PingMe - What *should* you be doing?

2007-08-12 20:00:00 -0400

Our goal with PingMe is to help you answer one question: What should you be doing? So we’ve been hard at work on PingMe over the past few months adding frequently requested features and making it even easier to use. We’ve made so many improvements that we wanted to roll them up and let you know about them in one spot.

You can check out the site over here

Contacts

PingMe’s gone social! You can now share Pings with your significant other, friends, or co-workers. Just log into PingMe and hit the Contacts tab to link up with your close friends and family.

Once you are joined up with other PingMe users you can add them to your Pings to coordinate reminders for events or tasks with other people. Shared Pings are just like personal pings except that they show up on everyones Ping list and can be sent to other people’s targets.


Learn more about sharing Pings

-or-

Add contacts to your account (requires login)

Tagging

Some of our frequent PingMe users suggested that it would be great have a way to keep Pings organized and categorized. Now you can – each time you create or update a Ping you can Tag it. Your tags show up on your PingMe screen and clicking on a tag name will filter to only show Pings in that category. People are already using this to organize reminders for birthdays, phone calls, bills, personal events, etc. You can even use Tags to create contextual next action lists, ala Getting Things Done.

Mobile Creation

PingMe has always let you reply to Pings from the system to reschedule them. Now you can also create new pings directly from your mobile while you are away from your computer.

Each PingMe account has a unique “PingMe Address” (you can find this address in your profile screen or in the confirmation email sent by PingMe when you create an account). Lets say your PingMe address is shoes45rockets@gopingme.com. Just add that address to your email or cell phone address book and you can create a new Ping by sending it a message. The general format is

[Time code] [your pingme message] [options]

So send a message like this…

1 day Poker game tonight - don't forget the chips and your bankroll

…and a new ping will be scheduled for tomorrow.


Learn more about creating Pings on the Go

Confirmations

PingMe was originally intended as a simple reminder service. Set up a reminder with a day and time and PingMe drops you a note so you don’t forget whatever needs to be done. If it’s not a good time reply back and reschedule it on-the-fly. Once we send the reminder, we’re done with it unless you reactivate the Ping.

Yet, some enterprising users have started to use PingMe as a more traditional to do list (something about the the sticky pad look and feel make people feel right at home storing general tasks). So we’ve added a new option to Pings when they are created called “require confirmation”. When you mark a Ping to “require confirmation” it will remain on your PingMe home screen until you actually mark it as Done or reply to a mobile ping with the word done or stop. This lets you track on items other than time sensitive reminders.


Learn more about creating Task Pings

New Time Codes

Time codes are a core part of PingMe’s mobile feature. While they may seem daunting at first, our time codes let you quickly interact with PingMe from moblile devices, even if they have limited keypads.

In the past all PingMe time codes were relative. So “1 day” in actual time would mean tomorrow at the same time. Now we’ve added whole new set of mobile time codes that let you specify exact times. The format for these new time codes is reversed, so you might say “day 20” if you wanted to move a ping to the 20th day of the current month, or “hour 10pm” if you wanted to reschedule a ping for 10 pm tonight.

Best of all these time codes can now be chained together, so you could easily say “2 days hour 9am” to mean “two days from now at 9 o’clock AM”. Or, in PingMe shorthand just key “2d h9a” into your mobile phone – much easier.

Check our help page for more detailed information about time codes.

Fresh Look

If you haven’t logged into PingMe for a while you’re in for a treat. The old interface was a little bit “blah”, so we’ve gave the site an overhaul. We hope you’ll find the new look is quicker to navigate and easier on the eyes.

Don’t worry though, we kept the sticky pad interface…

Come see for yourself

Digging Out of the Spam Trap

Unfortunately it looks like our server was “located” on the internet near a bunch of other systems that were sending spam. Their bad spam karma spilled over onto us and some popular email services, namely Gmail, started marking Pings as spam.

So, we picked up and moved over to a new hosting provider on a fast new server with lots of bandwidth. Now that the new server is up and running the spam problems seem to have abated. We also hope this improves overall reliability and speed of the service.

Request For Comments

We want to hear how you’re using PingMe! Send us an email or, preferably, a link to your blog entry, about how you use PingMe, what you like, and even what you don’t. If we reproduce your story (with your permission, of course) or link to it from our website in the next month we’ll send you a slick PingMe T-Shirt.

Web Access Management Monitoring with Nagios and CkFormLogin

2006-09-10 20:00:00 -0400

There is no question that Access Management systems provide a host of benefits to the users and maintainers of web applications in large-scale environments. Yet, adding an access management system can also introduce a set of new potential points of failure. Even though infrastructure may be designed to maximize fault tolerance there is still risk because many security “eggs” are now in one basket. Systematic failure of any single component (LDAP directory, Virtual Directory, Access / Policy Server, web/application server plug-in, application integration code, etc.) can render applications unusable. As a result, system monitoring is often one of the most critical considerations in an Access Management deployment.

