BBC: New social network aimed at improving education (IBM Connections)

by with One Comment IBM Connections

This is terrific – a BBC Click article discussing how IBM is help local education institutions to evaluate the use of social platforms and analytics to assist students to learn:

IT company IBM and Brockenhurst College in the UK have created a private social network to help give staff a better understanding of their students and tailor lessons to them.

Students can use the system to find out more information about their course, watch videos and chat with others at a sister college in China.

The network can also monitor social media – with consent – to see if students might be underperforming or struggling.

The solution features IBM Connections.

Check the BBC article to view a short overview video (hopefully available worldwide), those in the UK can watch the full programme.

Identity

Establishing and maintaining a social identity: four to follow, four to avoid!

by IBMSocial Business

Here are my four standards for creating and maintaining a positive identity or brand online…

 

  • Be yourself.
  • Be original.
  • Be authentic.
  • Demonstrate integrity.

That’s not in any way meant to suggest that I get it right all the time – I realise my weaknesses and mistakes. However I do have this list on the wall in my office and regularly glance at it to evaluate if I’m holding true to my values.

Here are four opposing behaviours that I consider to break my standards above…

  • Telling others what to share.
  • Sharing verbatim a list of pre-written content that someone else has supplied.
  • Subscribing to services that automate delivery of others’ content to your social channels.
  • Solely sharing content that reflects your employer’s marketing brand.

If you’re doing one or more of the above, please consider whether it reflects well on your own personal identity or that of the brand you or your company wish to promote.

I firmly believe that in the long run, repeatedly demonstrating these behaviours will harm rather than enhancing the success of your efforts.

MS Office & Dropbox

Dropbox announces mobile Office app support

by with No Comment Apps

We’ve partnered with Microsoft Office to help you do more on your phone or tablet. Now you can edit Office files from the Dropbox app and access your Dropbox directly from the Word, Excel, and PowerPoint apps for iPhone and iPad.

When you’re inside the Office apps, sign in to your Dropbox account to:

  • Edit Office files from the Dropbox mobile app and sync changes across devices.

  • Access Dropbox files from the new Office apps and save new files to Dropbox.

  • Share Dropbox links from Office when you’ve finished making changes.

This is significant and I think shows the way ahead for a lot of the Social Business mobile apps out there.  Being able to access all our documents whilst on the mobile is important, but being able to edit them using native full-fidelity apps and to return the new version for colleagues to see immediately is a real step forward.

I’m seeing an increasing number of users using iPads as their primary device whilst at work and especially whilst travelling – it’s not such edge-cases like Federico Viticci that have switched to tablets full-time.  It is functionality such as Microsoft and Dropbox are delivering that will help close the productivity gap between tablets and desktops once and for all.

Use and Adoption of IBM Connections – State of the Market 4Q2014

by with No Comment Misc

Michael Sampson has just published the results of this year’s IBM Connections usage survey: Michael Sampson

A couple of months ago I kicked off a global survey on the use and adoption of IBM Connections. The survey garnered 58 valid responses, and the results are finally available.

They are really fascinating results and statistics, and it’s going to take a while to digest them!

You can download the report directly from Michael’s site.

 

IBM FileNet (CCM) and soccnx

by with No Comment IBM Connections

Last 2 days (13 & 14 November) the most important User Group for the IBM Connections world has been held in Stockholm in Sweden called “Social Connections”. I attended this event and it was a perfectly organized event once again ! On this event I meet several people who have asked me the following question,

Can I easily change the place where are my files get stored by IBM Connections.

What the questioner’s mean with this question is the so called shared data drive within IBM Connections.
The Answer to this question is YES. But the documentation isn’t really completely clear about it. For all the basic applications being delivered with IBM Connections it can be quite easily be solved and that’s by just renaming the directory and then update the WebSphere variables which where pointing to the old directory (there are lots so closely look you get them all !). and you should be finished for the basic IBM Connections applications.

For CCM (Connections Content Manager) its a bit different. CCM is based on IBM FileNet and the storage path of FileNet is actually being configured within FileNet itself. Within IBM FileNet you have a configuration item called “FileNet P8 domains” within the CCM implementation this domain is called “ICDomain”. So we have to go to the ACCE console (Administration Console for Content Platform Engine) you can access this console on the address https://<FQHN>/acce and you have to login with your connections admin user ID. With this admin application you have to click on the “ICDomain” and the Click on the category “Object Stores” and the click the IBM Connections specific called objectstore called “ICObjectStore”. It will open an extra TAB now with all the configuration items for the ObjectStore which is specific for IBM Connections. Within the configuartion of the ObjectStore click on the category “Administrative” and then “”Storage Areas”. Here you have a configuration item called “Root directory path” which points to the directory which is the root for the IBM Connections ObjectStore. Change that property value to the new directory where you want to store the data and stop and start the FileNet environment. Now you should be able to download your old documents again from your libraries within IBM Connections.

Please let me know if this was of any value for you as reader.

 

Stop sending me attachments! Part 3: but how?

by with No Comment IBM Connections

So after exploring the reasons why users still send e-mail (part 1) and trying to analyse the reasons why people have not changed their ways and how products have not helped the people either (part 2). In this third and last part of the essay present six idea’s to fix the fact that people don’t just change easily. The ideas explored are technology driven idea’s that will help users to change habits effortlessly.

So where do we go with this?

