Friday, December 31, 2004

Fighting Spam

Spam is out of control and there is little that can be done.

Changing your email address and not using your primary email address for buying things on the web, post info to website or having it listed in text format on your web site or any web site helps eliminate most all spam. List the email address as an image instead on your web site. You can check to see where on the web it may be listed by doing a Google search on your email address.

If you are still using your old email address and that address is receiving all the spam, you can set an Outlook rules wizard to route that email to another folder that you can call spam. That will clean the inbox, and makes it easier to review the spam and delete it. Note: I didn’t say stop it…

When receiving spam the best things to do are: Do not respond to it, don’t preview or open it. Previewing it only lets the spammer know that you are a valid address. Inside the spam are hidden images that point back to the spammer with your email address letting them know that you opened/previewed the spam email.

These evil spammers do send all kinds of graphic, sick adult related material and right now there is little technology or the legal system can do about it.

There are some counter measures that I can take on your server to turn up the heat to reduce some illegitimate spam spoofing such as a reverse lookup on the sender before accepting the email. However, this will deny email from company’s that do not have there email systems configured correctly or an ISP doesn’t have their DNS servers configured correctly. It is estimate that some 35%+ systems are not configured correctly, hence the reason why it is off by default.

Turning it on will result in a partial reduction in spam, but will deny some legitimate email which will lead to additional costs for our time to investigate why a sender can not send you email as we track down where the issue is. I do this research all the time and it does take a little time, but takes more time coordinating with the senders ISP to correct their DNS configs so they are not spoofed by spammers.

Another option is having multiple email address. Use certain addresses for certain functions. Since you own your own email server you have an unlimited amount of email address variations that you can use. Having multiple address allows you to track and route inbound email.

A company called GFI has several products worthy of using. Their Mail Essentials is a great Bayesian anti-spam product. Using it along with the Mail Security will help curb virus bombardments as evil email. I really like these products.

$500 Mac!!! for Everyone?

If this story is true reported by CNN that Apple will be selling iMacs for about $500 in 2005, I think there will be a lot of people switching over to the the Mac. Price has always been a issue with switching to a Mac for many users. For the same money or less the buyer could get a Windows computer that had more horse power and cheaper accessories. A $500 Mac would put a halt to that mind set and give Windows PC's a run for their money.

I am not a Mac user now, but at $500 I would buy a Mac.

Thursday, December 30, 2004

Anti-Spam Detection Algorithms

There are two basic methods of SPAM detection algorithms Heuristic and Bayesian.

Heuristic is a fixed algorithm that guesses at the email if it is SPAM. It is not updatable. Once a Heuristic algorithm is defeated it becomes worthless in detecting SPAM.

Bayesian has to learn over time what it SPAM and what is not SPAM, but is adaptable and updatable. Spammers are constantly changing the way they send spam such as v1agr@. They have 1.000’s of new ways to try to get around detection.

Hotmail is a good example. They have deployed a new Heuristic SPAM filter that that completely stops all the junk from getting into my inbox. Well that lasted for about 2 months. Now I still don’t get the old junk mail, but because a spammer has figured out how to defeat it, I am getting 30 identical SPAM emails a day on that account.

Bayesian is better as it allows you to adapt as the spammers adapt.

Wednesday, December 29, 2004

Geek Cruises


Are you looking for an education vacation? Check out Geek Cruises. They have digital photography, Mac Mania, iPods, Linux, Perl, Web and Windows Cruises. The next up cruise is on The Queen Mary 2. The largest cruise ship that is three times the size of the Titanic.

Geek Cruises--computer education for geeks & consumers

Spies Among Us


1. Identifying the problem.

This past weekend while troubleshooting several customer computers a horrible discovery was made that has dealt a sever blow to the war on spyware. Utilizing the three alternatives together from our paper it has been determined that it is still not enough to combat spyware, due to recent deployments and changing landscapes of anti-spyware software. The latest versions of anti-spyware software will no longer detect and remove certain well known and notorious spyware applications. In fact not only do they no longer detect key spyware, all references on the anti-spyware vendor’s websites have been removed about the known spyware. Commercial and Freeware anti-spyware has become completely useless in the war on spyware, and there is tremendous loss in trustworthiness in these products. We now have to seek new ways to combat against the epidemic menace that is plaguing everyone’s computers.

Spyware is technical slang for Adware. Adware is software the phones home and reports the actions of the user where the software is installed. Adware attempts to deliver targeted advertising based upon what the user is currently doing. Adware is called spyware because of its monitoring type of behavior and it methods of collecting data. Spyware is typically software that is free and is supported by advertising. However a number of companies have taken this concept beyond simple ad placement. Some spyware software tracks the user, what applications they use, documents they write, web sites they visit, products they buy, credit card numbers, user names and passwords, parses the users address book and monitors over all computer usage. The spyware companies claim that this is done in order to deliver targeted advertising to the user.


2. Defining the criteria, goals, and objectives.

A computer user should be able to surf the internet and do personal computing without the hassle of ads constantly popping up trying to get you to buy Viagra. Today’s computer operating systems are really stable as compared to years past with the constant normal crashing of Windows 98. With operating systems such as Windows XP being more stable that ever, it has allows the rapid propagation of malicious software. This software is often poorly written, unstable, degrades systems performance and causes systems to crash or reboot.

The objective and goals are to allow the user to enjoy the stability of their operating systems and be more productive in there work. The criteria is to completely prevent malicious software from gaining access to the computer and denied it the opportunity to conduct its evil business.

Since desktop based anti-spyware has become less affective in the war against spyware, alternative means must be identified, tested and deployed along with the other methods of spyware prevention as a total combined solution.


3. Evaluating the effects of the problem.

Spyware is not only an unwanted invasion of your personal privacy, but can damage and destroy personal data. For example during the routine maintenance of a computer, one of my techs was asked to uninstall some old junk software. The tech did as she was asked to do and rebooted the computer. The computer attempted to reboot, but was hung in a continuous reboot cycle and failed to start in any mode, normal mode, safe mode or advanced recovery mode. As a result the tech was left with no choice but to reload the computer from scratch as that was the fastest and most economical way to recover from the problem. It was later determined that the computer was infected with spyware called “Blazefind” as it known to cause this very problem as it was not written with the fore thought that a user might uninstall certain software. As a result the spyware cause the continuous reboot, because it could not find the dependent program that it has become a parasite to use.

Spyware also degrade system performance to a point in which the user is waiting for programs to load and process on an otherwise lighten fast computer with the latest and greatest hardware.

The direct results are a loss in user productivity and system stability. This increases labor cost, support costs and an immeasurable amount of loss in intellectual property and trade secrets.


4. Identifying causes of the problem.

The current issue of trusted anti-spyware software not detecting known spyware is being caused by the anti-spyware vendors themselves. Through much testing I have determined that the anti-spyware companies have silently removed from their applications the abilities to detect and remove known spyware from a user’s computer. Also all references to the spyware have been removed from their web sites and can only be found by searching the archives of Google.com’s cached websites. Desktop anti-spyware applications such as Ad-Aware, Spybot, Webroot, and Pest Patrol no longer detect the following list of top 5 spyware applications that we tested in our labs:

· GAIN also known as Gator and Claria http://www.gator.com/
· Hotbar http://www.hotbar.com/
· New.Net http://www.new.net/
· MySearch http://www.mysearch.com/
· SaveNow http://www.whenu.com/


In some cases such as SaveNow this spyware promotes itself to be spyware free and champions the cause to fight spyware. When indeed it is the very evil it declares that it is not. Ad-aware has a web page that defines what it declares to be spyware at their Threat Assessment Center (TAC) http://www.lavasoftnews.com/ms/tac_main.shtml.


Out of curiosity in our labs we decided to test to see if the notoriously well known spyware listed above actually met the TAC criteria, and that maybe the new versions of the software listed above might have stopped their old spyware ways.

We used third party network packet monitoring tools and SPY++ a Microsoft utility to monitor inter program communications and a process monitoring utilities to monitor hidden processes. This process monitoring tool was developed by one of the anti-spyware companies for this type of use on the local desktop to monitor for spyware like activities and communications. The results were no change in spyware behavior for all the listed applications according to the guidelines set by Ad-aware’s TAC.

