This comes to us from an old friend who is one of the best linux admins I have ever met. Very smart guy, his analysis of the typical flash game model is right on and a little entertaining to read:
Oh dear, this looks like work.
Maybe I should have an alternate title, “ADT sucks donkeys.” I dropped about $800 on Simplisafe to see if their security system works as well as the reviews seem to indicate. The problem with Simplisafe is that their SEO is SO good, you don’t know if you are finding real info or one of their marketing tribe schlepping the same crap. If you google Simplisafe, all of the search results are the product of Simplisafe paving the internet with yellow bricks to their house. I will build my own independent review free of any Simplisafe shackles. Their hardware is here, I think the worst they can do to me is turn off my cell and refuse to give me service. If I can make it to the 8th google page of results for a simplisafe search I will consider my effort worthwhile. It may be a warning sign that Simplisafe started working search results so hard, or could be a symptom of winning a battle with an established ADT presence. I don’t know.
Overall the concept is neat. The founder of Simplisafe decides ADT sucks and starts a new company. I agree, we use ADT at work and fight with them every time we need something done. I had to drive to the ADT office to demand service in person twice, despite paying gobs of money as a company vs private individual. The contracts are horrible and ADT doesn’t appreciate you redlining the contract and sending it back like you would for any normal business transaction.
ADT likes to ask you to indemnify them from key tasks like failing to provide security monitoring services. If you haven’t dealt with indemnification clauses, ADT wants you the customer to provide legal consul on their behalf in case you need to sue them for failing to do their job. So if you sue ADT, you already signed a contract saying you will pay for ADTs legal defense against you. Twisted eh? Read your cell phone bill, an iTunes EULA and you will be welcomed into a whole new world of dishonorable conduct.
ADT sales people LIE. I’ll say it again. ADT sales people LIE. We tried to get them to put a lot on paper. They either refused or delayed. Over and over. Many of the promises made never materialized. We asked for a document saying they would cover 3 false alarms per year. They did not. We asked for a document saying they would do a free install if we changed locations. They did not. I don’t remember the other questions we had for them but I’m sure I have plenty stored away in email.
If I understand correctly, these are franchise type deals, so any ADT contractor could be a bad apple out of their control. A few google searches will show you one of two things. Buyer beware doesn’t mean anything to consumers anymore in litigious society or ADT really just has problems as shown by a B+ BBB rating and many losses in court. I have a feeling there are a mix of the two because consumers do suck at reading the contracts they agree to. My main issue with ADT is cost.
On ADT’s side, once you get the service set up, all the bugs worked out, all the extra over the top money paid, it works ok. We don’t have false alarms often anymore. The interface to program users sucks, is outdated and shows the company would be dead if a computer company. But it works. We get calls when the power goes out at the office and when someone can’t remember their code and walks in. After we had the service for a few years and worked out the kinks I would say ADT is good but too expensive for a low tech low cost service. I would not ever want to go through the initial woes with ADT again. They are almost as bad as ip5280 for phones.
If simplisafe can get me out from under the thumb of ADT in my new home, and puts the installation/placement decisions on my shoulders I think that is cool. I know I can set the hardware out in a reasonable pattern with logical choke points, flood risks etc. As long as they can provide the monitoring without fail, I can keep the false positives to an absolute minimum. Their hardware needs to work near the level of ADT hardware.
My Simplisafe box arrived today. There are 25 components and I have very little time to install. Maybe this weekend I can begin. For now I’ll just look at it and wonder how much trouble I signed up for. I started to read the Simplisafe terms and conditions, I’ll hit that a few times and let you know if there are any red flags. Right now the return policy looks great so we can go back to ADT if we need to.