Let’s innovate to close the gap now…

Finally, it’s time to present the six ideas that I think we need to fix the problem. Let try to close the gap between the future state and the current situation. The gap currently lacking typically in siloed products and inter-vendor integrations. Because let’s be honest there is no such digital space that is “perfect” but we can try and bridge that gap for end-users by iterating now.

Warning: The ideas are described using an end-user perspective. Not worrying about products limits or feature lack. They just describe what we need to close that gap.

Idea 1: Stop sending me attachments…

So the most common task that people do to collaborate is to send each other files. Of course we want them to use Connections Files. But the practical situation is that people don’t change their ways and still use attachments. So instead of trying to change the people, let’s just change the behavior of the mail client to help the end user. Every time a user clicks the “paperclip” to attach a file to a e-mail, the file attachment gets uploaded to Connections Files (or even just pick a file from his personal files). The user does not worry about “rights” to the file, so instead all receivers get access to the file automagically.

To make the user experience as seamless as possible we mimic the principle of sending an e-mail  with a file attachment as closely as possible. So this means, if a file is attached, then the file is upload to Connections Files and a link is inserted into the mail instead. All recipients of the mail should automatically have access in editor mode to the attached file (no matter if that’s to, cc or bcc).

If an e-mail is sent outside the company’s boundaries, then the mail client (or infrastructure) will detect that and it should insert a unique link so that receiving users can fetch the file from the Connections Files implementation. By using unique links for each external recipient you can later on even see how picked up the file and who did not. The unique link to the shared file makes so that it can be fetched WITHOUT the need to login. This way to the sending and receiving users its the same as sending an attachment through e-mail.

Dialogue should be kept to an absolute minimum. All files that are attached this way are put in a separate folder, called “Attached Files” or something like that. So users can later see what files they have sent to others, separate from My Files.

Ps. if you think that the Connections Mail plugin actually already did this, you are wrong. It’s broken, a link is inserted, but the “rights” to the file need to be modified manually. So users get frustrated and stop using it 🙁

Idea 2: All incoming e-mails with attachments are converted to “Connections Files”

Any incoming email is automatically analyzed and attachments will be turned into links on the boundary. Files are automatically uploaded to the Connections Files repository. Users that receive the e-mail within the company’s firewall will get an email with links to the Files in the Connections Files repository. Stop sending me attachments remember. All receivers of the me-ail will be owners of the file, since the mail was sent to them, they own the file.

All files are always put in a user folder, called “Attached Files”.

Idea 3: Seamless integration between Office and Links to Documents

Currently if you have links to files in emails most people will launch a word processing client that uses the web http links to fetch the file and open it. This causes a very bad user-experience for the end user. There is no seamless integration between Office and documents stored in Connections Files. The idea is to change the behavior of the workplace. So that if the e-mail client opens a Web link that points to a “file” in the Connections Files repository. It always opens through the “Connections Desktop Connector” seamless for the user. When the users is done he can simply save the file back to the “Storage locations”. The result will be a more seamless experience. This would be a way better experience than through the http Web interface which is scaring people away.

Idea 4: Improved plugin within Notes to Connections Files and CCM

So in the real world of mixed environments we live in, we will have files in e-mail and links in e-mail files. But people want to have order. Add stuff to folders. With CCM (Quickr) and Notes Connections Files Sidebar plugins you can drag and drop files in nested folders. This helps people a lot to organize. They still want to move their files around and order them. Users want to put attachments into folders (Files) or even nested folders (CCM). From the Notes client it should be possible to drag and drop files into folders or CCM folders. AND a links should be left behind in the e-mails (when removing attachments from mail).

So users can find the file that was moved out of the e-mail. And in cases where files are still attached (old school) to e-mail it can seamlessly be moved into the folder, a link is inserted in the mail object, and the attachments are removed from the e-mail object itself. In all scenarios links are inserted, so a user can later read his e-mail and find the file that way (never forget: old habits die hard).

Idea 5: Forwarding e-mail with attachments

When a user forwards a e-mail with attachment(s) then the mail client should simply re-share the file using the Connections API, this way an user can even track the sharing of his file. The true power of sharing is knowing who files are shared with, even when mails are forward outside the IBM platform you could still track the fact that mail is shared. An user can also track the downloads of his file that was sent to external users this way, even have policies disabling the downloads.

Idea 6: Ditch and remove the whole option of attachments from e-mail clients (i.e. Notes)

So the most radical idea is to not “fix” something that is fundamentally broken, the whole idea of attachments is about sending documents around through a communication channel is flawed. At the time of inception there was nothing better around. So way back it made sense to send e-mails with attachment(s). So even though idea #1 fixes the way of sharing a document by putting it in a centralized place we should make users even think more. Remember the title: Stop sending me attachments!

Why not simply remove the option to “send” files or links? Just remove the option. That way people have to think again about how to communicate with others. Finally they might start to consider the sharing of documents by themselves. Put knowledge in a wiki or write up a report as a blog and share it more openly, instead of sending tasks via  e-mail. People just might start using Activities to get their jobs done and communicate tasks with others, instead of dropping an e-mail that needs decoding by the receiver (bad habits die hard).

If the future state is a more holistic view on collaboration platforms, then ESN and e-mail should just melt and become a purposeful platform. You should be able to reply from within an e-mail (on any e-mail client) and the ecosystem should just make sure your “response” is put in the right place (a comment field, a reply to a status update, etc.).

