The Great Tech Organization and the Digital Split

Ever since private companies and government started using computers there has been someone making the decisions on what technologies to leverage. In the beginning options were limited so choices were easy (albeit expensive). Entities adopt methods of sharing information and for better or worse stick with the plan over the course of a decade or longer. As fast paced as the industry is, there have only been a few leaps that have changed the game entirely but they all add up to where technology fits in today's workplace (and for that matter where it's going).

1. Cheap Computers: Once computers got cheap enough, they became ubiquitous.
2. The Internet: Once they were all connected, people could share information (chaotically at best)
3. The Great Organization: This is where we are now, web 2.0. Open access to information, clouds form

Numbers one and two are past tense so let's focus on three. The Great Tech Organization, or so I call it. Allot of people refer to it as web 2.0, 3.0, cloud or Generation Y computing. Whatever nomenclature you tag it with the idea is the same, to untangle the lack of standards from the Internet boom and really start using information efficiently by making access platform transparent (my name is still the best, however).

"The Great Tech Organization" made possible incredibly powerful applications that we all use (ok, unless you are over 35 - we'll get to that later) daily. Interconnected (via standards) cloud applications and methods like tagging, Facebook, Google Apps, YouTube, Twitter etc are all built in a way to share the information they contain freely at will with anyone, or any application that chooses to access it. This did a number of things but mainly it allowed anyone from the best application engineers down to shade tree developers to tap into incredibly powerful specialized central systems to enhance their own applications while allowing the people to decide what data they need. So... That's why there is a embedded youtube videos on every random website out there.. hmmm. Thats why I can view what 200 of my friends have on their mind right now, from my Blackberry - and react if I want to. Let the people have the data and they will figure out what to do with it, that's the idea here. Once all these systems had a way to communicate, other than via browser (which required a human), the internet starts to become a less chaotic, more effiecient, and more organized place to live.

So here we are in 2009 with all of these great applications at our disposal on demand. At no other time could the average Joe access so much information so quickly. So we use all this information socially, is big business taking note?

The Digital Split in today's businesses: There was a time that one generation of people who didnt grow up with computers disregarded them, computers were almost entirely embraced by the youth but not their parents. That's what I call the "Analog Split". Today most everyone uses a computer to communicate in one way or another and for the most part people have adopted the internet as here to stay. What we see now is the Digital Split, where one generation of business is used to doing things the old fashion way (centralized in house servers, email messaging, custom specialized applications) and the current/future way (cloud computing, social networking, and web 2.0 applications).

So who is adopting the new methods? Which side of the Digital Split is your company?

Social network links on the official White House website

Let's look at the feds. The US Government is actually doing a great job in my opinion, with at least part of the solution, and much better than many large companies (yep, I said it). This is largely due to allot of youthful influence on new policy when it comes to IT and a new administration willing to roll the dice. They are starting by communicating with the masses. The president spells this out as the new government vision in a January 2009 briefing from the White House. You'll notice the White House has it's own YouTube channel and Facebook page (as does the State Dept, and so on and so on..). Obama pushes twitter updates constantly. It's not 100% effective yet, or nearly close, but you can see that they take it seriously. Take a look at the Data.gov project and you will see the feds are also putting open access methods into practice also (someone up there is on the right side of the split). It's not just a way for the country to promote its agenda (it is) but it's also the new way of doing business. The people have adopted these methods to communicate personally, why shouldnt business? I say they should, if you want to remain competitive.

So take note of which side of this digital split your company is on. The lines between personal and professional computing are blurring by the day. The smart money rightfully recognizes the power this brings. Skills that will be in demand in the future may revolve around YouTube, Facebook, or anything else your boss doesn't want you using while at "work". For the first time since the internet, the people are ahead of business in way they think about sharing information. Besides, 1 million heads are better than, say.. one - right?

