Tag Archives: Planet Lotus

lotusphere2011

What if Lotusphere used QR Codes for Vendor Bingo?

We all know the game. You get the vendor bingo card in your reg pack with vendor logos on it, you visit the booth’s in the product showcase and get them stamped. You return the completed card which enters you into the drawing for an amazing prize.

What if it were updated for 2011? Vendors get a QR Code printed on a card the size of a post card and attendees scan them with their phone’s qr code reader. The code takes them to a web page that asks for name and email address the transports them to their mobile bingo card. As they collect the codes at each booth visit the page updates. When they get bingo; visit all participating vendor booths, they are automatically entered into the drawing.

The staff; those managing the vendor bingo campaign, can pick the random winner. The winner’s name can be posted through the service. The best part, the attendees have a permanent record of their vendor visits along with their contact information on.their.phones! They can make notes and view the info later after the event.

This is… vendorbingo.com

I am currently looking for interested vendors in taking part in what I believe could generate some buzz in the product showcase floor at Lotusphere and work to drive traffic to the booth.

This idea was way too late to pitch the Lotusphere staff but there is no reason why a handful of vendors can’t get together and experiment with an interactive concept that is just now going mainstream.  The prize will be a top of the line iPad. The cost to vendors is only $125. I am running this as a break even event. If we don’t get enough to cover the cost of the iPad, no one pays.

If you’d like to take it for a test spin, check out the Lotusphere Demo.

If you’re intrested in being a part of this please contact me at vendorbingo@collaborancy.com or booth 337 :)

Please help me spread the word to all vendors that are looking to increase booth traffic!  vendorbingo.com

gothacked

PlanetLotus and the Unexpected Server Rebuild

It all started Wednesday when the dedicated server I have hosting all my websites went down and became totally unreachable. As a rule, if I can’t ping it I automatically log into my account with the hosting provider and request a power cycle (server restart).

And then I got this email, moments later from the Network Violations Team…

Regarding your server:

After a review of your hosting account it appears your Virtual Dedicated Server has been compromised. It appears there was a vulnerable setup.php script in PhpMyAdmin. The server was compromised on at an administrative level on or before 10/06/2010, allowing attackers to upload multiple attack tools. These tools resulted in complaints by our abuse department, once notified our security team immediately disabled the process and removed the attack tools. This server must be re provisioned to avoid further issues.

I actually only read or saw one word… “re provisioned” and didn’t want to believe what it actually meant. So I dropped a dime and called, fuming.

I was that guy, saying everything I could to get them to reconsider, even escalating it, to no avail, all i wanted was a little more time to get some important files before reformatting. They said no… and then an amazing thing happened.

It turns out,  **lack of internal communication saved the day. The server reboot team didn’t’ get the word from the network violations team, so my server was back on and I was pulling down files faster then you can say efilnikufesin.

I waited it out, the second shut down, and took my time  moving all my non-vital domains to a hosted service. My main server goes down a lot. It’s really just me supporting it and is a single source of failure so it goes down or, gets ‘infected’ occasionally. Hardware failures, hacks, stupid mistakes, it happens, a server room I have not.

So the rest of the story, if you’re still reading, (I know Andrew is), the hacker exploited the phpMyAdmin setup.php file. I guess it’s pretty common, and used it to upload a bunch of hacking tools. The network violations team removed all the tools but shut it down and forced a reprovision because they couldn’t be sure they removed them all.

I get it, however the problem I have is, yes, you could say it’s my problem, <rant from a Linux novice> a “zero day” issue but my server has Fedora 8 and every time I update the packages they’re up to date. Even yesterday I tried, everything’s current… the reprovision offering, the “Team” wants me to move to, Fedora 8.  So what is stopping the same person from exploiting the same issue? Only time will tell. </rant from a Linux novice>

Email #2 from the Network Violations Team:

We have included the log files as well as a list of the files that appear to be causing the attack. The vulnerability in the phpMyAdmin script allowed the upload of these files. These vulnerabilities are common in open-source PHP applications and it is strongly recommended that you keep all applications updated and patched with the latest security and application upgrades to prevent this from happening again. <plug>If you need assistance upgrading or patching an application we have a pay-per-use administrative service where we will do this for you.</plug>

In order to resolve the current issue the server must be re-provisioned. I reviewed the issue with several peers and admins and there is no other solution that would work.

FOUND ATTACK TOOLS
<removed just in case it helps some one do evil>

PHPMYADMIN EXPLOITATION

<removed just in case it helps some one do evil>[etc...]

I’ve changed around the IP numbers but you get the drift, update your packages, brush you teeth, eat an apple, blah, blah, blah. Until next hack, thanks for reading.

** There could be a small chance, OK, very small chance that the tech I spoke with let the server reboot slide. If so, the guy made my week, and Thank you, cool tech guy, if you ever come across this! (you never know).

Help Wanted: Planet Lotus is Hiring.

Well, sort of. I have a Lotus Community project that I’d like to get off the ground however, this one I can’t do alone. I’m looking for someone out there that, if they believe in the project; would be willing to put a little elbow grease into its launch and maintenance. This role is all about dedication, thinking outside the box and giving back to the community all in return for some name recognition. Development skills are not necessary.

If you’re interested please drop me a line at yancy@collaborancy.com I have no clue how I’m going to pick from the application pool so impress me. I only ask that you keep the project under wraps until its public launch.