Let’s iterate to the future…

Close the gapSo why this now? The future is bright, but is it not always that bright? Would we want to go forward if the future was bad? So I am a realistic optimist, we need to start to iterate. To take baby steps. It’s not just tools, it is also about people who need to change, too. But that takes time. In the mean time,  it should become easier to collaborate. It should be a goal to break the unnatural boundaries of the current products out in the marketplace (and yes, I dream of looking beyond the “one” supplier). The current boundaries make it hard to see how this will end up.

So let’s make an effort to fix what can be fixed first, and in that try to walk toward the future state where people work effortlessly in a purposeful way and get the things done they need to get done in the most efficient way possible.

Oh, and stop sending me attachments, please!

Stop sending me attachments!! Part 2: the analysis…

by with 4 Comments IBM Connections

So there are many reasons why people have their habits (part 1), not least in the product they use in their daily work life. So in part 2 I will explore the technology angle and look for causes why tools are the way they are and why a seamless integrated platform is harder then it looks.

The idea of seamless and effortless integration of products…

So while this is happening the quasi religious war is being fought. People are searching for purposeful ways to work. Can we make tools that help them to just be more collaborative? Can we make it so that people don’t need to change habits? That culture can adapt to the new ways? Can the tools facilitate the old habits and ways? And at the same time, create a simple cross over to the new and more efficient ways of working?

So let’s start with some simple facts:

  • People do use documents to “solidify” knowledge.
  • Most people live in their email client and send word/excel documents as attachments.
  • Products are NOT integrated well.
  • Adaptors and plugins are just NOT helping enough.
  • People have habits that work for them and habits are hard to change.

Seamless IntegrationIn case of IBM Connections and IBM Notes this is clearly the case. But that’s not unique in the marketplace, by the way! Products have been dealt with by different groups. Notes is a 25 year old product and on the other hand Connections is just 7 years old (ok, the roots of the products can be traced to internal projects, but still). So it’s not weird that the products have their own ways and create their own habits. And believe me e-mail is not dead, not by a long shot. So over time other mail clients appeared in the marketplace, like Gmail, Yahoo Mail, Hotmail and Apple Mail. All in all THE most common way to collaborate is through e-mail and documents. For both within organizations and beyond, it’s simply the least common denominator in most cases. Collaboration based on e-mail has run into many issues over the years and fixed them. The standards lack precision so there are issues between technology implementations. e-Mail is still not secure from end user to end user after 25 years+.  Attachments get bounced because of size. Calendar items are handled differently by everyone. This causes lots of problems in everyday worklife. Who has not dealt with calendar problems, file size issues (it’s just too big) and security worries (viruses and unencrypted mail traffic)?

That said, e-mail is still one of the best use cases of product evolution. Some e-mail clients have added features on top of features for many years now. They have become truly amazing information processing products. Integrated with calendaring, task management and contacts databases.

But lets go back a step. In the last 10 or so years we have seen the arrival of new collaboration solutions that augment e-mail and are “more” social. They create places where people can work on documents online, co-create and share knowledge with others. And yet, these new products do not integrate well (not being by the same father or even the same family). At best “notifications” are sent into the old-and-trusted mailbox of the user. The notifications try to get them to come over to the more collaborative space where they can collaborate on a document. But the products are still siloed, each having their own space. It’s the innovator dilemma happening in real life, since the old products still make money and people are used to them. While the new products have not disrupted the marketplace enough to truly replace e-mail at this point. This causes the situation where their is a multitude of solutions to for users to choose from on how to collaborate.

The e-mail client is changing, hopefully for the better. At least that is what the signs in the marketplace is, Microsoft, Google and IBM are all looking for better ways of doing e-mail. IBM has a project called Mail.Next… Google is working on the next generation Inbox. So everyone in the marketplace is trying to reinvent e-mail. No believe me, the future is upon us. So why worry? All the issues will be fixed in the Cloud Service or Startup Innovation or New App or the Next version of the same product…

Somehow we (=enterprise users) feel left behind. The on-premise customers. Even when there is a product release. We work and slave for another 9-12 months before we can help our end users to make a next step. In reality of our workplace it will take another 2 years before we can reap the benefits of the IBM Mail.Next initiative. And even Google is cautious to just replace their old and trusted Gmail product with the new Inbox, so this innovator of cloud is not moving as fast as you might expect.

So what do we as users want? We want to see evolution in small steps and at a faster pace. While the products are being reinvented, we want to see the the gaps closed now in anticipation of the future convergence of products into “collaboration platforms” that can support purposeful collaboration and do actually integrate seamlessly over product and vendor boundaries.

In the last part I will present ideas that try to innovate and iterate the products and platforms use to get our job done. Ideas that make technology help users to change habits in an effortless way.

Stop sending me attachments!!

by with 5 Comments IBM Connections

Introduction

Picture of Robert van den BreemenBefore I begin, let’s first introduce myself. My name is Robert van den Breemen. I am working as an Enterprise IT Architect for over 15 years in a large Dutch government department. I am passionate about technology and the effect it has on the way people work. As the lead in the Digital Workspace Initiative that tries to enable users to do their work in a modern way I have seen and experienced first hand what technology-enablement means and how resistant people and organizations are to change. That leads me to exploration of the causes and present some ideas for improvements that will hopefully inspire change in technology. Simply because there is bright future ahead of us.

