A summary of the state Sales Tax holidays appears below, courtesy my friends at CCH/Wolters Kluwer. Let’s be careful out there, people – shopping is NOT a contact sport.
Author: Brian Tankersley
Accounting Technology Expert and professional speaker (with K2 Enterprises and Yaeger CPA Review). Writer/columnist for @AccountingWeb and @CPAPracAdvisor. Publisher, CPATechBlog.com. @BFTCPA and @CPATechBlog on Twitter.
Open source drive encryption tool Truecrypt announced that the product is discontinued on its main website today, and the official website has been replaced with directions for getting any encrypted data moved to Bitlocker-protected drives. The website says that “Using TrueCrypt is not secure as it may contain unfixed security issues”
Story from Ars Technica: http://arstechnica.com/security/2014/05/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns/
Directions for Getting Data Out: http://truecrypt.sourceforge.net/
Coming on the heels of the OpenSSL vulnerability, this may shake the confidence which businesses have in the reliability of open source software. Although the purchase price seems right for open source (free), the cost of unexpected announcements like this, the lack of professional management, and other issues with the practical maintenance and implementation of such products makes commercial software look better all of the time.
If you are using TrueCrypt as your hard disk encryption tool, we recommend that you transition to Windows Bitlocker, PGP Whole Disk Encryption, or another solution ASAP.
Update 6/4/2014
A group of developers has set up a website for a new “branch” of TrueCrypt development. While this new group may do a great job, disk encryption is not a place where you should cut corners. I’d stay away from TrueCrypt and go with commercial solutions – we need some answers on why the first group shut the project down and what the code audit has discovered before it gets back onto my “safe” list. (I’m using Bitlocker in W81 Pro).
Update 3/30/2018
A branch off of the TrueCrypt code has been launched called VeraCrypt. You can learn more about it at their website, https://www.veracrypt.fr/en/Home.html
#CES2014 kicked off last night with the “CES Unveiled” event. I attended, and as it’s not my first trip to CES, it seemed like there was a good mix of evolution and revolution in the products on display. Some of the major themes on display were as follows:
#Drones
Even though I called #BS on the Amazon Prime Air publicity stunt a few weeks ago, drones are still going to be a big leap forward in 2014. The drones on display at the event were very impressive, and I could see how they could be utilized in a number of scenarios for home and business use, including:
- Imaging and agricultural yield management in a large field
- Live traffic reporting from trouble spots around a city
- Crowd management at an outdoor event
- Real time overhead video at a football game
- Surveillance by law enforcement
- Overhead security camera for a large parking lot
- Delivery of packages by Amazon
While I’m still not crazy about having millions of drones overhead, I think there are some practical uses of this technology. Let’s just make sure that we get the NSA under control before we start using these things in earnest, OK?
If you are still not convinced about how far robotics and design have come in this area, I encourage you to watch Adam Savage’s video where he demos his robotic spider. The capabilities which have been achieved in this space are amazing.
#Cloud #POS
First Data was exhibiting the Clover point of sale system, which is a tricked out Android tablet that’s used along with a cloud-based point of sale system to process transactions and manage retail stores. (Clover was purchased by First Data in 4Q 2013) While I spent a very short period of time at their table (which was very crowded), it looked very impressive, and I plan to visit them during the show. The overview video from their press kit appears below.
An Intro to the Clover cloud-based point of sale system
#Wearables
It is clear that wearables will be a big topic of discussion at this years International CES, but I didn’t get a good barometer on how ready the products are for the real world. Everyone had their obligatory “Dick Tracy” bluetooth smartwatch which served as a second, smaller screen that pairs with your phone, but none of these have impressed me as “life changers” thus far. More on this later in the show. There were a number of exhibitors at the event who were presenting their take on the next evolution in the FitBit exercise tracking devices. Notably absent was Google Glass as well as other devices which use “heads up displays” to access information without using traditional screens.
The most interesting wearable I saw was a pair of swim goggles with embedded heart monitoring. This item was displayed in a showcase of award winners by CEA (pictured above), but was not available for testing at the event.
#FuelCells
The Upp fuel cell, which will be distributed in the US by Brookstone (MSRP $199, available in Q1 2014) looked very interesting, and there were signs that this technology will be on display elsewhere at this year’s show. I’m glad to see this technology finally reaching the market, and hope to be able to evaluate this product for a future post.
A second fuel cell vendor named Brunton was on display in a glass case as a CEA award winner, but I was not able to speak with a company representative about this product’s capabilities and US distribution outlets. I hope to see them during the show later this week.
#HomeAutomation
The Lowes Home Improvement Iris platform (via the Killer Bee) was announced, and is an interesting platform for managing connected devices in the home which I would love to review in my own home at some point (hint, hint, Lowe’s PR people). (existing components and offerings are available online here).
