Friday, June 07, 2019

Web Safety by WebSafely - Be Warned and Stay Away!

I sadly got a phone call from a friend who had recently been fleeced out of over $1000 in a "your PC is broken but we can fix it" scam.  Please heed this as an official warning.

Stay away from anything related to "Web Safety by WebSecurely".  They prey on unsuspecting computer users and convince them that their systems are infected and only they can save their systems.  In fact, this is nothing more than a years old scam.

They also have somehow hacked into many servers and will try to get you to install browser extensions (so far Chrome seems to be the most loved target).  If you see a screen like this:


Do not install the Browser Extension (also called "Browser Helper Object" or BHO).

The company itself is not real.  If you examine the image above, you will see that Web-Safety by is offered by a website called  Clicking on that link yields a 520 error.

If you do install it, it changes your default search engine from Google to Yahoo (not implicating either of these entities in the accusations). It is very likely that these are spoofed.  In time, you will click on a result that results in an apparently frozen computer with a warning message stating you need to call a number to get help.  After agreeing to a charge, they will "fix" you computer.

This is a scam. Do not fall for this.

Thursday, March 28, 2019

Neo4J rocks! Why? Well it's not just about the awesome technology


I received a message from my friend Ryan Boyd (at) neo4j.(ext) (see below).  The message is posted for all to read.

Before I present the contents of his email, I want to stress the importance of a few things I believe are very important to all developers.

1. Not many incumbent software vendors care about start-ups. Neo4J is different. I was part of Neo4J as an observer/fan-boy when they launched and I became aware of their technology stack (circa 2002). I ended up becoming a technology teacher for Neo4J. During these times, there were many critics of GraphDB systems, but many of us saw the light and were happy to have an alternative to the RDBMS systems. Most of the critics stated that the concept was old [sigh), but I digress. Graph DBs are simply awesome. I do not want to be corporate specific as there are many great companies (like TigerGraph and AgensGraph/BitNine), that have embraced and expanded upon the ideas of graph databases coupled with advanced data models. Specifically, BitNine, has introduced a mixed-model DB, a technology that could address the shortcomings of pure GraphDBs; and

2. When the first analysts started naming the non-relational/SQL industry as "NoSQL", I saw the inherent flaws in that acronym. NoSQL means "Not Only SQL" (SQL meaning "standardized query language'). In a previous post (2012 - link:, I expressed a concern that the logic of stating (x 'may include' y) but (x may alternatively 'dis-include’ y) was essentially meaningless since it did not actually did not negate anything. It's like me state "the dinner I cooked for you MAY have white pepper but it may also MAY NOT HAVE white pepper".  Are there really any other alternatives? As Homer said ... "D'oh!!!"

Neo4J did not let this affect them as they knew they were on to something much grander! Of course, their idea of a graph database was far before the social networks where it is obvious that (friend -> hasFriend) is an essential component of every graph (trust me that it gets a lot more specific than this).  Since social networks are so prevalent in every system, I found Neo4K ahead of its time by major factors; and

3. Neo4J was/is_still a start-up. They never forgot the people who helped them while they were trying to get on the map of IT. This makes the character of Neo4J far greater than other start-ups a.  If you are a new start-up, think about how you can emulate Neo4J’s methodology; and

4. They have invested most of their early revenue (see news release below) back into building a stronger community and helping developers> This builds a stronger eco-system of developers who help each other and a more productive environment to work within. Over the years, I have watched this grow in leaps and bounds!

On the latter note, I must disclose some facts.

- Peter Neubauer, is a friend. He was a co-founder of Neo4J. I have worked in a startup with him and come to love him as a brother-from-a-different-mother. Great guy, very smart and ahead of his time!

- I have met with Emil Eifrem on multiple occasions and have come to admire him, both as a human and as a leader in IT.

- Michael Hunger surprised us all by being the single most responsive Technical Evangelist any company has ever had.  I must juxtapose this to my own previous employment experience at Adobe Systems.  As a Tech-Evangelist, we were expected to answer any developer requests as soon as possible. The actual timeframe was stated as "as soon as you can" and Adobe is a very excellent company when it comes to terms with their developer/designer relationships.