 

An essay on seamless cross integration between mail client and social platform(s)

In this essay (in three parts) I am going to explore the topic by creating a context and give my analysis of the situation. I will paint a picture of the reasons why people are not as efficient as they could be. I will explore what is probably going on in large enterprises. Which finally leads me to some new ideas why seamless cross integration of products is way more important than tons of new features in product and platforms.  

So one of the use cases that seems to be ignored in the collaboration space is the fact that sharing files and documents is done through e-mail as often as before. Even though Connections Files is a great way to share Files and Documents around it’s not done as much as you would expect. So let’s look at the root causes of this problem and why do people not change their behavior.

Some causes that we have seen within our deployment of Notes and Connections:

  1. People just are not used to Connections Files, they find it hard to use.
  2. People are used (habit) to putting their files in the mail and sending it to end-users.
  3. People are getting e-mails from the outside world as attachments.
  4. People still have their files on local disks and network shares, and drag and drop files into their e-mail.
  5. e-Mail is still the most common way to share stuff around to other people, to collaborate.
  6. People still think knowledge is power and they need to hoard and protect their content.
  7. Notes Mail and Connections Files are NOT integrated, it takes changes in one’s habits and workflow changes that are harder then just dragging and dropping.
  8. People live on file sharing, Office products and mail clients, not in browsers and Web pages.
  9. People are hard to convince to use yet another platform.
  10. People have their files and knowledge live in many places, mailboxes, Dropbox, file sharing, cloud drives, teamrooms, and… and…
  11. People send stuff to the outside world, then having stuff in Connections Files does not help.  So drop it into an e- mail, and off you go.
  12. People don’t know anymore where their stuff is opened, so e-mail with attachments might be opened on mobile devices, on android, on ipad or iphones or a Web client. Or even sent to an external user with Google Mail or Outlook mail client, or Apple Mail. It should all just work.

Email badgeWhen you ask adoption consultants what the problem is most of them will tell you that it’s a training and habit problem. So you just need to educate people more, teach them where  to do their tasks more efficiently and how to collaborate more efficiently. Thus the movement of “Zero eMail”. But lots of tasks still happen in e-mail and people just  have plain bad habits. But to be honest, the tools to communicate and collaborate don’t help you… In the last 5 years we have seen more and more options to collaborate to work differently. And yes, we just gave people yet another option to worry about, we added a channel, we called it a “social platform” (Connections). So basically we just added one more channel to their daily work habits. What do you think, did that help? It depends, it all depends on who you ask.

There are the true believers. We call them evangelists. People who truly believe that the way to go is to leave email behind and start working as a connected company. They will tell you that email is inefficient and that you have to change your ways. They show you convincing examples of how to change your ways. They create the 7 habits of highly effective people without e-mail. And they are right, of course. In a way we can be more efficient by working in a more open and connected platform, where people collaborate more openly, where you work together online in real time on a document, instead Danger Religious Warsof exchanging e-mails with individuals, fragmenting the discussions. You can involve your whole team, they can all see and comment on work items (aka documents). Thus you build on each other’s knowledge (like standing on the shoulders of giants). Clearly this is better. Its potential is clear. So people try. Some convert and will become believers as well. The believers will always try to work in the new way. Use the tools of their new beliefs. Even though it’s not always easy to follow along this path…

However in the meantime there are the haters too. They believe there is nothing wrong with their ways. They have worked this way for many many many years. Even though they can see some benefits in the way of the believers. They also see the flaws. They notice that the products are different. The ways of working are more open. You could easily see flaws. People make mistakes. So it boils down that these people resist. And start hating what the believers are telling them. They will resist the change that is happening. At every chance they will point out the flaws in the new way of working and the new tools. Some even believe that it might work, but point out that there is a whole other religion. It’s similar but another church and their ways and tools are just more appealing. They work better, smoother and have been around just as long. And that church copies some of the features, but improves upon them.

The truth is that the majority of people within an enterprise is caught somewhere in between the lines. They yet don’t see the benefits of the new ways of working and don’t understand the new tools. In fact, they just need to get their work done and want to get out of the office in time. They are just overwhelmed with the all the new functions and old options they are used to. They don’t want to change, it’s working just fine. They just want to be productive and get their work done. Of course they want to collaborate. Most work in teams anyway, so they have worked that way, right? Over the years the tools keep changing over and over again.  And the collaboration is done by groups of people. So even if the individual believes there are better ways, there is still the bigger group that needs to change their ways. In the mean time the world is changing in an increasingly faster pace, with mobile and cloud introducing new options daily, it seems.

Culture eats...So this is the context of most enterprise organizations that have started down the route to become a more social or a more connected enterprise. Some start with a clear vision of a more collaborative future of the work environment, where people can collaborate seamlessly with others, where leadership recognizes that they need to differentiate themselves from their competitors. There are different strategies to reach those goals of course. But as we all know culture eats strategy for lunch. In large organizations it is very hard to change culture . Strong leadership is needed. But even if you have strong leadership and a great vision of the future, even if that’s there that’s not a recipient for success. Why? Well leadership changes. The change of culture is difficult. The payoff takes a while. Value is not immediately apparent. People resist change. And tools are flawed. But, but, but, in time this will all be fixed. If we just switch to a tool that works? Or it will work the tools will become better and work seamlessly. Tools are simple to change, it is just the technology. And then people will see the benefit in the end and start working differently. And while this is all happening around us, people suffer. They are faced with an ever growing multitude of tools and choices. Choices they have to make. People have become the “integrators” between all the tools for their new way of working. And most enterprises fail to implement this better future effortlessly. Simply because you need long term leadership in place and that’s not the way most companies are built. It’s about short term and immediate return.