The Arrayent Connect platform is a cloud-based framework for integrating connected home devices
from multiple ecosystems together. This toolset appears to make it possible to connect enterprise applications, mobile applications, and analytical tools to devices which four major communication protocols (Wi-Fi, Z-Wave, AC900/868, and ZigBee). The company’s offerings are targeted at manufacturers, systems integrators, and others who want to connect devices together from multiple manufacturers across multiple platforms without needing to write code.
Since Arrayent is selling their technology to go under the hood of products from Maytag, Whirlpool, I don’t expect you to hear much news about them in the coming months. The company’s efforts are still important to solving the problem of communications and “data plumbing” between the wide range of connected devices we use every day.
In summary, I recommend that you stay tuned. I’ll continue to separate the wheat from the chaff at this year’s harvest of new technologies and devices over the next few days, and will present many of these items in a webinar, “From CES to You: New Productivity Tools for 2014” on February 6 from 1P-3P ET.
You’ve heard about the security issues at a number of organizations in the last few weeks. Thankfully, there haven’t been any breaches at software companies who serve professional accountants (except maybe for Evernote – although I don’t know that I would put HIPAA or taxpayer data in that service). One of the important things that is coming out of this is that major software vendors like Evernote and Google are planning to implement a security approach called “Two Factor Authentication”. While I won’t go into much detail on how it works (although there’s a good Wikipedia article here), the basics are as follows:
Security tokens, like the RSA SecurID above, have a formula which generates a new six digit code every minute that is used as a one time password.
There are three basic ways to validate someone’s identity
- Something they know (username, password, PIN, etc.)
- Something they have (cell phone, RSA token, USB key, etc.)
- Something they are (biometric identification like fingerprinting, face identification, or iris scans).
Historically, we’ve used only one factor of authentication – a username and password – to access most online systems. While this is adequate for some information types, the sophistication of phishing attacks and other techniques used by the “bad guys” requires a more sophisticated approach to security. Two factor authentication normally requires users to validate their credentials to two servers – one which controls the username and password, and a second which validates that they have a particular device or item through a one time password.
I’ve used a number of two factor authentication devices in my career, including:
- Tokens, like the one shown above or those used by Scorpion Software’s AuthAnvil for Windows Server.
- SMS validation from online services, where a code is sent to my cell phone (another solution is Microsoft’s PhoneFactor)
- A USB device called a Yubikey from a company called Yubico which has been on a security podcast I listen to weekly which inputs a one time password into a computer.
- SmartCards, along with the readers built into my HP Enterprise laptops.
- Fingerprint scanners on laptops
All of the devices worked well, and I still use some of them to authenticate to many services.
One important point is that the use of factors other than passwords (something you know) is not a panacea. Use of any of the items listed above in lieu of a password doesn’t accomplish anything. The real benefit comes from using these tools in ADDITION to a username and a password. Even if a person with bad intent knew your username and password, they would be screened out by the second factor, whether it is biometrics (fingerprint, iris, or face) or a device you have (token, cell phone, smart card, USB key). Just like high security installations have more than one layer of security, you want the same layers of security verifying that you are really you online.
The ugly reality of the accounting profession is that a significant breach would undermine the confidence that others have in the profession, and could send us back to the ‘90s with some technologies used in business today. It’s hard enough to be a small business in our economy without having to deal with concerns about security of data.
It’s time for two factor authentication with online services, people. Ask your vendors about their support for it, and look for opportunities to protect your data with these types of authentication regimes. It’s time for this technology – we can’t wait for some practitioner to lose their house over an online information breach to deal with this significant issue.
Online accounting software publisher Xero announced today that they have created a direct interface to two applications commonly used to work on business tax data – Intuit’s Lacerte Tax and ProSystem fx Engagement. This is the Company’s first foray into exporting data from Xero into U.S. tax and accounting applications, although the local versions of Xero for Australia and New Zealand have already created integrations with acquired products like Spotlight Workpapers which automate work for accounting professionals.
Xero’s US President, Jamie Sutherland, said, “We know our accounting and bookkeeping partners who prepare tax returns are looking to get data from Xero into tax software this tax season. We worked hard to create an easy export from Xero to Lacerte Tax and CCH ProSystem fx Engagement. Accounting and tax professionals will spend less time worrying about getting the data and writing up tax forms and more time advising and guiding clients on tax issues.” “We recognized that ProSystems fx and Lacerte Tax are the major players in the tax space but we’ll be looking at other tax software as their SaaS solutions come to market to make the accounting and tax workflow even more seamless.”
Xero partner and accountant Steve Chaney, CPA, owner of Chaney and Associates, a Roseville, California accounting and consulting firm is excited about the new feature and its immediate impact on his practice this tax season. Chaney said, “When you are managing tax filings for hundreds of clients, these efficiency gains add up and go straight to the bottom line.” Chaney’s firm was established in 2002, serves clients in six states, and positions itself as a leader in the effective use of new technologies by accounting firms.