The startling fact was that when Peter N., Matt MacKenzie, Moshe Silverstein and I had an issue with the core Neo4J BD system while building a new idea and we reported it to the Neo4J Dev/issues list. Neo4J would acknowledge the issue (if in fact, it were an issue vs. ourselves failing to read the manual), but Michael would have often fixed it prior to us receiving the email and uploaded it to GitHub. I've never seen a company respond so quickly!

I have never dealt with another company that could address developer issues within a week, nevertheless doing it within a day. Fixing issues within 30 minutes was literally unheard of. NOTE: I do not wish to set any unrealistic developer expectations. YAMMV. Mine was awesome! From what I understand, the same level of commitment still exists.

All of this is why Neo4J is special to me. They care about developers. I know I introduced many of you  (reading this post) to coding and/or Neo4J (source: Google Analytics; personal emails).   The truth is that I now want to express just how special Neo4J is.  Many other companies (whom I will not mention by name), could win big time by understanding why Neo4J is helping developers like myself while incumbent giants see themselves losing market share each year to niche players.

Just my (CAD) $0.016534  worth (today's exchange rate).

Duane Nickull

Appendix "A" - Ryan's Email:

Hi there,

We believe in startups as early innovators and disruptors in their respective industries, so we wanted to make it easier to get access to the powerful features in Neo4j Enterprise. We're super happy to let y'all know that we've dramatically expanded the Neo4j Startup Program.

“I’m always struck by the breadth of disruptive business models built around graph technology. Our Startup Program aims to give back to the startup community and make graph technology available to data infrastructures that thrive on connections and drive innovation. It’s gratifying to see our Startup Program members in action and witness their success.” – Emil Eifrem, CEO and Co-Founder of Neo4j

Are you building a product and have <= 50 employees and < $3mm in revenue

You can get Neo4j Enterprise for free, including Causal Clustering and online backup for scale and availability.

But wait, there's more

Qualifying startups also get access to Neo4j Bloom 2 for data discovery and visualization.

Apply today 2 or learn more about the Startup Program from my blog post 2.

Best of luck building your applications and businesses!

Saturday, March 16, 2019

Why Using Facebook's OAuth functionality Might not be Wise

I've worked in the tech industry for 25 years. I’m NEVER going to use Facebook to log in to third-party apps and sites online. You should pay attention to the reasons why.

First - who wants FB to know what else you're doing on the internet? It's none of their business. Don't blame the authors of OAuth (Open Authentication). They have done a great job of making it easier to access the web by not having to set up yet another set of login credentials. OAuth is a good idea. It is the implementation, or more precisely who implements it, that scares me.

I use Google OAuth but may rethink this as well. Luckily, Google (to my knowledge) has never revealed my date to malicious entities.

Facebook has, on the other hand, had numerous beaches with accounts being hacked reaching tens of million accounts.  Facebook’s announcement last fall that a security breach allowed hackers to infiltrate the accounts of at least 50 million users, and possibly tens of millions more. The attackers could have gained access to Facebook and possibly, ipso facto, any other accounts you use OAuth for.  This had been noted in a New York Times article where the author states the true magnitude of the danger.  At the time of the article, neither Facebook nor third-party sites seem to be able to measure the true extent of the breach.

The major concern for me is that tech giants security departments tend not to make their processes and procedures public. Once an attack has occurred, all OAuth tokens of affected accounts should be immediately invalidated.  This would require automation to expedite the response as hackers can automate the attack vectors.  A clever attacker could feed each compromised account into a process that forked several new processes to try accessing other targetted accounts.

Complicating this further, many friends I know have admitted they use the same passwords for multiple systems.  Some change their online banking, eBay and PayPal to higher standards, however many do not.  The belief here is that online banking is an A1 priority target for hackers.  Of course, anyone who has read Mitnick's articles on social hacking knows that Facebook and other social media sites can easily be leveraged by clever hackers.

The takeaway here is to take an inventory of which sites you have relied on OAuth for and with which account, then perform your own security audit.  After digesting the contents of this post, I hope it will illuminate some of the potential risks.