But what if we can incrementally change and grow slowly toward a better future? In the next part of this essay I will explore why products don’t help as much as they could…

An update on IBM Connections and the POODLE vulnerability

by with 2 Comments Misc

*** UPDATE: 10:53GMT, 3 November 2014 ***

As reader Oliver Regelmann has commented below, these fixes are sadly not for the POODLE issue at all, but to fix an altogether different vulnerability in Connections, caused by a issue in Apache Commons FileUpload.

My fellow contributor, Sjaak Ursinus, created a detailed post a couple of weeks back detailing the impact that the POODLE vulnerability could have on your IBM Connections platform, and the steps required to code a route around the issue (though Sjaak himself noted that it wasn’t much of a workaround).  If you haven’t heard of POODLE, then I suggest you go read Sjaak’s post now.

Just a few days ago, IBM Connections product manager Luis Benitez added a comment to the post linking to IBMs technote on the topic.

Since then, IBM has released a further update, and this post attempts to bring you the latest news on the issue.

Firstly, the vulnerability itself:

A security vulnerability was reported against Apache Commons FileUpload. IBM Connections uses Apache Commons FileUpload. A version of the package that is vulnerable to these issues is used in several past versions of IBM Connections. To fix this vulnerability apply the fixes as detailed in the Remediation section.

CVE-ID: CVE-2014-0050
Description: MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop’s intended exit conditions.
CVSS Base Score: 5.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90987 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This vulnerability affects all versions of IBM Connections, including all releases under IBM support and maintenance, i.e. 5.0, 4.5, 4.0 and 3.0.1.1.

The good news is that IBM has released fixes for all these versions, including the somewhat ancient 3.0.1.1, which I think is pretty impressive:

Apply the appropriate fix pack or APAR to remediate these issues as per this table. Note, if possible, it is always recommended to upgrade to the most recent release of IBM Connections.

Product Version Remediation
IBM Connections 5.0 Upgrade to IBM Connections 5.0 CR1
IBM Connections 4.5 Upgrade to IBM Connections 4.5 CR5 and apply Interim Fix APAR LO82478
IBM Connections 4.0 Upgrade to IBM Connections 4.0 CR4 and apply Interim Fix APAR LO82478
IBM Connections 3.0.1.1 Upgrade to IBM Connections 3.0.1.1 CR3 and apply Interim Fix APAR LO82478
IBM Connections 3.0.1 and earlier releases Either upgrade to IBM Connections 5.0 CR1 or upgrade to IBM Connections 3.0.1.1 CR3 , apply prerequisites and apply APAR LO82478

Whichever version of IBM Connections you run, my advice is that it really is imperative to get these fixes onto your systems as quickly as is reasonably possible – particularly if your Connections system is available to external access.

POODLE bug hits IBM Connections hard

by with 7 Comments Misc

Last Monday there is again found a big hole in the SSL Version 3 (SSLv3) technology. We call this bug POODLE which stands for Padding Oracle On Downgraded Legacy Encryption. So with this bug found and you as admin for your IBM Connections your first reaction would be lets disable SSLV3 on my front end web server (which is generally in an IBM Connections environment the IBM HTTP Server). Well when you do this you will be surprised by the outcome. You will discover that your environment doesn’t work anymore. I will try to explain here in short what happens.

IBM Connections has an HTTP Client embedded in the applications. This client is based on the open source Apache Commons HTTP Client. This client is only used for creating HTTP traffic and basically has nothing to do with SSL/TLS itself. The IBMJSSE2 library (which is part of websphere itself) is the library used for creating the SSL/TLS encryption layer for the HTTP data. So what basically happens is that the Apache Commons HTTP Client is used to create an http message and that that message is given to the IBMJSSE2 libary to encrypt it and send it (it is a bit more complicated than this but to make it understandable you can use this as a reference).

Within IBM Connections it seems that currently the Apache Commons HTTP Client is configured so that it tells the IBMJSSE2 library to only use SSLv3 where the IBMJSSE2 library is perfectly suited to use higher levels of encryption like TLSv1 and higher, this depends on the version of this library used which is delivered with websphere, so it basically means it depends on which version of websphere you run what types of TLS versions are supported. As you can understand that if you have just disabled SSLv3 on your front end server you will run into an problem now. When one of the IBM Connections applications needs to access one of the other apps via the web front end it will try to do that with SSLv3 which you have disabled on your front end server. So it can’t make a connection and voila your environment is dead 🙂

One of the solution which can be used to downscale the bug in your environment is as follows. We just have seen that disabling SSLv3 isn’t an option where IBM communicates otherwise. We can add some lines to the HTTP config file to check who is trying to build an SSLv3 connection to the webserver and if we identify that the source is our IBM Connections environment we allow it and otherwise we redirect it to a SSLv3 isn’t allowed sorry page on your environment.

What you can do is add these lines to your config

RewriteEngine on
RewriteCond %{ENV:SSL_PROTOCOL_VERSION} SSLV(.*)
RewriteCond %{REMOTE_HOST} !<your_ip_address_of _websphere_server>
RewriteCond %{REQUEST_URI} !errorpages/(.*)
RewriteRule ^/(.*)$ https://<FQHN>/errorpages/ssl_errorpage.html [R,L,NE]

What this basically does it test the incoming connection on if it is a SSLV1/SSLV2/SSLV3 connection and if it is then it test if the incoming connection is coming from websphere, if so then it will allow the traffic, if not comming from websphere you will be redirected to an self created error page where you can describe that you don’t allow SSL anymore but only TLS.