Having spoken with my attorney about the matter, he concluded that it could be that the anti-spyware companies which are for profit were legally pressured by the spyware companies to have their products removed from the anti-spyware blacklists. This is a big blow to the war on spyware.


5. Framing alternatives.

Since we are losing the battle on combating spyware, desktop anti-spyware software is no longer detecting and removing known spyware, it is imperative that we find other means to combat against the problem.

To recap the three solutions from my learning team paper were stronger server based security policies deployed to the user’s desktop, desktop based anti-spyware, and end user education on spyware awareness. These three methods were recommended to be used as single solution. However one of the alternatives has been dramatically weakens and has become less affective. Other alternatives need to be implemented to strengthen the barriers of entry to spyware infection.

Alternative A: We can do nothing and keep doing things the same old way and continue to trust the anti-spyware companies as they should know what is and is not spyware. However we proved in our lab that the spyware not being detected is still behaving like spyware.

Alternative B: We could develop our own anti-spyware software to detect software that we do not want our users to download and install. The estimated budget to do a project like that would be somewhere between $100,000 to $500,000 in development costs with no guaranty that it will work, or be stable. Venture capital would be required in order to begin development and the development cycle maybe years away before it is ready for use.

Alternative C: We could seek other methods to stop spyware such as using a gateway server that can filter web content. A content web filtering server has a database that can be manually updated as well as subscribe to a service bureau for auto updating. Most content web filters server applications are used to prevent users from going to adult website such as porn sites. They could easily be adapted and updated to block known spyware websites such as http://www.hotbar.com/. Thus the user never makes it to the spyware application’s website. No desktop changes have to be made and most companies only have one entry onto the internet.


6. Evaluating the impacts of the alternatives.

Alternative A: Doing nothing is not a good solution. The spyware problem is getting worse and not having the proper tools to fight against its propagation will greatly impact a company’s bottom-line.

Alternative B: The expense is too great and would take to long to develop and deploy a customer software solution. There is no guarantee that it will work and no guarantee of a return on investment. In the meantime the overall companies will continue to lose productivity and labor cost and support cost could double the price of the self development of the anti-spyware applications.

Alternative C: Using existing security software applications and adapt them to fight a new problem will be a more cost affective solution and the return on investment is an immediate reduction on the loss of productivity, a reduction in labor and support costs. This solution is easy to deploy and will pay for itself in a short period of time. The only negative impact would be the in adverting blocking of legitimate web sites. This is easily overcome by approving the needed web site in the security database.


7. Making the decision.

Alternative C to utilize and adapt existing security software is the most cost effective and complete manageable and trustworthy technical solution to the replacement of the failing desktop anti-spyware software solution. The effort to find, test and deploy this new security software should begin immediately.


8. Implementing the decision.

Once a software package has been decided upon, all customers will be notified of the new option to fight the war on spyware. Once approved by the customer, it will be scheduled, installed, tested and maintained by our techs.


9. Measuring the impacts.

The measurement of success is easy as there will be immediate reduction of the loss of productivity, a reduction in labor and support costs. Additional success will be less user frustration, a peace of mind, secure and protected environments and a better bottom line. This success will ensure that there are no spies among us.

Wednesday, December 22, 2004

What is a Blog?

The term Blogs (not my favorite word) is slang for web log. It allows rapid content publishing. They are only a couple of years in the making in its current form, but have been with us since the beginning of the web with Tim Burners Lee. They became popular during the last gulf war and were catapulted to legit journalism status during the recent elections.

A blog gives the writer the ability to say exactly what they want to say the way they want to say it without an editor censoring their thoughts. The political blogs during the elections exceeded traditional news sources in readership. The traditional news sources were caught off guard by the popularity of the blogs. It puts a whole new meaning on the meaning freedom of speech. Now there are millions of blogs on just about everything that you can imagine and some that you don’t want to know about.

The current blogs are very easy to start by anyone and do not require any technology knowledge. Content is king that is why Google bought Blogger.com and set it up for free.

Administering a site like http://security.efsnm.com is a blog site and a lot of work. It runs on a Linux server and uses the server config’s to maintain the mySQL server that is the database engine for the site. That site took minutes to setup and start using. However, you can spent days learning their syntax and modifying the site design. So you may spent more time on site design and navigation than on composing the content.

At blogger.com http://technutz.blogspot.com/ setup up this blog took minutes. I used one of their templates and tweak the site settings. I already had the content from class that everyone has read. Form the time I setup the site, edited and posted the content that it currently there only took me about 3 hours. I am sure others would take longer, but I was really please with the blogger.com blog site.

The blogger.com site has everything I was looking for as it is easy to use, very nice templates (that are able to be changed) and it is FREE.

As a business one would think how could Google offer all that for free? Easy, they would like you to use their Adsence product. It is not required, but I already had the account and post it as a way to get a pay back for the content. Content is king, otherwise why would someone come to your site…

ODBC vs. ADO.NET

I dislike ODBC and its many versions, incompatibles, its poor performance, its unpredictable results, its inconsistent drivers from the various vendors, its lack of syntax consistent standards and it overall difficulty to use and to deploy in a client server environment.

I only speak from first hand experience with working with ODBC. There is nothing wrong with using ODBC. It may be your only option at the moment. ADO.NET is the latest evolution in database access, but has it roots in the evolution in ODBC. ADO.NET is a rewrite in which Microsoft learned form the sins of the past. Back in the day a few years ago ODBC was the only method of data access on a Windows system that worked and saved developer a lot of time in development for database communication. At the time it was much welcomed, but today it is demise is much welcomed.

I was just unfortunate to be a part of the evolution of the ODBC madness, having to re-write my code every time they published a new release or service pack is a major pain. I have bloody scares on my forehead from backing my head on the keyboard in dealing with the ODBC insanity. When you have 1,000’s of lines of code and a lot of database access code, it gets old pretty quick rewriting it to accommodate a syntax change, a retired command, change in the default behavior of an object or setting, new methods, new functions or stupid parameters that are now required, but not documented.

Tuesday, December 21, 2004

Parent Awareness of PC Usage

Having reloaded many home computers for my business customers, most of the parents that I have work with on their computer have no idea what there kids are up too, where they have been or how to tell what has been done on the computer.

My worst case was a parent brought us there computer to be reloaded as it was full of spyware. We had just reloaded that same PC a month pervious. This go around, we found a ton of adults images. Normally we simply dismiss it as we always find adult stuff, not because the user was downloading it, but because of adult spam, spyware, adult joke apps, adult malicious ware, and viruses, etc. So it is not uncommon to find that stuff peppered all over the computer.

However this time it was a lot of clear web surfing to the common name adult sites. It was in their boy’s XP profile that we found the stuff in the internet cache while doing a search for family pictures that the parent wanted to save. Any rate the parents being good religious people were dumb founded and very embarrassed. It is typically the case, shock, bewildered, upset, angry, and embarrassed in that order.

Do you know how much adult material is on your PC? You might be unpleasantly surprised, especially if you have kids and they use your computer.

Monday, December 20, 2004

This Blog Site

The TechNutz blog was a great exercise. The blog site serves many purposes. It is an open source of information that uses hardware, software and the internet to relay information. It is requires an input device to create the data and a monitor as output to review the data.

The data is contained in a very large relational database with many fields, records and data types oh my! It uses SQL as its queries language and uses HTML, Java Script, JAVA, DHMTL, CSS, XML, RSS, email, e-Commerce with the Google Ads and an Oracle backend database. The blog is a collaborative virtual site in which the users can participate from most anywhere on most any device that has a web browser, even my PDA phone. It uses a user name and password security to limit access to certain sections of the application.

Sunday, December 19, 2004

The Cycle of PC Upgrades

My experience both with big and small companies that it is cheaper to buy new than to upgrade. Labor costs kill the ability to benefit for network, server and desktops upgrades.

As for resale there is generally no resale value left in a computer. The life cycle of a desktop PC is 3 to 5 years. Most PCs are processed and disposed by a company that is hired to get rid of the hardware that meets EPA requirements. I am paid to pickup, wipe the hard drive with a DoD utility and I donate them to a local organization that recycles PC's for the disadvantage people.