Monday, February 25, 2019

Are you working on 64 bit versions of your native Android Apps?

Google recently made a blog post outlining a new requirement for any Android application written in native code to provide a 64-bit version by August 2019.  The requirement is only for those apps using native code and app developers should note that Kotlin/Java source code will not be affected.

The 64-bit CPUs deliver faster, richer experiences and it is imperative to understand the ramifications of this requirement.  Note that  Google is not making changes to 32-bit support.  Google Play will continue to deliver apps with 32-bit native code to 32-bit devices. The requirement means that those apps will need to have a 64-bit version as well.

There is plenty of prepared documentation on how to check whether your app already supports 64-bit and how to become 64-bit compliant.  Technoracle encourages all app developers to understand the requirements.  Briefly, here is a synopsis.

Starting August 1, 2019:

All new apps and app updates are required to provide 64-bit versions of any 32-bit native code they provide.

Extension: Google Play will continue to accept 32-bit only updates to existing games that use Unity 5.6 or older until August 2021.

Starting August 1, 2021:

Google Play will stop serving apps without 64-bit versions on 64-bit capable devices, meaning they will no longer be available in the Play Store on those devices. This will include games built with Unity 5.6 or older. The requirement does not apply to:

  • APKs or app bundles explicitly targeting Wear OS or Android TV, which are form factors that do not currently support 64-bit code.
  • APKs or app bundles that Google Play won't install on Android 9 Pie or later (support for 64-bit does not need to extend to APKs that are only on Android 8 Oreo and below).

We are here to help.  If you have doubts, please contact us directly.

Tuesday, January 22, 2019

Why Responsive Website Designs Matter

I had previously blogged about my prediction that one day more than 50% of all web traffic would be from "mobile devices".  At the time, I blogged Smartphone adoption marches on, with 44% of mobile phone users owning a smartphone, compared with 18% in 2009, according to Nielsen” (Post link here - )

While this prediction was shared by most analysts, no one at the time had predicted that it could rise to over 85%.  During the process of building a recent website for the Powell Street Salon, I perused the server logs to review how the website was being used. To my surprise, we recorded 86% of all engagements were on phones or tablets in November 2018.

So what is a responsive website and why is it critical to have?  Responsive website templates and layouts adjust dynamically to be viewed on almost any sized screen.  They also adjust their layout based on screen orientation.  The opposite pattern of responsive design was once called "keyhole browsing", a term used to denote the rather unpleasant experiences of trying to view a statically laid out website using a small screen.

Most websites you can find today using Google, Yahoo or Bing will be responsive as all three have been known to elevate search engine rankings higher for a responsive website.  Not using a responsive layout can cost you dearly in terms of potential traffic.

So why else is it so important?

To help people understand the differences, here are some examples.  The first graphic shows the opening layout of the Powell Street Salon website on a normal sized computer screen.

The background graphic is shown fully, the menu and other elements are scaled accurately for the screen size and the site has a very spacious look.  The same website on mobile automatically adjusts, as shown below.

Note the menu has collapsed into the three bar icons and the background photo has been cropped without compromising the integrity of the layout.  The font sizes have been adjusted to be readable on the device and the text flows to a more practical layout.

The anti-pattern of responsive can be quite horrible for any mobile user.  Here is a website I found that does not use a responsive design.  First the normal sized computer screen view.

Note that the page elements are not very well aligned as the HTML and CSS code has not taken into account that computer monitors can range from the archaic 640 X 1080 pixel resolution to newer Ultra HD screens with resolutions of up to 4K.  The real horror comes from the first view on a mobile device.  More than half the content disappears.

When the mobile phone is re-oriented into landscape mode, the trouble continues.

Consider now how your business would be perceived if your website was not responsive.  Using the same ratios as the Powell Street Salon, 86% of all your websites visitors could have been so riled up by a bad website experience they likely would have likely clicked on one of your competitor's websites.

The key takeaway here is that most businesses cannot afford to alienate four out of every five of their potential customers.

If you are not yet using responsive designs, please contact us and we can help.  Packages range in price from $500 and up, complete with hosting and SEO support.