It is really a workaround and I don’t say it is the best solution but it is at least more than nothing. I really hope IBM comes with a fix fast ! With this implemented you can at least be sure that sensitive information isn’t being sent over SSL.

 

Update 18-Nov-2014
As Luis commented on this article. IBM Has delivered an fix today for the POODLE bug for IBM Connections from version 3.0.1 trough version 5. Here is the link to the TechNote document

Big news for security in IBM Connections

by with No Comment Misc

IBM Connections has a strong representation in the market of collaboration. As IBM Notes & IBM Domino have a long history in the collaboration market you can also imagine that lots of customers who are already using IBM Notes and/or IBM Domino also have IBM Connections in their infrastructure. IBM Domino can also act as an LDAP server and as we need an LDAP server also in the IBM Connections infrastructure it is for most organizations logical to use their IBM Domino environment as their LDAP supplier for IBM Connections.

But I have always lived with the assumption that all other internet protocols then HTTP which are supported by IBM Domino where vulnerable to Brute Force/ Dictionary attacks as there was not yet any configuration possibility with IBM Domino. Until last week a good friend called Christoph Stoettner contacted me on skype and told me that he had an issue on a customer site with logging in users and after some deduction and reasoning he had to conclude that the assumption of only the HTTP protocol which was protected by this Brute Force/ Dictionary attack setting in IBM Domino was a miss assumption !

Most probably you think this is all about IBM Domino why is it so big for IBM Connections. Well as I already stated in the start of my post. IBM Connections has a strong representation as a product with customers who are already running a collaboration stack of IBM called IBM Domino. So because of that it is very big news. Christoph Stoettner has already blogged about it last Friday on his blog (check it out here). So keep an eye on this post which protocols within IBM Domino are and aren’t protected but LDAP is one of the protected ones for sure so that’s good news !

IBM Connections Mobile app for android

by with 6 Comments Misc

One of the best parts of IBM Connections is the fabulous mobile application for android and iOS. But as all software in the world out there has bugs also this one consists of bugs. Last week with close working with IBM Support we have eliminated one more. So I wanted to share with you guys what the specific requirements are to have this problem.

Android offers to encrypts its internal/external memoryandroid encrypt (see screenshot).

As soon you have the medium in your android device encrypted where the IBM Connections mobile app is also on installed you encounter this problem.

 

When you have attachments in activities (for instance an microsoft document) and you want to open that document in the activity on your mobile device it would normally opened in the application which is coupled to that type of document. (most user use polaris office as that is a free app in the google play store.)

 

But you will see as soon you have and encrypted device it won’t work anymore. This has been identified by IBM and will be fixed in version 4.7.8 of the IBM Connections mobile app for android. The Estimated Time of Arrival of this version is end of this month.

Introduction of Sjaak Ursinus

by with 9 Comments Misc

Hi to all of you. I have been asked to blog here on ibmconnections.com by Stuart McIntyre. So first lets do an introduction of myself here.Sjaak Ursinus

My name is Sjaak Ursinus and I live in the Netherlands. I am working in the ICS market (IBM Collaboration Solutions formerly known as Lotus) my whole professional career. My birthday is 21 January of the fabulous year 1974 so that makes that I am currently 40 years. In the beginning of my career I have been working mainly with IBM Notes and IBM Domino but the last 7 Years of my career I have a 100% focus on IBM Connections.

I was at Lotusphere in Orlando in 2007 where the project called Ventura those days got introduced as Lotus Connections (later renamed to IBM Connections). As I had heard some rumors about the project Ventura would see its daylights during this lotusphere I was still completely surprised by the reaction of the crowd how good it got accepted. So at that time I decided to make a complete shift to IBM Connections. Its always hard for someone to start with a new product in their career. The best way to learn a new product is just to jump on to it and play with it as you solve customer problems. But the product just got released by the supplier so there where not yet of that day any customers yet. So my tactic those days was to get a good understanding of the product I had to have people where I would solve their problems for. So I got active on the public forum hosted by IBM for their product and tried to solve the problems people would leave over there. So back there I got a very good base and understanding of the product and use that knowledge still as a base for today’s helping out. Nowadays I have so many customers to serve with this product so I am not that active anymore on the public forum (I still scan the posted post still over there). I am very pleased to see that the product is very well accepted by the world and that it got big attraction even for IBM history.

Well for now this is enough about myself. I will post here some places where you can find me easily in case you want to contact me for whatever reason or helping out 🙂

platform name link
Skype sursinus / Sjaak Ursinus n/a
LinkedIn sursinus link
Facebook sjaak.ursinus link
Twitter sursinus link

Or you can always contact me via here on this blog.

Using IBM Connections? Please complete this research survey!

by with No Comment Misc

My good friend and esteemed analyst and author, Michael Sampson, is asking for feedback on your usage of IBM Connections:

I am running a research survey on how organizations are using IBM Connections. The survey has 17 questions, spread across four pages:

  • Demographics and Current State of Connections
  • Current and Forecasted Use of IBM Connections
  • Upgrading to Connections 5.0
  • Satisfaction, Value, and Next Steps

If you are decision-maker with reference to IBM Connections at your organization, please take the survey.