I agree with your assessment about size. This does however come into play with notebooks, cell phones and PDAs. With desktops there is no benefit. However the funny thing is the smaller is more expensive.

Saturday, December 18, 2004

Productivity and Ethics of the Internet

Q: What are the productivity issues of the Internet? Are there ethical issues of the Internet? What does a consumer need to be leery of purchasing goods or services online? What are the greatest risks?


What are the productivity issues of the Internet?

The internet by its very nature is both productive and counter productive. There is a wealth of information hidden in a sea of obscure information and at times disinformation. I find myself a child and veteran of the internet evolution chasing related rabbits down tangent paths. It is very easy to jump from one topic to the next as they are related, linked or of interest. As a result a great amount of time can be spent on reviewing information that is really not relevant to the task at hand.

In the work place web surfing is abused by everyone to a certain degree. Most of the customers I support in Medical, Commercial Real Estate, and Law Firms have very little time to play as small business professionals tent to be extremely busy.

In these small businesses the most abuse is by the low paid workers, who is not as in tuned to the immediate needs of the business and are left unsupervised. As a result the most common abuses are instant messaging, shopping surfing, and online games as a result the PC’s become infected with spyware and other malware software.

Since most entry level computer users do not know how to clean their trail it is easy to tell where and what they have been doing and looking at. To manage these workers we have deployed stealth employee monitoring software that records everything that the user is doing, along with screen shots, keystroke logging, application usage times, email, web surfing, etc. It flags the user when they are doing something they should not and notifies the supervisor or manager. This has dramatically dampened the abuse of the Internet for personal usage and set productivity back on track.


Are there ethical issues of the Internet?

The ethical issues of the internet are more numerous that I can list here. The internet is still a baby as compared to other technologies like the phone and light bulb. I would have to say that there are more ethical violations on the Internet than there are not.

The 50,000 foot view of the ethical issues are a broad range of Legal, Online Activism, Government, Censorship, Free Speech, Intellectual Property, Fair Use, Privacy, Security, Infrastructure, Culture and Legislation. The ethical issues are still in their initial states of definitions, some very clear, most very unclear.

In the news the most recent popular battles on ethical issues is P2P (Peer to Peer) file sharing. With the RIAA filing numerous law suits to stop music swapping it is still a highly debated subject. Identity theft is on the rise, but mostly via spyware and other malicious software. Static’s still show that identify theft is still done the old way of dumpster diving and mailbox raiding. Online identity theft is on the rise with techniques called PHISHING. The ethics of the internet are abused all the time both on purpose and by a lack of understanding what the user is doing.


What does a consumer need to be leery of purchasing goods or services online?

Never purchase anything without an encryption connection to the commerce site that you are connected to.

Never buy anything from a site that is not well known such as Billy-Joes’s House of Pain 666 Book Store. Buy instead from Amazon, Borders, Barnes & Noble, etc.

Always read the return policy, restocking policy, privacy policy, site usage policy, warranty policy, shipping policy, insurance & pricing policy, the user reviews and industry publications reviews of the site that you are purchasing from before you complete your purchase. Compulsive shopping can get you into a lot of unwanted charges and stuck with a product that you can not return.

Never give more information that you have to in order to make the purchase.

Never sign-up for vendor product referrals or allow the site to provide your information to a third party sources. Product newsletters and new release updates are usually ok to check and receive.


What are the greatest risks?

The greatest risks are your account information being compromised, your bank account being emptied, and you being stuck with an ineradicable amount of debt where you did not make the purchases.

Kerberos Security

Kerberos is a hidden feature in Windows 2000, 2003 and XP. It is used for authentication in a Microsoft Network Environment from the client to Server and most people do not know that they are using it. The question was about the Internet. To what extent Kerberos is used ACROSS the internet is not published information from Microsoft or I am unaware of it usage.

Kerberos is one of many important security protocols used behind the scenes.

Here are links for those that wish a quick study of Kerberos.

MS Kerberos Summary

Kerberos FAQ
http://support.microsoft.com/kb/q266080/

Friday, December 17, 2004

Security challenges of the Internet

Q. What are the security challenges of the Internet? What are the regulatory challenges of the Internet? Explain several types of crimes committed on the internet with respect to online businesses.

Wow this is a really tuff question to answer in just 300 words. I could write a book just on the first question alone, but for the sake of everyone’s sanity I will keep it short.


What are the security challenges of the Internet?

This question should read:
What are the security challenges of protecting your business and home computer systems from evil doers abroad?

You can not secure the internet. It is an uncontrolled environment. You can only security the gateways into and out of your home or business and your internal systems.

A hardware firewall or a NAT router is a good start. Followed by software firewall on your PC with Anti-virus software that is updated daily. Also anti-spyware, web filtering or parental control software should be used, for your self if nothing else. Anti-Spam software or service for email and a good healthy dose of security education on what evil doers are trying to do to your computer and to you.

The biggest challenge is getting people to understand what they are about to be hit with. Once they have been burned, then my life gets easier, because for some reason once they have lost something important on their computer their hearing and understanding all of a sudden becomes very clear and they get it.

A couple of other things on security and the Internet as any business related data or commerce data needs to be encrypted when going ACROSS the Internet.

The common protocol to do this is HTTPS. We talked about that last week. Another method is VPN which can use PPTP or L2TP with IPSEC to encrypt the data in 3DES. These protocols can be Microsoft’s, (which I usually use) or they can be propriety like CISCO or NORTEL’s VPN applications.

One other secure method is Terminal Services which is done by use Remote Desktop application to connect to a Terminal Server. This communication also uses 3DES encryption.

All three Microsoft versions are built into the Windows XP Desktops systems. HTTPS and VPN are in all versions of Windows from Win98 to XP. Remote Desktops is a free download from Microsoft and runs on most all support Microsoft OS to include a pocket PC phone.


What are the regulatory challenges of the Internet?

Keeping the internet unregulated is the biggest challenge. I hope the government doesn’t tax the crap out of the internet. There are so many issues about regulatory stuff being proposed it makes my head spin and eyes pop out! Some of the bills going before congress are just plain stupid nonsense crap. While other bills are much welcomed like the Spyware act, but the government has no way to enforce it, especially when the evil is coming from off shore.

Here is a link for a site about the latest Bills being passed in congress.
http://security.efsnm.com/index.php/weblog/C15/

For links that will make you head spin and eyes pop out there are great reads at the EFF (Electronic Frontier Foundation). They fight for sane tech rights against insane Bills in congress.
http://www.eff.org/


Explain several types of crimes committed on the internet with respect to online businesses.

Information and System Rape is the by far the most common and epidemic. This occurs when spyware gets onto your system and uses it for evil deeds. It is no different than someone going into your house, using it to plot, plan and execute their evilness and they move your cheese. With spying on your PC the evil doer can take your banking information, credit card, personal identify theft, while leaving you holding the bag to pay the bills.

One more common ways is PHISHING via email or web site to trick the user into giving freely their account information. For more on PHISHING you can check out this web site.
http://security.efsnm.com/index.php/weblog/C14/

US-CERT Security Information

To learn about security issues you can subscribe to the US-CERT site from the Department of Homeland Cyber Security group. This group is augmented by the security folks from Carnegie Mellon University.

Security Bulletin
http://www.us-cert.gov/cas/bulletins/SB04-350.html

CERT
http://www.cert.org/

Thursday, December 16, 2004

Worm W32.Erkez.D@mm

Here is a link from security.efsnm.com site about the latest evil virus Worm W32.Erkez.D@mm. It is a Threat Level 3.



December Windows Patches

Microsoft Monthly Patch Summary:

Microsoft does such a cryptic job of informing the public about security issues. This web site security.efsnm.com has paraphrased the updates for just the most important information. You can click the link on this site to the cryptic MS security info for a funny read.


Wednesday, December 15, 2004

Memories of past Languages

I am interested in others feedback as to what they are doing and using. I am interested in your experiences, good, bad, ugly and indifferent. Knowing the results of an experience is very valuable.