Online accounting software Xero has a strategy of reducing and eliminating data entry for accountants and clients where possible by importing transactions from financial institutions and using user-defined rules to assign accounts to the transactions. Last month, the Company announced an integration with time tracking and invoicing application Harvest, and in 2012, the company launched a proprietary tool (the Xero Practice Manager) for its US accounting partners.
While I was at CES last week, I quickly wrote up my success in locating, tracking, and retrieving my cell phone from one of a company’s 400 taxis in Las Vegas. (The article is here). Although it cost me $100 in reward money to get my Windows Phone back, the money it took was nothing compared to the $550 it would have cost to replace the phone. At the end of that post, I promised to revisit this topic and let users know how to locate, track, and recover their iOS and Android devices. While the tracking in iOS and Android takes a little more work (you have to use iCloud on iOS/MacOS X, and it requires a third party app on Android), it is possible to locate your device on these popular operating systems.
Disclaimer: Do NOT use these tools to track your employees or significant other, as it’s extremely creepy, and tracking employees may be illegal and/or a violation of your terms of service with the carrier and/or manufacturer.
Apple Devices (iOS and MacOS)
While the previous post was focused on locating your Windows Phone, it is relatively simple to implement location tracking on Apple devices. To track the location of your device requires you to do the following:
1. You must register your device in iCloud.
2. You can then track your device when it connects online in iCloud when you go online. An example of me tracking my MacBook Air is in the image below.
3. If required, the device can be locked, wiped, and reset from the iCloud console.
Note: It is a violation of the End User License Agreement to track business devices with iCloud. Don’t do it – it’s creepy, and you WILL be found out by the target.
Android Devices (Prey Project)
There are a number of different tools for tracking Android devices; some of the more popular tools include The Prey Project , LookOut Mobile Security (requires a subscription), and Where’s My Droid (Lifehacker 2010 post here).
Tracking your device using the Prey Project is shown in the image below, which is a location report from my Nexus 10 tablet. I have a personal subscription to this tool. which is $5/month for device tracking on up to three devices. Lifehacker has a good article on how to use this tool.
I’ve lost some cell phones in my time (a hazard of traveling 100,000 miles a year). It is no fun to lose anything – especially a smartphone. Lost smartphones have lots of data, and are $500 or so to replace. No fun. In the past, I’ve spent hours calling people to find my lost phone, but today, I was able to lose, locate, track, and receive my lost phone in about 15 minutes total. It was one of the best experiences I’ve ever had with technology, and my hat’s off to Microsoft, Verizon, and the Lucky Cab Company of Las Vegas (no, I’m not kidding) for making this post possible.
This week, I’m in Las Vegas covering the Consumer Electronics Show. Today, I took a taxi from my hotel to the Venetian for a meeting. Unfortunately, I was “under-caffeinated”, and accidentally left my new Windows Phone (HTC 8X for VZW) in a taxi. [For those keeping score, a lost HTC 8X is a $550 problem]. Needless to say, I was a little… um… stressed. I then remembered that I could locate my phone any time at www.WindowsPhone.com, and located the my phone, which I could verify was in a taxi.
I locked the phone from WindowsPhone.com, and made it make noise so the driver or subsequent passenger would find the device. I also put a message on the phone that said “Lost Phone, Please call 865-202-4160 (My friend Sean’s phone) to arrange for return and payment of $100 reward.”
My friend, Sean, called the taxi company on his phone (I had a receipt with the company name and number), and over five minutes, I tracked the phone. We refreshed the location about every two minutes, and passed the location of the phone to the dispatcher at the cab company. The dispatcher tracked the position reports from the 400 taxis which worked for the taxi company we used, and called our driver on the radio. The driver located the phone (large sigh of relief), and we continued to coordinate meeting the driver at the Venetian.
Our cab pulled up about 10 minutes later, and I was thrilled to see my phone again. I gladly gave the driver a $100 tip for bringing my phone back. I entered my lock code to enable my phone, and I went to my meeting (with five minutes to spare). Overall, this was a great experience. [Sometimes technology really saves your bacon.]
[Next time, I’ll explain how you can do this kind of tracking and (if necessary) remote wiping of data on the Android, Windows Phone, and iOS (Apple) operating systems.]
The lovely and talented Kelly Erb (@TaxGirl) has been running a social media promotion where she asks aspiring poets to write haikus about taxes. This has served as my brain break (in an open Excel sheet) for the last couple of days. Today’s haiku follow:
Why do people quit firms?
Our review points reveal that
We are control freaks.
The Pizza man knows
the code to the office door.
Tax season is ON!
Dominos, The Hut,
TakeOut Taxi, Steak Out.