Weathering a "Reply to All" storm

If you work for a large organization, chances are you have seen a "reply to all" email storm. It starts out like this, someone sends an email to a distribution list which contains every email address in the company(thousands of addresses). One person clicks "reply to all", and says something like "please remove me from this discussion". Well, this is the first of three phases of an email storm. I'll call it the calm before the storm, to make it more exciting... If you're keeping count we've got two emails out to everyone in the company.

Phase two. Many of the recipients of the email think, "hey, me too, this email has nothing to do with my job or what's on woot today so I want off this email chain too". So about 5% of these people click "reply to all" and send a message indicating they want off too. Now we're up to 70 or 80 emails to everyone in the company.

Phase Three of the storm commences. Phase three is when another 5% of the recipients get tired of the unsolicited flood of emails so they, yes, REPLY TO ALL to inform everyone to stop replying to all. It makes me tired just typing it, but it happens and it gets even worse. The replies start nice, of course everyone wants to help. Then people start getting angry, and, yes, reply to all to tell them about it.

Now this all sounds a bit silly, but I have seen this happen twice in the last two years at two different (large) organizations. The first time at "company A" was bad, but thankfully it was limited to a small (in comparison) distro list of about 1500 people. The second and most recent instance of the phenomena was a lot worse and the initial email went out to about 25,000 recipients. The result of the second example was tormented exchange servers that couldn't handle the load and inevitably shut down email for the organization, globally. (yes, there were some CHOICE emails in the flood that were quite funny and I assume more than one person was canned for their replies) Needless to say there are a lot of embarrassed people at the site right now for the self inflicted email crash.

So what do you do. First off, don't reply to all to tell everyone not to reply to all. Even if you haven't done one full hour of actual work all year and you KNOW that if you tell everyone to stop that will save the day, everyone will clap, and you will get a raise. That wont happen, it just wont. So don't click it!

The second thing is if you send an email to a large distribution list, put the distro list address in the bcc line. Then, in the first line of the email indicate the name of the list the email was sent to so all the recipients know. If a recipient replies to all on a message you sent to a bcc, it will only go the the sender and not what was in the bcc.

Another novel way, if again you are the sender, is to block the reply all button for your recipients. Now, granted, this will only work for Outlook users using Exchange within an organization, but if this is a good match then this will actually remove the button from the recipients mail for your message. Pretty cool! Here's how to do it:

Add the following macro to your Outlook(2003).

Sub NoReplyAll()
Dim myolapp As Object
Dim myinspector As Object
Set myolapp = CreateObject("Outlook.Application")
Set myinspector = myolapp.ActiveInspector
myinspector.CurrentItem.Actions("Reply to All").Enabled = False
myinspector.CurrentItem.Actions("Forward").Enabled = False
End sub

After creating the macro, you can create a button in your message window to run the macro when you create a new message. Running the macro prior to sending the message changes the metadata that exchange reads to disallow the “Forward” and “Reply to All” buttons for everyone receiving the message within the same organization and using Outlook.

Anyhow, for what it’s worth, if you are sending email to a large distribution list or know someone that frequently does – this may be helpful in stopping a storm before it starts.

Version 2.0, Release 2 is here! (Ryker's new brother)

I've been offline AGAIN anxiously awaiting the arrival of our second son, we're very excited he is here! Cade William Butcher was born on August 24th, 2008 weighing 7 lbs 3 oz and 19 inches. We're very excited about the new addition to our family and development staff (in a few years maybe)!!

3DTelemetry beta is here!

In a previous post I eluded to a project I was working on involving GPS and OBDII vehicle data. The beta is now online and ready for download here. All you need is an NMEA compatible GPS device or logger, and an OBDII scanner if you want to import vehicle data (3DTelemetry will create maps without OBDII also).

3Dtelemetry takes data logged in your favorite OBDII scan tool (growing compatibility list here) and merges it with the GPS data that it (or an external GPS logger) aquires along your drive. 3DTelemetry then exports the data into KML format for viewing within Google Earth. So, essentially you will be able to see on a 3D map that your Mass Air Flow pressure was 2lbs in corner 4 and the engine reported 6400RPM while you were passing grandma's house.