Thomas Edition was once asked by a reporter how it felt to be such a failure. He replied I beg your pardon? The reporter stated, Mr. Edition you have tested a 1,000 things and none have worked, so how does it feel to be a failure? Mr. Edition responded, Sir, that was a 1,000 things that we did not know that would not work. My good man he said, that is not failure; that is success. Mr. Edition tested 3,000 things before he finally discovered the right elements to use to create a light bulb.

My first programming language was basic on the Apple IIE networked with a micro mainframe. We it took 15 minutes to logon. We booted, used the rest room, got coffee and stacks and prepared for long nights in the computer lab. My second language was COBOL. I got an A+ in the class, but I hated that language more that anything. Pulling out your fingernails was better than coding in that language. Next was Fortan, PASCAL, and C that was the end of my formula training. I had enough understanding that most all computers languages are the same just different syntax. I went on to self teach myself C++, Assembler, Visual Basic, SQL, Access, VBA, VScript, Jscript, HTML, ADO, ASP, ODBC, PERL, AWAK, WSCRIPT, XML, DHTML, and a bunch of other obscure languages. I was on the beta test teams for ASP.NET long before it was called DOT NET. I was working on DOT in 1999 and 2000 when it was called NEXTGEN. All these languages had their own headache and issues. A lot of languages were not forward nor backward compatible.

Microsoft would have you to believe that you need Visual Studio to be a productive rapid application developer. Well having been on campus in Redmond working with the people who invented the dang stuff, they do most of their work at the command line console or in notepad. Notepad is the universal editor.

Now I mostly write in Access and WScript for desktop and server automation. I have rewritten the same utilities in the same language and others some many times I am just burned out on writing code for a living. Since the dot com bomb days, the big projects are much harder to come by. I enjoy writing utilities and scripts that get used over and over. I enjoy the tech support as the life of a coder is never ending as there is always one more line of code that needs to be written or rewritten.

Tuesday, December 14, 2004

Fighting Spyware

Ad-aware is good, recently Sypbot has become the preferred anti-spyware software as Ad-aware no longer will detect certain versions of known spyware like Gator and Hotbar to name a few. These spyware companies put legal pressure on Ad-aware and other anti-spyware software to have their software removed form their detection lists.

Also before you download anti-spyware check it on Spyware Wwarrior’s web site to ensure that the anti-spyware that you are downloading is not Rouge anti-spyware. There are several hundred rogue anti-spyware programs being free/sold that even show up in Google Ads that are actual the very thing that they claim to get rid of “SPYWARE”

Jen you should be fine with Ad-aware, but I recommend that you add Spybot too.

Links an Article on Rouge Anti-Spyware

Spybot

Spyware Warrior Newsgroup:
http://www.Spywarewarrior.com

Inside Microsoft's IT

Here is an interesting look at Microsoft’s IT department with Ron Markezich, the software maker's chief information officer.


Monday, December 13, 2004

Office Automation and Group Collaboration

Group Collaboration
A collection of software applications and devices used in a computer networked environment are called groupware. The is no specific set of application that make up this groupware, it is software that allows a large group of people to collaborate locally over a LAN and over vast distances over some type of WAN.

The most common type of collaboration is done via electronic messages called email. This email can be either standard SMTP and POP3 email or Newsgroup email like at the University of Phoenix.

The Newsgroups are used to collaborate ideas. The collaboration occurs when a newsreader client connects to a newsreader server and than exchange messages. The people post their messages and download the messages posts of others. The newsreader application that most people are using is Outlook Express. Outlook Express can use both newsgroups and regular email.

Most businesses today use email as a form of collaboration between vendors and customers as well as other employees. A commonly user email collaboration server software is called Microsoft Exchange. Exchange allows users to collaborate email, calendars, contacts, tasks and basic project information via a dashboard. The Exchange server can also be used as newsgroup servers. Newsgroup servers have an advantage over regular email as everyone that is subscribed to a newsgroup gets to read all the messages posted in that group. It aids in keeping everyone in sync with electronic communications. Standard email is one to many or one to one, and sometimes people can be left out of the loop when information is requested or disseminated.
There are other forms of groupware applications such as Microsoft Share Point Service. It allows the posting, collections and better organizing information and documents than what a newsgroup can do. Share Point is getting better, but it is very hard to setup and maintain. It is not backwards compatible and the environment is easily corrupted.

My favorite groupware collaboration software is a web-based groupware application called Intranets.com. Intranets.com allows anyone with little to no experience to built web based relational databases in real-time on the fly, ready to use after building. It is by far the most impressive company I have ever worked with. It allows rapid prototyping, rapid application development and production usage in minute’s verses days, weeks and months. We have converted all our traditional client server based databases all to web-based database group collaboration software at Intranets.com.

There are many other software applications that are effective tools for groupware collaborations such as WebEx for web based meetings, information and desktop sharing like doing product demos.

Simple instant messaging can be used for example MSN Instance Messenger. Our team uses instant messenger to hold meetings for team assignments. It provides a written record of who said what. It is like a permanent meeting minute’s tracker.

The reading text talks about workflow management groupware applications. I have work with several large companies that have attempted to use these applications and they have not worked out for many reasons. They have been very difficult to use, time consuming to use and very expensive to purchase, deploy and maintain.

The advantage of using groupware applications are the rapid, accurate, in-sync reception and dissemination of information.

The disadvantage is the lack of personal interaction with others in a face to face environment. While video conferencing allows for face to face collaboration, it is not the same as in person interaction and communication of information. Other disadvantages are the additional costs and customization that might be required for a particular business group.

Office Automation
Groupware software applications are often augmented with documents, publications, presentations, spreadsheets, CAD drawings, voice mail, faxes, scanned images, art work, video and other forms of audio within the groupware application. These files are created with other applications such as a word processor, spreadsheet program, power point applications, image editor, video editor, scanning software, etc. The use of this software is referred to as office automation as the software is used replaces the manual method previously used.

Office Automation is the integration of several applications to produce a single output. An example would be a program called HotDocs. It also the fast creations of large documents like legal and commercial real estate contracts. It allows someone with little to no experience to answer a few questions and it will generate all the necessary clauses, language, personal pronouns, sentence structure and pull existing database to populate word documents.

The advantages of Office Automation are an increase in work production, work flow and more accurate information. It is often miss-referred to as a reduction in labor costs. The actual fact is one is still working the same amount of time, but now you are doing more work. The production of work increases, but the labor costs for 8 hours is still 8 hours.

The disadvantage of office automation is the complexity in which office automation can become over a short period of time. It takes more user knowledge to deploy, use and maintain the integration of the various applications and additional user training maybe required. Lastly about every four years all software and hardware used in the office automation efforts will need to be replaced.

Relational Databases

Q. What is a relational database? How is it structured? Indicate commercial database that are sold to the public that are relational in nature. What are the advantages and disadvantages?

What is a relational database?

The concept of a relation database can be thought of as a collection of tables that are connected together by Primary and Foreign keys. A table is like an Excel spreadsheet that is a file based system with cells as fields and rows as records. A table is contained in a DBMS. The purpose of related tables are to reduce the amount of redundant information. One table could contain contact information, another table could contain product information, and another table could contain inventory information and so on.

How is it structured?

The data is contained within table and the tables are connected together with primary and foreign keys.

Indicate commercial database that are sold to the public that are relational in nature.
There are two kinds of database products. One is the product that a database application is developed in such as Microsoft SQL http://www.microsoft.com/sql and another is an actually application that uses a database that is pre-structured such as MOLDTRAX at http://www.moldtrax.com . This commercial relational database uses an Access database. It has seventeen tables with seventeen primary and foreign key relationships. It has sixty custom queries that use one to many relationships to define a view for a form or report.


What are the advantages and disadvantages?

Advantage:

The biggest advantage is the over reduction in redundant information. Another advantage is the ability to relate information and produce queries results that would not otherwise be possible in a single table.

Disadvantage:

The biggest disadvantage is the complexity in knowledge required for an administrator or developer to build, deploy and maintain such a system. Therefore is can be more expensive to use.