Well we are out at the Four Seasons hotel waiting for the MMS to start. Got registered today, the swag was ok. Nice laptop bag compared to normal, a pen, notebook, not much else. I have to give the little lady some raver light to wear at the party on Thursday. The sessions tonight looked lame, I’ll start up the real ones tomorrow. Here is my first test with the latest version of Photosynth, haven’t touched it much since an early version in 2007:
I decided to document the scramble for BAAs here at my company. In short anyone outside of an ISP has to give you a BAA if they handle your PHI. Today we will start with Mozy because I know they will do a BAA. Keep in mind we have until about Sept to be done. I’ll note the time spent on the phone so far with each.
Latisys – Done, BAA in hand
Latisys provides me with two Tier three datacenters and services from unmanaged to managed. They are very easy to work with on a BAA.
Mozy- contacted, 20m
2/18/2013 Chat to support today reveals a need to talk to an account manager at 877-669-9776. After 2*5 minute phone calls, some tacky foreign hold music and a voicemail prompt, I still don’t know anything. I suggested that they automate the BAA process on the support forum and documented the idea that they will be responsible for BAA/HIPAA/HITECH. If you need it, there is a post from last night. Google it.
Google Apps for Business – Assertively Denied BAA and any allusion to HIPAA compliance- 35m
2/18/2013 877-355-5787. You will need to have your customer pin ready on the Google apps console under support. I talked to a nice support guy, explained that my company requires a BAA by Sept 2013. On hold, better hold music than Mozy. After 30ish minutes on hold, the tech support guy explained that it took a while to track down the correct answer.
My paid google apps support rep said google has not ever provided a BAA, guarantee of HIPAA compliance, intent or representation of service to HIPAA compliant materials. It was funny that he kept spelling out H I P P A, H I P A, H I P A A. The guy was very nice about it, sounded like he was reading from the notes he just took for the last 30 minutes. I repeated the idea that we will have to move away from Google apps if they cannot provide a BAA. He said sorry about that but I was correct, we will need to move by the deadline. He repeated a few ideas, google has not ever claimed to be HIPAA compliant, and they will not issue a BAA.
There is a lot of misinformation out there about what google will do for you. Notice that it does not come from Google. Mostly fanbois. My attorney and I suspected this would be the case.
Logmein –
Q9 – Done, documentation in hand for Canadian PHIPA
Q9 is a bear to negotiate with, they are incredibly expensive as well. But they get the job done.
http://pwnedlist.com/ This site will look your email address up and compare it to a list of known hacked accounts. You can ask it to keep on scanning for free on a personal account. This company teamed up with lastpass to do nightly scans.
Lastpass for passwords! Nobody should remember or write down passwords these days.
Separate email accounts – Build an email account for “account management” No spam, no personal email, etc. Just resetting passwords. make sure that password is darn strong on your email account. I recommend MS Outlook.com or Google with the google authenticator.
WordPress- Bulletproof Security, WP Security – Both have similar approaches. If you run wordpress, you should spend a weekend getting to know each.
Don’t forget your hosts file from mvps.org when you install windows 8. This currently blocks commercials in hulu, most ads etc.
http://windows.microsoft.com/en-US/windows-8/iso
Or google it yourself, “windows 8 consumer preview ISO” and go grab it. You need to start getting ready for the upgrade now if you are like me. I’m just adding the link because people keep asking me.
Cornell developed their spider program a while ago. You can search for anything on a machine using regular expressions with this tool. It takes a bloody long time to search an entire hard drive so hopefully you have the user locked down to write access in My docs or the equal on linux/osx. This tool has to run as administrator or a service on newer versions of windows so plan accordingly when automating.
I use this to search for HIPAA data and credit cards. Works pretty well, I write the log file out to a server over an IPsec encrypted tunnel. Download and enjoy:
They deposited it straight into my bank account. Well it is nice to get something back, it won’t cover the costs of running this page for years but it helps.