2009 Lotus Blogger of the Year & other awards.

Voting has started for the 2nd annual Planet Lotus Blogger of the Year award. The voting is the same as last year, simply log into PL and vote. You can change your votes as often as you wish. Voting will end at 5pm EST on the Friday before Lotusphere.

Discuss here -> FAQ: 2009 Blogger Awards in the Planet Lotus Forum

UPDATE: Dropping the Project of the Year all together….

OpenNTF.org: Best Open Source Contribution 2010 Lotus Awards

Your blog post comments are being stolen!

Really?

As many of you have seen, a couple days ago I implemented a way to post inline replies or lets call them what they are, comments; on the front page of Planet Lotus. The comments appear right under the blog post itself and any registered member of the forum can make them. This is a half ass effort of mimicking the functionality of Facebook and not an attempt to steal the conversation way from blog posts. Half assed in that a pure ripoff would be ideal; it’s the single best thing, in my opinion, about Facebook, and why I loath twitter.

So, is it stealing the conversation away from the blog post? It certainly could be seen as that, but couldn’t you also group the posts that get sent to http://twitter.com/planetlotus or the Planet Lotus Facebook group in the same way? Go take a look, people have made comments to those posts, but i don’t think those comments are the same as the comments made on the blog post itself. I think the commenter fully understands that it’s not a message to the poster but rather to those deciding weather to read the post. The same could be said for Twitter. The comments or replies made to a post are about the topic in general, the poster, etc. This is the same way I hope the replies on PL are used. A way to comment on the post as it relates to being listed on PL.

If PL has jumped the shark, maybe this is a way to go back in time, to that dreaded day; and tell Fonzie to stay home. You could use this as a way to make a comment without it showing up on the actual persons’ blog post, just a message to other potential readers pondering the click. Think about it, take a hyperbolic title, you could call someone out on it. How about the 18th post saying 8.5.1 is available for download?

In the end, the user will decide. Just like in many other areas of the site, it could die a slow death. It looks like this is the case since I’m the only one using it :) .

Planet Lotus server update

Some good news, however I’ll wait a good month to rule out any DoS suspicions; hopefully it’s just the paranoia.

Thank you for contacting Server Support. I understand your server is down after doing a reboot. After reviewing your server it appears that the servers fan went bad. We have replaced the fan and the server is running as normal.

As a result of this, the process of making things more efficient and up-time will continue to be front and center. Much of this is in the way of growing pains; for example the table that tracks hits was 3.3 million rows; this needs to be addressed over time; I have ideas; all of them will take time to implement. In the short term the de-emphasis of certain hit counters will appear, like job postings, how many hits a job posting receives just isn’t that important. This theme will continue; but never leave the front page posts ;)

Google Sidewiki

Google Sidewiki seems like a nice way to post graffiti like comments on Planet Lotus throughout the day. I’ve gone ahead and posted a note to get things started. If you’re new to sidewiki here is the first article I found on it while looking up the date it was launched; Sept 23rd.

http://www.google.com/sidewiki/

Not sure how I stumbled across this tonight but its odd. All week I’ve been wanting to do something similar to PL after figuring out how to use Twitter OAuth for TwunLog.com, it would be nice to have an ajax like way to post small comments about posts on the PL main page.

So I’m curious, is anyone else using sidewiki?

Fail: IBM My developerWorks Blog

I just received the second request to have a blog from IBM My developerWorks posted to Planet Lotus. The first was from a team inside IBM, this new one is really good, hence this post. The fail comes in the form of the invalid Connections feed. This was a problem in the early days of Connections but was fixed in version 2.0, not sure what is going on there.

Is there anyone out there that can help out?

Feed Validator: http://feedvalidator.org/check.cgi?url=https%3A%2F%2Fwww.ibm.com%2Fdeveloperworks%2Fmydeveloperworks%2Fblogs%2Fowed2notes%2Ffeed%2Fentries%2Fatom

W3C Feed Validation Service: http://validator.w3.org/feed/check.cgi?url=https%3A%2F%2Fwww.ibm.com%2Fdeveloperworks%2Fmydeveloperworks%2Fblogs%2Fowed2notes%2Ffeed%2Fentries%2Fatom

In the mean time check out Michael Kinder‘s blog.


The Lotus Community, how would you organize its resources?

I’ve wanted to do this since Planet Lotus launched, organize all the wonderful resources available out there in the Lotus Community, the projects, websites, conferences, people, companies, products, you name it, everything and anything… Lotus.

Introducing the Planet Lotus Wiki or planetlotus.org/wiki/ or for a couple minutes during install, Lotipedia.

Worse case, this thing goes empty for years, best case, we have a community built and maintained road map to all that is available to those in our field.

To make things insanely straightforward the site is a generic build of MediaWiki, the same wiki software that drives Wikipedia.

Lastly, if anyone out there is looking to make this their baby, and would like elevated rights, let me know.

Lastly II, maybe this could be the first entry… http://www.timtripcony.com/dennis/elenchus.nsf

UPDATE: I will be shortening the url’s used by the site over the next fiew days, making planetlotus.org/wiki/index.php/Tim_Tripcony this…  planetlotus.org/wiki/Tim_Tripcony.

UPDATE II: URL’s have been shortened so planetlotus.org/wiki/Tim_Tripcony will work and all links like it will be permanent.