In most companies there are measure in place to deal with data contained in a single location such as:
  • Data replication to another server
  • RAID 5 hard drives in which the data is contained on several hard drives at the same time live
  • Cluster Servers in which the same data runs on several servers at the same time in a RAID 5 environment
  • There are two kinds of Backup Agents on real time data backup and the other is night agent backups.
  • The database systems also contain the ability for them to be backed up or dump their data to a text file manually or on a schedule.

Sunday, December 12, 2004

Phishing, Spoofing and Evil oh My

If you manually enter the website address in your browser it will ensure that you are going to the desired website. Otherwise according to recent security issues that were discovered you will have no idea.

It is recommended that the site that you are intending to perform commerce with that you start your connection with a newly opened browser and manually enter the website address.

Never click on links inside an email or suspicious web site that leads to a commerce site. Never fill out a web form inside and email, and never fill out a web form that you did not request.

Saturday, December 11, 2004

Which Computer Vendor?

The reality is most computer companies are bad, mostly in the support in the support and warranty area. When it comes to home user support I give all the computers companies a failing grade. They have shipped all the support centers overseas where you get Fred the tech guy who can not speak English very well and is reading from a script, placing you on hold, having to try things that are completely unrelated to the issue. It is very frustrating to everyone.

On the business side with server support, those jobs are still in the US and I receive excellent support from most all the major vendors.

Here is my Picks on Vendors Home and Desktop support ratings.
  • Dell (but they have been on the decline for that last 6 months and their support is getting worse)
  • HP/Compaq (good support, can be difficult to get to, hold times are long) I am not a big fan of their priority none up gradable hardware, but it is quality.
  • Gateway (Support can be very frustrating and an unwilling to replace failed hardware without speaking to a supervisor)
  • Off brand or other vendors: I don’t not have any customers that have other one off brand systems. Dell has been the defacto standard and their warranty program and onsite support is better than the rest. If others wish to comment about their vendor I would love to hear about your experiences.
  • SONY: I have a Sony Viao. I love my Viao, but Sony is by far the worst company I have every dealt with on tech support. Not only would I give them a failing grade on support, but I would expel them from the tech support industry. They have the crappest warranty program which basically covers nothing. Their repair turn around time is about 6 weeks on the minimum 3 months has been the worst case. They over charge for part to the turn of about 50%. You never get to speak to the hard support people, only a customer rep who knows nothing, and they will not let you speak to a supervisor of any sort. Their customer support is in FL and the hardware repair center is in CA. I will never buy another Sony computer product ever, not will I ever recommend them to anyone for anything. If you have or buy a Sony computer product, expect to go to tech support Hell. It angers me as we are a Sony house with Video, camera, Tivo and other gadgets. Not any more as my Sony Video camera just died and it too has a support Hell of its own, so we are looking at a Canon Video camera. Ok I am done with my RANT. I feel better now!
  • Built it yourself: I only recommend building it yourself if you want the best of the best. My desktop is a custom built PC, but my wife’s PC, my primary Server, and my office PC’s are Dell builds. I bought 3 Dell Desktop 2.8 gig 256 meg for $350 ea w/o monitors. I could not build them for that price. You really can not save money building it yourself when you include your own labor.

Friday, December 10, 2004

Browser Security Issues

A new security alert has been posted at our security web site about a new browser security issue that attempts to obtain your banking information. It affects ALL Browsers and ALL Operating Systems.

To read more about it please go to the security.efsnm.com site:
http://security.efsnm.com/index.php

Thursday, December 09, 2004

Databases Defined

Q: What are all the databases associated with the contents of your wallet? (i.e. your credit cards, library card, driver's license, frequent flyer card, etc.) How secure is the information therein? How much of the information is the same but managed by different companies?

: What are all the databases associated with the contents of your wallet?

Well I must say this is a very vague question. It is impossible to know what “ALL” the databases are. The only thing one can do is conceptualize the question. To be specific there is no way to know what exactly the database(s) that are being used by a company. Any particular company could be using DB2, Oracle, SQL, Access, Text file, MySQL or a proprietary database.

A database is a software application that contains certain types of data. That data is contained inside tables. The review or output of that data is formed by queries. Because the output comes from a query it could come from multiple tables with the database called a schema. With XML it could come from multiple different companies at the same time. The output presentation of the data is a farce designed by the developer(s). Because the data could be coming from different sources at the same time from completely different databases systems and different companies the output of the data is a user concept of what they are looking at and not really an actual singular point in space and time.

Here are real examples of database applications: Oracle or SQL

The term database is often misused. For example my contact database should be said to be my contact data set. The database is an application. The information within the database organized into tables is called a “data set”.

To conceptualize the question in proper terms as data sets not database(s):
  • Credit Cards: these are commerce data sets.
  • Library cards: these are personal and inventory data sets.
  • Drivers Licenses: these are legal, personal and certification data sets.
  • Frequent Flyer Cards: these are personal and commerce data sets.

: How secure is the information therein?

This too is vague. We do not work for the companies; therefore we can only hope the data is secure as it supposed to be limited to the individual user that holds the correct user name and password. When using these systems across the internet an SSL certificate is used to encrypt the data via your browser at a minimum of 128bits. You can tell by looking in your status bar of your browser for the lock icon.


Here is a link on the basics of SSL. We use it everyday and most people don’t even know they are using it. Verisign


: How much of the information is the same but managed by different companies?

This is yet another vague question that can not be answered with accuracy. The truth of the matter is we really do not know, unless you are the system administrator or system designer. As the admin/developer I can make the appearance of data be whatever I want. The output presentation is smoke and mirrors to make huge dataset understandable to the user. The data sets listed, I would hope that none of these systems shared the same information connections. All these systems contain similar data sets such as contact, address and certain personal information.


Understanding Memory

Here is a link to understanding memory.
http://computer.howstuffworks.com/ram.htm

Killing Evil on the Desktop

I have given up on the desktop software that detect evil email, as it was often incorrect, would get corrupted and fail to reinstall even after a registry scrub. For an evil counter measures I have fallen back to the gateway of the internet where it enters a business, usually a single point for a small business. I have installed with most of my customers gateway security software that checks email from evil and spam.

I have tested about 12 different gateway security software programs. Most of them sux and are worthless. I have settled on GFI’s Mail Security and Essential software. It is not perfect but it is the best that I have tested. My customers love it and speak highly of it. The mail security will detect virus some Phishing. I had some customers that were getting 150 virus emails a day. At the desktop they use Symantec Corporate Edition Anti-virus. However the users get frustrated with the anti-virus popping up every few minutes killing evil email. So we kill evil at the gate and the users do not have to deal with see it.

Here is the Security Software:
http://www.gfi.com/mailsecurity/

Here is the SPAM software:
http://www.gfi.com/mes/

It works like this:

Internet
:
Firewall
:
Gateway Server
:
Mail Security Check
:
Mail Spam Check
:
Mail Server
:
Users Outlook

I do not have any desktop security or anti-spam software that I can honestly recommend. I will revisit the desktop for home users at a many the end of 1st Qrt in 2005 after the vendors have released their 2nd Gen apps.

Wednesday, December 08, 2004

Phishing for You

For those who do not know what Phishing is you can checkout this security site as their is an article about it with real world examples.

http://security.efsnm.com/index.php/weblog/phishing_scams/

Tuesday, December 07, 2004

SATA, Firewire and Disk Space

Video editing eats away a ton of disk space. The SATA option will address both your storage and backup issues. I have found that trying to do video editing from a desktop to a server is too slow across a network.

I have had to use Firewire to Firewire network which is built into XP. To move video files from server to PC. I have found that doing all editing on separate hard drives on a local fast PC is best for both rendering and managing video.

I would invest your money into a couple of high end desktops (over a high end server) and a ton of SATA hot swap removable hard drives. That way you can easily store your raw footage, edited footage, rendered DVDs and ISO’s that you may have on really fast high capacity drives.

Two 80Gig hard drive should cover all your music needs to include any mixes that you may be doing. One hard drive can be your master drive and the other drive can be a backup of your cloned music files.

SATA, ISO and Graphics Cards

When buying a new computer you might consider two SATA Drives, one for the OS and the other for your apps and data. Also putting the Windows Swap file on the other hard drive for a bit of an additional performance boost.