Macs are great machines if you are a rich trendy person who was so brilliantly targeted by Steve Jobs. Not so good for normal people trying to keep up with the Joneses. Also not good for business at all. This list is just a reminder for myself when people are complaining as to why we protect HIPAA/PHIPA data with a capable OS’ like Windows and Red Hat. I know they all want bling and brainless packages to install. We tend to either install on windows with our own customizations and compile our own packages and automate with RHEL. We use exciting security technologies with certificates, ipsec, dnssec, selinux etc. We do our best to comply with fips-140-2, FISMA, USGCB and other standards that require tools that aren’t available or mature on apple products.
Laptops:
| capable of: | dell/win | dell/rhel | macbook pro |
| dock | yes | yes | no |
| built in aircard | yes | yes | no |
| lojack | yes | yes | no |
| intel AMT | yes | yes | no |
| gps tracking | yes | yes | no |
| antitheft 3.0 | yes | yes | no |
| remote wipe | yes | yes | no |
| 4 monitor support | yes | yes | no |
| intel vPro | yes | yes | no |
| FIPS-140-2 encryption | yes | yes | few |
| FIPS-140-2 authentication | yes | yes | no |
| Timely security patches | yes | yes | no |
That’s a few minutes of thought, I’ll add more as time goes on. Mac is a lot more expensive for quite a few reasons. Up front cost is very expensive. You need a developer to do all the custom security and networking work in a business setting.
Refresh on a Mac is a lot faster than a PC especially now that the hardware is soldered on to the motherboard of a Mac. Good luck upgrading the RAM on a fleet of macbook pros, you will have to buy new ones before your renewal and replacement cycle is done. Or you will have workers without the resources they need to do their job.
Enterprise tools just aren’t out there for mac. Typical users think they know computers because they get along with their home machine just fine. Automation and centralized tools are the name of the game in business. Mature products don’t exist hence the need for a full time developer. At my old job most of the mac staff were developers. We worked closely with Michael Bartosh and had him in house for long periods of time to build the tools that came with windows or were easy to deploy in red hat.
Apple’s HIPAA email address goes to a black hole. Nobody on my team has gotten a response from them on any email we have sent. At my last job we did, but they called Mike down the hall who was already in our building and he laughed about Apple not having any HIPAA support or intention to build it.
Apple is downright horrible when it comes to security. They buried their heads in the sand as a defense against malware and finally last week corrected some statements on their web page about threats against mac. Java patches come out in a few weeks for windows and linux, they take 6 months for mac.
Apple is driven by rabid fanboys like a wacky fringe religion on a recruiting spree. They troll all forums and magazine comments to offer wisdom like OSX doesn’t get spyware. Then the goalposts move to trojan horses aren’t viruses. Now the goalposts move again to Apple people are richer and better targets and other wacky explanations as to why they get attacked like every other OS. The defensive tone is always flooding public forums. The ratio of fanboy posts to market share is way off. If people actually read my webpage I’m sure I’d get comments here.
The main lessons in security are finally being realized by apple. They decided to start checking for updates every day vs every week and automatically install now. I constantly find apple machines who haven’t patched lately if ever. They hate the popup. They did come up with the brilliant idea that if a component like java hasn’t been used in X amount of time it will disable itself. I do like that one a lot.
Apple makes an idiot proof anti multitasking environment perfect for home users. It does a great job in this audience. It is absolutely not built for business use and is not cost effective. I suppose if a company has money to burn or make money with a hip image it makes sense in certain public facing areas. But it is a tool with a very limited job.
I do like apple products the design is brilliant and I would use one at home for basic surfing if given one free. The walled garden ecosystem is very nice for novice users and consumers who aren’t interested in learning what a computer does. I can’t say I’m a mac hater at all. I just hate users forcing their will on business by abusing positions of power vs using logic to make sound decisions.
Many people came here to flame me for citing a lack of agent on Spiceworks. Apparently they saw the light 4 years later. It has finally matured into a really good little product. Still not quite enterprise material but if you have a small business full of mac/win machines it is THE best free tool for the job. Check out their new video.