This is obviously going to be an ongoing project and I will update my blog with any dramatic changes, but check the site (http://www.3dtelemetry.com) for the latest information. Debugging from the passenger seat has presented an entirely different programming experience, but this one has been allot of fun to create so far. Special thanks to Jay and the gang at Autoenginuity and others for fielding my incessant questions about OBDII.

I intend to keep the application free during this initial beta phase and then very affordable once we have a valid release. I think there are too many high priced doodads out there for the amateur racer these days. So if you enjoy your car and you're looking for something useful and cool that wont break the bank check it out!

Please feel free to drop me a line with any suggestions or comments!

Making sense of the Global Positioning System

Thanks to the U.S. Department of Defense (and good ole President Ronald Reagan) GPS signals are freely available for civilian use. The fact is, today GPS is basically ubiquitous in most people's lives. Most new cars use it to show you where you are and your proximity to the nearest Starbucks. Raising the "cool factor" bar for technology using GPS is its implications on the Internet as we know it. For example people are geocoding their images in their online photo albums, Cool apps like Google Earth, Geocaching and all sorts of new creative games using real places are sprouting up all over the Internet (people are going outside again!). Basically, with GPS the Internet can break out of it's closed linear stage and becomes part of our real three dimensional world. Very cool, but more on that later - let's dive into what makes the Global Positioning System tick and how you can take advantage of the technology in your next project.

You will find that most GPS devices out there (USB GPS for your PC, handheld GPS's, etc etc) will report data from satellites in a neat standard format called NMEA. NMEA uses a serial ASCII protocol to send GPS data to your application for consumption. The resulting comma delimited data is piped out or logged sentence by sentence from your device. The NMEA format makes it easy to take the data and parse it anyway we'd like. Now we could just use the software that came with our Microsoft's Streets and Trips or Earthmate GPS but that's no fun.

Decoding GPS log files
There are many different types of NMEA sentences. Luckily they are all in an easy to read format. The first field is the sentence type and will start with $. I am only going to focus on a couple sentence types that give us our position information. For the purpose of this blog, we'll ignore the other sentences but there is plenty of references online about them.

My favorites, $GPGGA and $GPRMC. You will find that these two will have all the data you should need for tracking.

Example sentence (GPGGA):
$GPGGA,192122,3514.7971,N,07634.7585,W,1,04,01.3,00006.2,M,-035.9,M,,*79

Translation:
$GPGGA,hhmmss.ss,llll.ll,a,yyyyy.yy,a,x,xx,x.x,x.x,M,x.x,M,x.x,xxxx*hh

Here is what each field means:
1 = UTC of Position
2 = Latitude
3 = N or S
4 = Longitude
5 = E or W
6 = GPS quality indicator (0=invalid; 1=GPS fix; 2=Diff. GPS fix)
7 = Number of satellites in use [not those in view]
8 = Horizontal dilution of position
9 = Antenna altitude above/below mean sea level (geoid)
10 = Meters (Antenna height unit)
11 = Geoidal separation (Diff. between WGS-84 earth ellipsoid and
mean sea level. -=geoid is below WGS-84 ellipsoid)
12 = Meters (Units of geoidal separation)
13 = Age in seconds since last update from diff. reference station
14 = Diff. reference station ID#
15 = Checksum

Example sentence (GPRMC):
$GPRMC,192137,A,3514.7966,N,07634.7588,W,000.0,000.0,310707,,,A*66

Translation:
$GPRMC,hhmmss.ss,A,llll.ll,a,yyyyy.yy,a,x.x,x.x,ddmmyy,x.x,a,m*hh

Here is what each field means:

1 = UTC time of fix
2 = Data status (A=Valid position, V=navigation receiver warning)
3 = Latitude of fix
4 = N or S of longitude
5 = Longitude of fix
6 = E or W of longitude
7 = Speed over ground in knots
8 = Track made good in degrees True
9 = UTC date of fix
10 = Magnetic variation degrees (Easterly var. subtracts from true course)
11 = E or W of magnetic variation
12 = Mode indicator, (A=Autonomous, D=Differential, E=Estimated, N=Data not valid)
13 = Checksum

By parsing these etypes either in real time by reading the data from a COM port, or from an existing log file you can use the coordinate information in any way you choose. I am currently working on a cool (Ok, I think its cool..) vehicle tracking application that I should be releasing here on this site soon. There are allot of good examples floating around with source code that should give you a handle on using this data.