I have dual DVD CDRW drives, but I never use them as I had envisioned. Instead I burn my CD’s to a single ISO file to an external Firewire drive. When I need to copy a CD or make several copies the burn times with the ISO are really fast burning from an ISO. I create ISO files for backup only so I do not have to carry so many CD’s.

For gaming you need to look at the video card review from TechTV. The newer games with all the intense eye candy (shadows, reflections, frame rates) are too much for the built in card on the motherboard. I would look at Robert Heron’s Video roundup. I trust him for video card reviews.


I am not a PC gamer (surprisingly). G4TechTv is devoted to gaming and have the better reviews on these matters. Tech support is my game. It is embarrassing when my thirteen old son whip my butt on the Game Cube.

Monday, December 06, 2004

Hardware Concepts

Accuracy of data input is important. What method of data input would be best for each of the following situations and explain why: (Printed questionnaires, Telephone survey, Bank checks, Retail tags, Long documents).

The some reading text would have you believe that a keyboard is the important input device for the listed items. A keyboard is best for long documents as input. For printed questionnaires a scanner as input to scan a specific type of printed survey such as the SAT tests. Voice recognition would be ok for a telephone survey, but still prove to be very inaccurate as input. Telephone surveys are best using the telephones keypad. A specialize bar code scanner for Bank Checks is best as input. A regular bar code scanner found in most shopping centers provides the greatest degree of accuracy as input.

Convenience and quality of output are important. Explain what method of output would be best for each of the following situations and explain why: (Hand held computer, Color photograph, Resume, Memorandum, Statistical report, Company annual report).

This question does not state the purpose of the output. The purpose of the output is changing each day as technology advances. Old ways are morphed into new methods and better management of the data that is outputted. The reading text would lead you to believe that a printer or monitor is best for these items as output.

For a handheld computer the most common method output is a small LCD screen either monochrome or color as output.

A photograph is dependant upon the output intent. Is the photograph for a web site, a database, a printed magazine or for a holographic image? If it is for a picture frame, then a high resolution printer is best to print a photograph that is an electronic high resolution as output.

In the past a standard laser printer would have been best for output of a resume. Today with online databases systems prefer a particular input format of the data from the resume so it maybe disseminated to a large number of potential employers. Tomorrow resumes will be in an XML format to allow seamless integrations with any online job hunting service. For today and tomorrow a monitor either a CRT or LCD is best for a resume as output.

Today many companies have abandoned the old paper memorandums for well formatted emails. Some companies require electronic signatures and encryptions for memorandums. An LCD or CRT is best to view today’s memorandums as output.

Statistical report output is dependant upon who the audience is. A scientist, stock broker or accountant would prefer an LCD or CRT as output. Where as a CEO, board member or the general population that might not have access to a computer would prefer printed stats on paper as output.

Today most company’s annual reports are available online on their websites. However there are a great many that still spend $1,000’s of dollars on glossy paper annual reports for the board members and investors. For the website and LCD or CRT is best for output. For printed reports a commercial based printer is best for output.

Explain the difference between primary storage and secondary storage.

Some text states: “Primary storage is temporary storage, and anything stored in it is lost when someone turns off the power to the computer. Secondary storage, however, is permanent storage; anything stored in secondary storage remains there until the computer changes it, even if someone turns off the power.”

To better understand RAM (Random Access Memory) it is the fastest place to store and retrieve data. On page 13 of the Course Notes it implies that RAM is the primary storage area for the computer. It is the preferred and most common method. It is not the primary area for storage as there are many devices that have RAM such as video cards, network cards, fax cards, the CPU has memory called cache, hard drives have cache and hard drive controllers like a RAID 5 card have cache. These devices also contain firmware that are flash updatable. Your hard drive is the preferred area for permanent storage of data, but not exclusive. RAM is only useful while the computer is turn on. Once the computer is turn off all data being kept in RAM is lost. During the boot process data is read from the hard drive and loaded into RAM most commonly called "memory". The data is kept there for fast access and processing. When things in "memory" get really corrupted, rebooting is the only way to clean out the RAM of the bad data. A cold reboot is preferred. A cold reboot is powering off the computer, wait one minute and power it back on. A warm reboot is just a simply restart. That is fine for the OS but some hardware issues require and cold boot. While the author of reading text calls “memory” primary storage, this is incorrect.

Different types of storage devices are optimal for different situations. Explain what situations are appropriate for the following devices and explain why: (Hard disk, Floppy disk, RAM, CD ROM, Tape).

Floppies, CD-ROMs and Tapes are old school portable media that are quickly being replaced by portable hard dives, and Jump Drives. Most computers today do not have floppy drives or CD-ROMs any more when you go to make a purchase. They are replaced by DVD-/+RW ROMs and Firewire and USB 2.0 devices.

The hard drive is the primary area that the operation system is installed. Most data used by the user is stored on the hard drive. It is the fastest permanent storage media with the highest capacity.

RAM (Random Access Memory) is where information is temporary stored for fast access. It is faster than a hard drive, but it is costly and has less capacity for storage. It has no ability to permanently store data without the aid of battery backup or a secondary power source to keep data alive while the computer is turned off or suspended.

Tape is still commonly used for backup systems, but is quickly falling out of favor for that usage as portable hard dives decline in cost and increase in speed and capacity. Tape Drives have not been able to keep up with removable hard drives in these areas.

Explain the role of each of the following in determining the speed of a computer: (RAM, Clock speed, Data on hard disk, Data on CD ROM, Data on floppy disk).

In today’s computers there are many things that can affect performance or the speed of the computer. These are called bottlenecks.

RAM can be a bottleneck if the bus speeds are faster that the speed of the memory. In the old day’s memory used to be measured in nanoseconds such as 80, 70, and 60ns memory. Today they are measured in clock speeds of PC100, PC133, etc. There are also many difference types of RAM that the reading text has not bothered to talk about that are contained on other devices like the video card and the CPU called cache.

Clock speed is typically referred to as the speed of the CPU. Today other devices have clock speeds such as the video card. The clock speed of the CPU used to be an indicator of how fast the CPU was as compared to other CPU’s. That is no longer the case. The type of CPU is more important to know now rather than the clock speed. For example a Pentium M 1Gig processor is faster than a Pentium 4 1.8Gig processor. So clock speed doesn’t count any more. You have to use a comparison or benchmark chart to figure out which processor is faster.

The “Data” on a floppy or CD-ROM has no bearing on the speed of the computer. The speed of the floppy drive or the speed of the CD-ROM has an affect on the speed of loading/reading data from the media. A floppy drive is by far the slowest device of reading and writing data.

Saturday, December 04, 2004

Getting Started in IT

I was a freshman in high school when I used a similar system. My first program I wrote was a game that I saved, retrieved and played on an ordinary household cassette player. I cut my teeth on the Tandy TRS-80 Model III as that was the computer that changed my life. We had no hard drives back then. Booted the OS from one floppy and use the apps from another floppy. I have a ton of stories about that.

I wrote my first database application as a junior in high school. It was a student schedule database to track where the students were during the day. I pirated a word processor app from a near by school lab and had the first word processor with spell check. As a result my school was so happy they took one of the two computers we had and put it in the front office. I was not happy about that, but it was nice to see my work being used. I latter trained my physics, math and other teachers how to create their tests on the other computer and securely store them on floppies. That was in 1983.

Most of the people I have grown up with in the industry to include my industry hero’s have not completed their degree nor do they have the desire. My degree completion was always a goal of mine. However life and the computer industry was paying me more than would I could make with a degree in Electrical Engineering. I also saw that the universities could not adapt and were way behind on the up take in the tech industry.



Friday, December 03, 2004

Backup Solution Evolution - SATA

Today tape backups are still dominate for both big and small business. It has been the cheapest way to do backup since its invention. Optical archiving and backing up in the mid and late 90’s was an excellent alternative, but it proved to be more costly and computer speed out paced them.