Thankfully, there are a number of network monitoring solutions that are capable of automatically monitoring applications and issuing notifications when a service become unavailable. We particularly like the open source Nagios system because it’s easily extensible, feature rich, and low cost. In order to make it more useful in the context of Access Management deployments we’ve developed a Nagios plug-in called CkFormLogin that monitors every point in the simple form login process common to most Access Management systems:

  1. Initial request for a protected website URL – CkFormLogin verifies that the initial request receives a redirect to the login page.
  2. Login page availability – CkFormLogin follows the redirect and performs a content check on the login page to ensure that it is accessible and no errors are returned.
  3. Authentication – After login page verification CkFormLogin issues an HTTP Post request with the username, password, or any other credentials to a configurable authentication URL. This step tests the functionality of a web server plug-in like a WebGate, Web Agent, or Policy Agent and implicitly verifies the availability and functionality of any policy/access servers, LDAP directories and other supporting infrastructure components.
  4. Content check – Assuming that authentication has succeeded CkFormLogin will follow the redirect back to the requested page and execute a custom content check on the page. By checking for the presence of some personalized text, or other identity specific data, the plug-in assures that application components have properly recognized and authorized the test user at runtime.

In short, this process provides a high level of assurance that secure/protected sites, and all of their externalized security dependencies, are actually available and functional to end-users. If any step in the login, authentication or authorization process fails the plug-in will return an error and the appropriate support staff can be notified by Nagios based on its configurable notification rules. When used in conjunction with other Nagios plug-ins for TCP/IP socket connections, LDAP, and HTTP services it can even help to pinpoint the root cause of a failure before a support technician even starts to troubleshoot.

The plug-in itself was written to validate the form login features of Oracle COREid Access Manager, but should also work with the usual suspects (Siteminder, Sun Access Manager, custom form based authentication) without significant modification. Its simple to install, requiring only Nagios, Perl and a few CPAN libraries. Like Nagios, CkFormLogin is released as open source software under the GNU Public License. Feel free to check it out.

Migrating 3rd Party LDAP Code from .NET 1.1 to 2.0

2006-09-06 20:00:00 -0400


As part of a large Identity & Access Management project we’ve beenmigrating a number of LDAP dependent systems from running under ASP.NET 1.1 to the 2.0 framework. The upgrade process has been remarkably painless, with the notable exception of a small but significant “breaking” change to authentication with System.DirectoryServices. In .NET 1.1 it is perfectly acceptable to issue an LDAP simple bind with code like this:

DirectoryEntry entry = new DirectoryEntry("LDAP://ldap.somecompany.com:389/");
entry.Username = "cn=Directory Manager";
entry.Password = "bigsecret";
/*...use entry for searching, etc, here...*/

However, execution of this code will fail under the .NET 2.0 framework unless it is modified to explicitly set the DirectoryEntry’s AuthenticationType property, because the class constructor no longer defaults the propertyto None. Here is what new 2.0 code should look like:

DirectoryEntry entry = new DirectoryEntry("LDAP://ldap.somecompany.com:389/");
entry.Username = "cn=Directory Manager";
entry.Password = "bigsecret";
<strong>entry.AuthenticationType = AuthenticationTypes.None;</strong>
/*...use entry for searching, etc, here...*/

Overall, its an easy fix, but finding every use of an authenticated DirectoryEntry in code can be tricky…


simAXS in Network World

2006-08-30 20:00:00 -0400


Nothing beats reading positive coverage of your company’s product. That’s why it’s so exciting to see that Dave Kearns, one of the most respected authors and columnists in the Identity Management space, has mentioned simAXS in his most recent NetworkWorld Identity Management Newsletter. From the article, Dave says that simAXS is “very useful” and that:

Anyone who has ever tried to develop a product that needs to be able to integrate with one (or more) of a number of different [Access Management] products will understand the problem this solves

It’s great to see that the pain-point simAXS is designed to address really does create a value proposition that’s recognized by the experts.


Clean LDIF exports with ADAM

2006-08-28 20:00:00 -0400


Microsoft ADAM provides a nice LDIF export tool, roughly equivalent to ldapsearch, called ldifde. However, the ADAM directory itself tracks a number of internal attributes that will cause a subsequent import of a generated LDIF to fail. In order to get a “clean” export, you need to selectively omit, via the -o command line flag, those operational attributes that you’re not interested in exporting (line breaks inserted for readability):


ldifde -f c:\people.ldif
-d "ou=people,dc=xyz,dc=com"
-s localhost
-t 389
-r "(objectclass=*)"
-o "whenCreated,whenChanged,uSNCreated,
uSNChanged,name,objectGUID,badPwdCount,
badPasswordTime,pwdLastSet,objectSid,objectCategory,
dSCorePropagationData,lastLogonTimestamp,
distinguishedName,instanceType,lockoutTime"

The output generated by the command can now be cleanly imported into another ldap directory, or into a separate ADAM instance using a simple import:


ldifde -i -f c:\people.ldif -s localhost -t 389