In closing, the Global Positioning System is a powerful resource that you can tap into and enable your applications to become spatially aware. This opens plenty of doors for new and innovative apps - so get coding!

XSS vulnerabilities, do they even care?

Is your site at risk? If you knew it was would you do anything about it? I would hope so, but, you'd be surprised. I've found many "very large" companies online with exploitable vulnerabilities in their main websites that could potentially be very embarrassing and costly.

This article is the start of several where I will test the philosophy of "responsible disclosure" by contacting 5 companies and notify them of security holes that I have found in their sites - even offer assistance and resolutions - to see how long it takes for them to fix them, if at all. I'll keep the names of the companies to myself and just describe them as "industry/estimated # of employees". Just a little white hat test that should get interesting.

By now, most companies and organizations have a little more than a static html brochure online. Most sites are actually full blown online applications either purchased "off the shelf", developed in house, or custom developed by some third party. Dynamic sites, although a necessity, can potentially open doors when improper techniques are used when developed. Once your web application is online, mal-intented site patrons have all the time in the world to pick apart your site for potential vulnerabilities. I speak from experience as web applications that I have created have even been the target of attacks in the past - and I'd be ignorant to think they wouldn't be targeted again in the future.

Some background on the method of the day, XSS..

For this test I'm going to focus on one facet of web application security, XSS(or more confusingly CSS in some cases - not Cascading Style Sheets). XSS stands for cross site scripting and is generally a method employed by hackers to inject their own modified code into your site. I have identified a diverse range of flawed websites below to see what, if anything, their reaction is to someone telling them they have a problem. Here are the companies and description:

1. Retail/95,000 Employees- notified webmasters 8/30/2007
2. Government/1,000 Employees- notified webmasters 8/29/2007
3. Manufactoring/23,000 Employees- notified webmasters 8/30/2007
4. Transportation/19,000 Empl0yees- notified webmasters 8/30/2007
5. Pharmaceutical/2,000 Employees- notified webmasters 8/30/2007

If you'd like for me to take a quick run through of your site, drop me an email with the URL and I'll be glad to send you what if anything I find (time permitting:)

So, there you have it. I'll post updates as responses come in. Let the whirlwind begin.

Displaying fiscal year with VBScript

In an effort to drive engineers bananas, at some point a financial wienie decided that a normal calendar we've been using for thousands of years just wasnt up to par. Fiscal dates took root in the government and corporate America, surely chaos would ensue..

Truthfully, fiscal dating makes more sense to companies because the organization can then make their own rules and target the start and end dates around important production times or downtime.

There are many good ways to generate the fiscal date information, I've found that one really quick and dirty way to display just the year is by using vbscript datedd and datepart.

Our example will use the Government fiscal year which starts October 1 so will need to add one year to the current year if it is October, Nov, or Dec.

<%
if (DatePart("M",Date)) = "10" then
FISCALYEAR = DateAdd("yyyy",1,date)

elseif (DatePart("M",Date)) = "11" then
FISCALYEAR = DateAdd("yyyy",1,date)

elseif (DatePart("M",Date)) = "12" then
FISCALYEAR = DateAdd("yyyy",1,date)

else
FISCALYEAR = DateAdd("yyyy",0,date)
end if
%>

If your fiscal year starts in, say, August.. August is the 8th month so start your script with
if (DatePart("M",Date)) = "8" then
and then continue through the months through the end of the year (12). Happy scripting, or rather, fiscalling!