However in the last year Moore’s Law has broken down as many of my customers adapting new technologies have been doubling and tripling the amount of hard disk space that they are consuming with data, photos, and scanned documents. On the commercial real estate side of the business an average contract with high-resolution photos is about 150Meg. For a small business of 10 people they have burned through 80 gigs of RAID 5 SCSI disk space in less than 1.5 years. That kind of server setup is expensive.

As a result the current industry standard 40/80 gig tape backups can not keep up with the demand for more disk space. Since on the small business side we do full backups every night, it “is” taking 12 hours to do backups. We do not do incremental backup do to a history of issues that is too much to go into here. Another problem is the DTL and DAT drives running 12 hours a day shortens their life and they die within 18 months.

We conducted a series of lab tests to determine that most economical way to do backups. I will not cover all the details here, but I will tell you what our final result was. We settled on removable hot swap SATA Hard Drives. Our worst case customer was taking 20 hours to do a 50gig backup with verification. With the SATA Hard Drives it took 2.0 hours to backup and another 1 hour for verification. We were clocking in about 1gig per 2.5mins. Plus since the SATA drive is 160gig that gives us two FULL backups per drive.

The overall hardware verse hardware costs are SATA Hard Drives backup solution is 50% cheaper, 4 times the backup capacity, in 75% less time in a production environment. In our lab we were getting even better speeds and times than this, but those tests were in ideal conditions.

Here are links to the hard and vendors that we chose:

SATA Hot Swap Enclosure - MRK-200ST-BK
http://www.vantecusa.com/product-storage.html

PCI Card - Serial ATA (SATA)
http://www.vantecusa.com/home.html

Serial ATA Hard Drive
http://www.westerndigital.com/en/products/Products.asp?DriveID=57

Veritas Backup Exec Software
http://www.veritas.com/Products/www?c=product&refId=296

I predicate within two years all my customers will no longer be using tape backups as hard drive prices will have killed them. I know; I have seven different tape backup drives that I have had to migrate my archived data from before the drive died and was no longer supported. In my personal opinion tape drives are doomed and good riddance.

Thursday, December 02, 2004

Rapid Application Development Explained

I really hate being the negative one here about RAD (Rapid Application Development) and JAD (Joint Application Development), but these are MBA buzz words and “In a perfect world” concepts. Having been a software developer for 22 years I can tell you that you will not see the JAD methods widely used as described in the text.

First of all RAD is a concept to speed up software development. RAD is accomplished by using other software tools to quickly produce an end product. Visual Basic is a software tool that will aid in RAD. RAD as described in the text do not facilitate speedy development. What is being described are simple shorten phases of the development cycle. You can shorten the phases as much as you want, but if the software developer doesn’t have a tool to make the development go faster then the RAD as describe in the text doesn’t work.

These are just a few, as there are hundreds of variations on a theme. The JAD method is ideal for internal business need development as the company can afford to a lot such human resources.

Typically the company is unwilling to a lot that much human resources as all the development teams have more work than they can handle. It is terrible expensive to employ JAD as described in the text and you will find modified versions that are really scaled back. Scaled back JAD is also true with custom development as TIME is money therefore the costs would be greater than what the customer would be willing to pay.

If you do a Google search on JAD at Microsoft, Apple or Sun you will not find a single reference to this concept and these guys are world leaders in software application development.

Also in the JAD method there is no mention of Scope CREEP. That occurs as the project is expanded to accommodate additional features and functionality. That leads to a whole different set of issues we can discuss later.


Wednesday, December 01, 2004

Virtual Offices

Q: What are the advantages and disadvantages of virtual offices, including telecommuting?

Virtual Offices and Telecommuting are older terms used in the late 90’s that are marketing buzz words that have no physical association to a thing, device or software. They are mental concepts that could be a collection of a whole host of devices, software, connections and configurations. Once these collections are assembled they form an area in which people from the same company can share and manage information that aids in running the company. This information is not usually accessed by people that do not belong to the company.

The information is accessible outside the office by various means such as VPN (virtual private networks), dial-up, or dedicated connections such as old school ISDN connections. These connections are also encrypted. The latest industry trend is to out source the services to a third part company called an ASP (application service provider).

My company uses both concepts. Our internal servers manage our internal systems. A company called http://intranets.com at (to view the demo) hosts our virtual office. The term virtual office is being replaced by the following terms which have a more exacts meaning: “intranets”; VPN; work from home; and road warrior.

The advantages are remote access to all your information, any place and any time. The disadvantages are remote access to all your information, any place and any time. Having this unprecedented access to that much information allows people who work at the office to work at home and on the road, and people who like their work tend to work even more, putting in a lot of hours. Family and social life can be affected.

I have remote access ability from just about anywhere in the United States, except rural areas without telephone or cell phone service. Outside the U.S. remote access is much more difficult and very expensive. I await the cheap satellite data phone access and that problem will be resolved.

The studies you to believe that the local communities that the business is in would be affected by virtual offices and that is a disadvantage. That is pure nonsense. I am not sure where that came from but it is definitely wrong. It has a positive impact as it aids in reducing travel and fighting traffic.

If there is any contribution made by a person that consumes resources in the area of the business office, that consumption is simply transferred to the local community where that employee is working.

For example, if I eat lunch at several places near my office, working from home I will be eating from the restaurants in my community. I would prefer to support my community over a place that has a tax break for a business office building.

Wednesday, November 24, 2004

WWW vs Internet

The Internet and WWW are two different things often misunderstood. The Internet is a collection of networked devices using a common protocol (i.e. TCP/IP) over a wide global area. WWW or World Wide Web utilizes a single protocol called HTTP (Hyper Text Transfer Protocol) that runs across TCP/IP using the common port 80 on a web server that transmits to a Browser HTML code. This is one protocol of hundreds that use the internet.

HTTP was developed by Tim Berners-Lee so he could format the plain text coming from a legacy system. This single protocol coupled with the ability for business to be able use the internet (which was limited only to Universities) made the Internet usage explode.

The internet is often thought of as your web browsers, but that is just one application that uses the internet. Others are FTP port 21, Email (SMTP port 25 / POP3 port 110), NNTP 119/433 (these newsgroups) and Telnet port 23 are a few. One old protocol no longer used is Gopher, which was a text menuing systems that allows different system to connected and was the old way of browsing. The University of Minnesota used to the mother gopher where most people began their browser via text. These are just a few examples.

Links:
Inventor of WWW:
http://www.w3.org/People/all#timbl

Web History:
http://www.w3.org/History.html

Tuesday, November 23, 2004

Why you should Protect Yourself

Q: Exactly what are we trying to protect? It has a lot to do with our culture and the fact that they named rogue programs viruses.

As a practicing tech support guy I can give you real world examples as to why you should care and worry:

Scenario One: Imagine it is 11:50 pm, you just finished typing up a paper for this class that was 16 pages in the APA format. Now imagine that you have saved your document, only to realize that your document has just been deleted by a virus and the virus flashed the BIOS of your motherboard, and the firmware on the hard drive with corrupted data. Now not only have you lost your document that can not be replaced but your motherboard has been permanently be destroyed as well as the hard drive.

Scenario Two: A simple spyware program gets on to your pc via a popup and steals your bank account and credit card info. You monthly statement comes with a 100 or more monthly statements from other credit cards companies that you did not setup accounts yourself and now your owe $100,000 in debt legally.

Everyone needs to take defensive measures for safe computing. Otherwise you may find yourself at the wrong end of someone else's evil.


Q: To answer the question posed, we should blame Microsoft for all of the viruses. If they hadn't gone around making people angry, these mad computer scientists would never have created these things.

Blaming Microsoft for all the viruses is like blaming god who created us for all our problems. Individual people are the responsible ones not Microsoft. If someone takes a butter knife and kills someone, is the person that did the killing or the butter knifes manufactures fault.

If you read the department of homelands security's web site you will see that there are just as many holes and security issues with Linux and a ton of others software and devices.

http://www.us-cert.gov/

As for the mad computer scientist his motive is profit and there is no profit in a virus. It is a well known documented fact that the vast majority of viruses are written by teens with virus writing tool kits freely available for download. The guys are known as script kiddies.

Don't get me wrong, I am not defending Microsoft, as there IS a lot they could do to help curb the issues too.

