ping for 10 pm tonight.

Best of all these time codes can now be chained together, so you could easily say “2 days hour 9am” to mean “two days from now at 9 o’clock AM”. Or, in PingMe shorthand just key “2d h9a” into your mobile phone – much easier.

Check our help page for more detailed information about time codes.

Fresh Look

If you haven’t logged into PingMe for a while you’re in for a treat. The old interface was a little bit “blah”, so we’ve gave the site an overhaul. We hope you’ll find the new look is quicker to navigate and easier on the eyes.

Don’t worry though, we kept the sticky pad interface…

Come see for yourself

Digging Out of the Spam Trap

Unfortunately it looks like our server was “located” on the internet near a bunch of other systems that were sending spam. Their bad spam karma spilled over onto us and some popular email services, namely Gmail, started marking Pings as spam.

So, we picked up and moved over to a new hosting provider on a fast new server with lots of bandwidth. Now that the new server is up and running the spam problems seem to have abated. We also hope this improves overall reliability and speed of the service.

Request For Comments

We want to hear how you’re using PingMe! Send us an email or, preferably, a link to your blog entry, about how you use PingMe, what you like, and even what you don’t. If we reproduce your story (with your permission, of course) or link to it from our website in the next month we’ll send you a slick PingMe T-Shirt.


Web Access Management Monitoring with Nagios and CkFormLogin

2006-09-10 20:00:00 -0400


There is no question that Access Management systems provide a host of benefits to the users and maintainers of web applications in large-scale environments. Yet, adding an access management system can also introduce a set of new potential points of failure. Even though infrastructure may be designed to maximize fault tolerance there is still risk because many security “eggs” are now in one basket. Systematic failure of any single component (LDAP directory, Virtual Directory, Access / Policy Server, web/application server plug-in, application integration code, etc.) can render applications unusable. As a result, system monitoring is often one of the most critical considerations in an Access Management deployment.

Thankfully, there are a number of network monitoring solutions that are capable of automatically monitoring applications and issuing notifications when a service become unavailable. We particularly like the open source Nagios system because it’s easily extensible, feature rich, and low cost. In order to make it more useful in the context of Access Management deployments we’ve developed a Nagios plug-in called CkFormLogin that monitors every point in the simple form login process common to most Access Management systems:

  1. Initial request for a protected website URL – CkFormLogin verifies that the initial request receives a redirect to the login page.
  2. Login page availability – CkFormLogin follows the redirect and performs a content check on the login page to ensure that it is accessible and no errors are returned.
  3. Authentication – After login page verification CkFormLogin issues an HTTP Post request with the username, password, or any other credentials to a configurable authentication URL. This step tests the functionality of a web server plug-in like a WebGate, Web Agent, or Policy Agent and implicitly verifies the availability and functionality of any policy/access servers, LDAP directories and other supporting infrastructure components.
  4. Content check – Assuming that authentication has succeeded CkFormLogin will follow the redirect back to the requested page and execute a custom content check on the page. By checking for the presence of some personalized text, or other identity specific data, the plug-in assures that application components have properly recognized and authorized the test user at runtime.
In short, this process provides a high level of assurance that secure/protected sites, and all of their externalized security dependencies, are actually available and functional to end-users. If any step in the login, authentication or authorization process fails the plug-in will return an error and the appropriate support staff can be notified by Nagios based on its configurable notification rules. When used in conjunction with other Nagios plug-ins for TCP/IP socket connections, LDAP, and HTTP services it can even help to pinpoint the root cause of a failure before a support technician even starts to troubleshoot.

The plug-in itself was written to validate the form login features of Oracle COREid Access Manager, but should also work with the usual suspects (Siteminder, Sun Access Manager, custom form based authentication) without significant modification. Its simple to install, requiring only Nagios, Perl and a few CPAN libraries. Like Nagios, CkFormLogin is released as open source software under the GNU Public License. Feel free to check it out.


Migrating 3rd Party LDAP Code from .NET 1.1 to 2.0

2006-09-06 20:00:00 -0400


As part of a large Identity & Access Management project we’ve beenmigrating a number of LDAP dependent systems from running under ASP.NET 1.1 to the 2.0 framework. The upgrade process has been remarkably painless, with the notable exception of a small but significant “breaking” change to authentication with System.DirectoryServices. In .NET 1.1 it is perfectly acceptable to issue an LDAP simple bind with code like this:

DirectoryEntry entry = new DirectoryEntry("LDAP://ldap.somecompany.com:389/");
entry.Username = "cn=Directory Manager";
entry.Password = "bigsecret";
/*...use entry for searching, etc, here...*/

However, execution of this code will fail under the .NET 2.0 framework unless it is modified to explicitly set the DirectoryEntry’s AuthenticationType property, because the class constructor no longer defaults the propertyto None. Here is what new 2.0 code should look like:

DirectoryEntry entry = new DirectoryEntry("LDAP://ldap.somecompany.com:389/");
entry.Username = "cn=Directory Manager";
entry.Password = "bigsecret";
<strong>entry.AuthenticationType = AuthenticationTypes.None;</strong>
/*...use entry for searching, etc, here...*/

Overall, its an easy fix, but finding every use of an authenticated DirectoryEntry in code can be tricky…