If you know people who are using IBM Connections at their organization, could you please forward them the link and ask them to take the survey?

Michael has run similar surveys previously, and the results have been very useful in terms of understanding the take-up of Connections across the world, and also the value derived at both the individual and the organisational level.

Please do take a few minutes to complete the survey – your input will be much appreciated!

My Social Connections VI session: ‘Social Business: The unstoppable force to overcome immovable objections’

by with One Comment EventsSocial BusinessSocial Connections

As you may have heard by now, we took the significant step of recording every single session at Social Connections VI back in June.  As the videos have been processed and uploaded, the team have been publishing them on our Vimeo channel as well as highlighting some of the most popular sessions on the Social Connections blog – it’s worth checking them out if you haven’t already.

I’m pleased to say that my own session is now online.  Here’s the abstract:

“I’m too busy” “My work is confidential” “I’m never in the office” “My position depends on me being the only source of my knowledge” We’ve all heard objections like these – reasons why key individuals cannot spare the time to share knowledge or to collaborate with others. Whatever the role, be it as executives, consultants, sales people or any other part of your organization, for social business to truly revolutionize your organization’s culture and productivity, these objections must be overcome. In this session, you’ll hear about driving adoption in organizations around the world. Find out how to make the benefits of social business irresistible for all your staff, no matter how immovable they might appear!

I’ve embedded the recording here, or you can watch it on the Vimeo site.  The deck is available on Slideshare (I appreciate it is difficult to see in the video – apologies for that!).

I’d love to hear any feedback you have…

 

Jive Transforming Traditional Intranets

Transforming traditional Intranets ‐ three places to focus

by with One Comment Jive

A really useful new whitepaper from Jive, authored by the always insightful Gia Lyons:

Many of today’s intranets are frustrating: Frustrating for employees to use, for content owners to govern, for IT to integrate, maintain and support. It’s time to modernize and mobilize. But, what should a modern, mobile intranet do and look like?

It boils down to three fundamental focal areas:

  1. delivering information and expertise seamlessly and securely across devices,
  2. giving people the tools to work better and faster and
  3. offering an open platform that integrates with a variety of systems people use across the company.

I break down each specific element of the modern intranet below.

Taking the reader through those focal areas in more detail, this 4-page whitepaper details some of the key characteristics of a next-generation intranet platform.

Whilst it is in no way surprising that Jive Software’s solutions deliver these characteristics better than most, this is a useful paper to share with colleagues to outline a vision for how a reimagined corporate intranet might deliver real business benefits.  The arguments are equally as valid for IBM-based solutions such as IBM Connections and IBM Connections Cloud (formerly IBM SmartCloud for Social Business).

Download >

[Originally posted on Jive News]

Ovum Research publishes ‘SWOT Assessment: IBM Connections Version 5.0 and IBM SmartCloud Connections’

by with One Comment IBM Connections

Ovum Research ‘create tangible business advantage for our customers by providing actionable intelligence that can be relied upon in evaluating opportunities, benchmarking performance, and making better business-critical decisions.

In short, they research and analyse the IT industry, thus providing insight to their customers – usually commercial organisations looking to take strategic decisions on IT investments.

They’ve just published a new paper, entitled ‘SWOT Assessment: IBM Connections Version 5.0 and IBM SmartCloud Connections‘.  In it they analyse IBM’s solutions in the Social Business area – Connections and SmartCloudConnections, covering the following:

[titled_box title = “Report contents”]

Features and Benefits

  • Understand the business issues that IBM is trying to address with its file sync and share offering.
  • Learn about the strengths, weaknesses, opportunities, and threats pertaining to IBM Connections from an enterprise file sync and share perspective.

Key Questions Answered

  • Why consider IBM Connections / IBM SmartCloud Connections?
  • What are the key strengths and weaknesses of IBM Connections?
[/titled_box]

Sadly (though understandably) the report is only available to Ovum’s paying customers.  However, if your organisation is currently evaluating whether to deploy either of these products, I have no doubt that this research piece could be very useful purchase…

Top 25

The Top 25 Global Social Business Leaders

by with No Comment Social Business

Top 25Social business is about much more than social media. A social business is an organisation whose culture and practices encourage networks of people—employees, partners, customers and others—to create business value, and, ultimately, increase revenue and profits.

So who are the exceptional talents building today’s social businesses and what can we learn from them?

The Economist Intelligence Unit (EIU) has identified 25 leaders who are successfully applying social technologies, principles and strategies within organisations around the world.

Sponsored by IBM, this top 25 list highlights some of the organisations (and their leaders) that have truly revolutionised the way they operate using social technologies.  Here are the top 5:

  • Bonin Bough – Vice-president of global media and consumer engagement, Mondelez International
  • Marisa Thalberg – Vice-president for corporate digital marketing , Estée Lauder Cos
  • Chris Laping – Senior vice-president for business transformation, Red Robin Gourmet Burgers
  • Scott Monty – Former chief of global digital communications, Ford Motor Co
  • Gilberto Garcia – Director of innovation, Cemex

It’s a fascinating list, and there are definitely stories here that will be relevant to all sizes and types of organisations.

More >

IBM Connections 4.5 CR5 is now available

by with No Comment Misc

When IBM Connections was first released, all patches to the on-premises code were released as iFixes – individual fix packages that could be installed and deinstalled individually. This was really flexible and allowed issues to be patched very quickly but also lead to very time-consuming patching processes and almost every system I visited had a different set of code updates installed. Not ideal!