Preparer dining.
march madness is near
the tournaments will be shown
in the conference room.
it begins with a
1099 and ends with
one last extension.
One of the key things in the new version of Microsoft Office 2007 is the top 15% of the screen – also called:
“The Ribbon”
(Also see Microsoft’s coverage of their new user interface at their website)
The Ribbon is a context-sensitive replacement for the dropdown menus and the toolbars. Simply stated, the job of the Ribbon is to put the most likely things for you to use in front of you when you would like to use them. The idea here is that Excel (and the other office apps) have a lot of features that only us power-users know how to locate, set up, and use. While I expect the interface will be easier for those who are not used to Excel to master, I have used it already – and I like it. It does take a little getting used to – after using Excel, Lotus 1-2-3, and Visicalc before it, and this is a big change. Admittedly, it’s not as big as the change from the old Lotus “/”, or slash commands, but it is enough of a difference that you may say, “What the heck is this?” the first time you see it.
(Note that the Ribbon I see in the betas of Office 2007 is different from this one, and the MS Office 2007 UI Team probably hasn’t finished their work on The Ribbon yet.
The story behind the scenes is interesting – and reminds us that while we have advanced tools to help us with collaboration, some types of work will still use lots of paper. So those of you who are going paperless this year (for sure(!)) don’t get rid of that printer just yet – just like Microsoft, you may have lots of paper in your future.
According to one of the Microsoft blogs, the ribbon layout was developed on a series of 11″ x 17″ pages posted in the hall of the fourth floor hallway where the Office 12 (now called Office 2007) UI design team was based. Mind you – this is one of the most successful companies in the world, and probably the most successful software company in the history of, well, software. These guys can use any tool they want to collaborate electronically, (and they have some pretty cool stuff.) They used paper.
The US Space Program spent a bloody fortune designing a pen that would work in zero-G. (You can purchase one – it’s called the Fisher Space Pen). The Russians? They sent pencils and a sharpener. While there are a lot of things about the USSR and its designs on the world which made me nervous (and some which continue to make me nervous), the ability of their military (and their space program in particular) to use less elegant, more reliable solutions to the problems facing cosmonauts which work right every time is a big deal. It’s particularly noteworthy when you consider that the Soyuz platform is still around – and NASA couldn’t build another Saturn-V rocket again if one was needed without a major retooling. True, Americans have walked on the moon, and Russians have not been there – but we’re closing in on the 35th anniversary of the last time a human walked on the moon – and we’re not going back there for a long time.
Moral of the story here: Don’t overlook the simple stuff that works in your quest for technological supremacy – the trick to using technology in your practice is to use technology to solve problems. We don’t see mechanics buying tools because they look cool – they buy tools because they help them get a job done. I love gadgets – but that’s a hobby, and the gadgets are there to help me get more work done – which is the point. Implementing technology without analyzing the business problem and picking the best solution from the available solutions for that problem is foolhardy. Success with technology is like the successes from the space program in the 1960’s and 1970’s – it’s best implemented with a lot of people working hard on solving lots of small problems every day for a long time. In other words, tech success is usually evolutionary instead of revolutionary. Remember this if your implementation hits a few speed bumps – and keep your ears open, as sometimes, the best ideas come from the people who have little formal education and lots of experience. There’s a reason the Good Lord gave all of us two ears and one mouth.
Wireless Data Carrier Device Email Addresses
- AllTel 10digitphonenumber@message.alltel.com
- Ameritech/SBC Paging
- 1way = 10digitphonenumber@paging.acswireless.com
- 2way = 10digitphonenumber@airmessage.net
- Arch
- 1way = 10digitphonenumber@archwireless.com
- 2way = 7 or 10digitPIN@archwireless.net
- AT&T Wireless Blackberry or SMS =
- username@mobile.att.net or 10digitphonenumber@mobile.att.net
- The address(es) are case sensitive and must be in lower case letters.
- Cingular Wireless Blackberry or SMS =
- 10digitnumber@mobile.mycingular.net
- Metrocall
- 1way = 10digitphonenumber@page.metrocall.com
- 2way = 10digitphonenumber@My2Way.com
- 1way = 7digitPIN@pagemart.net
- 1.5way/2way = 10digitphonenumber@airmessage.net
- Motient 2way = username@2way.net
- Nextel Phone = 10digitphonenumber@messaging.nextel.com
- Qwest 10digitphonenumber@qwestmp.com
- SkyTel 1way and 2way = 7digitPIN@skytel.com
- Sprint PCS Phone =10digitphonenumber@messaging.sprintpcs.com
- TMobile 10digitphonenumber@tmomail.net
- Verizon Wireless Cellular 10digitphonenumber@vtext.com
- Verizon Wireless Messaging
- 1way = 10digitphonenumber@pager.myairmail.com
- 2way = 10digitphonenumber@myairmail.com