For the past few versions, IBM has managed updates to Connections using Cumulative Refreshes (CRs). These packages consist of a set of cumulative fixes for each of IBM Connections applications.  This is a much more manageable approach, with approximately one CR released each quarter to be installed, and single fixes available from IBM support should an issue be particularly serious.

The latest CR for IBM Connections 4.5 has just been released:

[titled_box title = “Cumulative Refresh 5 summary”]CR5 is a set of 20 fix packages, which update each application entirely. Please apply all 20 fix packages together. The CCM (Connections Content Management) package should only be installed on Connections environments which have Content Management configured. In addition to these 20 fix packages, there is a new TDISOL version released along with CR5, which can be installed on any 4.5 Connections environment. Please download TDISOL 4.5 2014-07-10 from Fix Central.

CR5 uses the same version of the Update Installer as CR4, which is published in Fix Central under this link: 4.5.0.0-IC-Multi-UPDI-20131020

CR5 includes all fixes in CR1, CR2CR3, and CR4, plus fixes LO74499 and LO74629, listed in this document. It also includes LO74571 for Connections Mail support. It is not necessary to apply these previous fixes if you are installing CR5. CR5 can also be applied on environments that have those fixes already applied.[/titled_box]

You can download IBM Connections 4.5 CR5 from Fix Central.

Experiences with IBM Connections 5

by with No Comment IBM Connections

GIS blog logoI just wanted to quickly recommend a couple of posts from Julius Schwarzweller at German IBM business partner, GIS AG.

He was quick to get hold of the new IBM Connections 5.0 release and has been working with it for the past few weeks. He’s been kind enough to document his findings on a couple of blog posts, My experiences with IBM Connections 5 and My Experiences with IBM Connections 5 – Part 2.

In part 1, Julius discusses some of the details of installation and of configuring the new External Communities functionality.

In part 2,  he goes onto outline more of the features that have been added to the new release.

Well worth digesting if you’ll be looking to deploy Connections 5 in the near future!

Apache Struts security issues ‐ time to patch your IBM Connections install

by with No Comment Misc

I’ve just come across an IBM technote from May 2014 that has been updated over the last few days, listing details of a number of vulnerabilities in Apache Struts:

[titled_box title=”Vulnerability Details”]Several security vulnerabilities have been reported against Apache Struts through April 2014. IBM Connections uses Struts. A version of the package that is vulnerable to these issues is used in several past versions of IBM Connections. To fix these vulnerabilities apply the fixes as detailed in the Remediation section.

The following versions of IBM Connections are impacted:

IBM Connections 5.0
IBM Connections 4.5
IBM Connections 4.0
IBM Connections 3.0.1.1 and earlier releases[/titled_box]

There are fixes for all the above mentioned versions of Connections.  Here are the two most recent:

IBM Connections 5.0 Apply APAR LO80688
IBM Connections 4.5 Upgrade to IBM Connections 4.5 CR4 and apply Interim Fix APAR LO81215

I would definitely recommend getting these security fixes on ASAP, particularly if your IBM Connections platform is public-facing…

Ephox EditLive for IBM Connections updated

by with No Comment Misc

The powerful enhanced rich text editor for IBM Connections, Ephox EditLive, has just been updated to version 2.5.2.45 and is available from IBM FixCentral:

1.

interim fix: 

Ephox EditLive 2.5.2.45 for IBM Connections 4.5.

Platforms: AIX, Linux, Windows
Applies to versions: 4.5.0.0
Upgrades to:
Severity: 30 – Moderate Impact/High Probability of Occurrence
Categories: Function
Abstract: This is the Ephox EditLive editor, version 2.5.2.45, for use with IBM Connections 4.5.
Restrictions: entitled, license
Jul 19, 2014

Now bundled with IBM Connections for all organisations under active maintenance, Ephox adds significant value for users of the platform.

This video shows the solution in action:

[youtube url=”http://www.youtube.com/watch?v=iwXfYX79e_M” width=”600″]

Whilst this power doesn’t come free of some administrative complexity, deployment of EditLive should definitely be a consideration in most Connections environments.

IBM Connections QuickSearch for Chrome updated

by with 2 Comments Misc

I first blogged about the IBM Connections QuickSearch plugin for Google Chrome three weeks ago. Back then it was at version 1.8.

Remarkably since then the author, Romain Lienard, has released four updated versions:

[titled_box title=”Changelog for IBM Connections QuickSearch”]

V.2.2:
– New group feature !!!
– Can now post a message to the user’s board with @mention (using the new group feature)
– Can now share a File to a group of users. To unlock the “share this file” feature you have to be first on a webpage which is an IBM Connections File URL

V2.1:
– “share this URL” now works with communities (with typeahead)

V2.0:
– new “share this URL” feature
– UI bug fixes

V1.9:
– a context menu is now available. Just select some piece of text within any webpage, then right-click and select a service to fire the search !

V1.8.1:
– can now set a default scope (in the options page)[/titled_box]

I’m so impressed by this development effort, and by the rate that new features are being added.

For example, the context-sensitive search:

QuickSearch menu

and ‘Share this URL’:

QuickSearch share

If you access IBM Connections on a regular basis and use Google Chrome as your main browser, you really would benefit from this plugin.

Grab it from the Chrome Store (it’s free), and say a big thank you to Romain (@lienardr)!