Monday, November 22, 2004

Information Systems Explained

Q: What is an information system? What are the components? In your work environment, describe the information system you utilize. (i.e. hardware, number and type of users, advantages/disadvantages).

What is an information system?

An information system is an ever evolving concept that involves a number of things both physical and abstract. The reading material defines an information system as a collection of 5 components (hardware, software, stored data, personnel and procedures). Having evolved with technology as it evolved I disagree with this definition of an information system.

An information system is broken down into to basic elements hardware (the physical) and software (the logical abstract).

The hardware element is all of things referred to in the text that are used to process, store and transmitted data via some type of medium either wired or wireless. The text does not give the new student to technology a clear picture of what the hardware layer looks like. Below I have attached a common small business hardware configuration. A big business diagram would look much the same but with more devices and connections.

The software layer is the non tangible logical abstract. It is a series of bits arranged in a manner that information can be manipulated and stored. It is stored in a machine readable format and displayed in a human readable format. This logical layer uses the hardware layer to transmit and receive data. You can review the software layer diagram below.

What are the components?

The provided reading material states that there are 5 major components (hardware, software, stored data, personnel and procedures). I argue against this as I have already defined hardware and software.

The reason I do not consider stored data as part of the overall is it is a hardware device that provides yet one function. It is part of the hardware layer.

The reason I do not consider people as part of the equation is an information system does run without people. People are the users of the system are not a direct component of the system. In order to qualify as a component I used this process; if the component is removed will the system stop? If a person dies the system will still continue to function.

I do not consider procedures as a part of the component as that is an element of software. The text has you to believe that it is part of explaining how to use the information system. If that were true then we would spend our entire life understanding how the information system works. A person does not need to know how a watch works in order to tell time. Nor does a person need to understand how an internal combustion engine works in order to drive a car. A person is a user of the watch, not a component of the watch that makes it work. The human procedure component as the text states, is a very tiny part that does not hold enough weight.

Q: In your work environment, describe the information system you utilize. (i.e. hardware, number and type of users, advantages/disadvantages).

Please see my diagram as a picture tells a 1,000 words for the hardware and software systems. The advantages are processing more information, from anywhere, anytime. The disadvantages are you are processing more information, from anywhere, anytime. It is a double edge sword that cuts both ways. The diagram below generically represent a company's information system.

Sunday, November 21, 2004

Systems Approach

Since I have been apart of technology for the last 22 years and have a great deal of experience in its use, deployment and I work the front lines of business technology daily. I am somewhat constructively critical.

Defining the Systems Approach

The systems approach is a collection of components that work together in order to share information. It is an abstract concept that is defining the way information is shared, stored and processed. It uses for basic functions, input, process, storage and output. These concepts do not correlate with the actual way an information system works. They are simple concepts being conveyed. These are the text book ways.

There are 5 major components of an information system. The provided reading material states that there are 5 major components (hardware, software, stored data, personnel and procedures).

A component is a part of a system that is needed in order for that system to work. The
hardware element is all of things referred to in the text that are used to process, store and transmitted data via some type of medium either wired or wireless.

The software layer is the non tangible logical abstract. It is a series of bits arranged in a manner that information can be manipulated and stored. It is stored in a machine readable format and displayed in a human readable format. This logical layer uses the hardware layer to transmit and receive data.

The reason I do not consider stored data as part of the overall, because it is a hardware device that provides yet one function. It is part of the hardware layer.

The reason I do not consider people as part of the equation is an information system does run without people. People are the users of the system are not a direct component of the system. In order to qualify as a component I used this process; if the component is removed will the system stop? If a person dies the system will still continue to function. People are used to build and maintain the system and users use the system, but the system does not require a human in order to perform its tasks.

I do not consider procedures as a part of the component as that is an element of software. The text has you to believe that it is part of explaining how to use the information system. If that were true then we would spend our entire life understanding how the information system works. A person does not need to know how a watch works in order to tell time. Nor does a person need to understand how an internal combustion engine works in order to drive a car. A person is a user of the watch, not a component of the watch that makes it work. The human procedure component as the text states is a very tiny part that does not hold enough weight to be a component of a system.


Explaining the Different Roles in Systems Development

Having been a systems analyst, a telecommunications analyst and now a certified systems engineer, I can clearly stated that the role called “systems analyst” is an old term used in large companies as a pay grade reference.

It no longer defines or is used as it is stated in the text. For a large company the roles for systems development are broken down in to categories not defined in the text. For big iron mainframe the groups are commonly called datacenter analyst, for server systems they are called systems engineers, for local area networks they are called network engineers, for connectivity they are called telecommunications engineers, for tech support they are called tech support specialist.

The names may vary from company to company, but the roles and areas are much the same and require a small army to support 1,000’s of people. For smaller company they typically depend on outside support and are called system engineers. That is what they do engineer, design, build and maintain information systems.

The text calls the roles just systems analysts, project teams, users and programmers. There is a ton of roles missing from the text. As a result I find it to be misleading for the new person learning about the roles for the first time.


Explaining and Defining Systems Development Life Cycle

The text explains that the system development life cycle (SDLC), yet another executive buzz word, is divided in five main phases.
  • System Planning
  • System Analysis
  • System Design
  • System Implementation
  • System Maintenance

Since there is no certifying agency that controls this definition from company to company the structure of the SDLC may vary greatly. I agree with the author that these are the main items. However the phases of a project most of the time do not correspond to the phases listed in the text. In a perfect world that would be nice. Due to geographical makeup, the organizational makeup, the financial makeup, the leadership skills of the project teams, the impact goals of the company, the presidential directives largely dictate how the phases of a project may break out. So of the items listed above may be in the same phase or span several phases.


Defining and Explaining What Comprises a Feasibility Study

A feasibility analysis is an excellent tool to determine the technical, operational, and economical feasibly of a new system. This is a step/phase that is often not done or not done properly in large companies. If this step was done more, large companies would save a lot more money. There are two scales to a feasibility analyses not mentioned in the text, and that is large scale and small scale. The end result of a feasibility study is to cost justify the project (a.k.a. from the text “cost/benefit analysis”)

On a large scale the analysis is long and can be drawn out. It is sometimes given to a person that does not have the knowledge in other areas of the information systems. They in turn spend a great deal of time collecting information about other systems.

On a small scale a systems engineer can evaluate a project based upon his past experiences and draw conclusions quickly without the formal process as described in the text.


Saturday, November 20, 2004

Smaller, Faster and Cheaper

The ENIAC which was the first digital computer and it was huge! It had less power than the original IBM AT 8086 desktop which was 8 MHz with 512k of RAM. I still have one and use it for my world clock, not much use for it after that.

More about the ENIAC:
http://ftp.arl.army.mil/~mike/comphist/96summary/

Computer Historical Photos:
http://ftp.arl.army.mil/ftp/historic-computers/

Another example would be when I worked at a fortune 25 companies our Big Iron IBM mainframe had 40 Meg hard drives that were as big as a full size refrigerator. We had 60 of them and they we water cooled. Years later they were replaced with one unit that was about the size of one full size refrigerator that held 90gig. All of the 40 meg drives where removed. We have so much empty space left in the data center management held a celebration putting tournament in the empty space with 18 putting holes.

Here is funny story on the 40 meg refrigerator hard drives. A third party company was contract to remove and dispose of the hardware. They loaded them onto a Simi, but did not tie them down or lock the wheels on the hard drives. As a result when the truck pulled out of the loading dock as started up the hill all the hard drives shifted to the back of the trailer ripping the doors off, dumping them all on the ground and some roll back down the hill. What a mess that was. We were glad that was not our project.

That was the last time I saw a hard drive with wheels!

Friday, November 19, 2004

Hardware Reviews & Research

Here are a couple of links that I use regularly. They contain the latest information on hardware reviews and pricing. The best way to learn more about hardware and components is to read the review sites and check on the pricing. I used to use Computer Shopper magazine back when it was the size of a telephone book each month. It was a great tool to stay on top of the latest stuff. Now I do everything online at these links and others. Note, I do not always purchase from these sites. I use them to get the latest info and price comparison.

Tom's Hardware
http://www.tomshardware.com/

Price Watch
http://www.pricewatch.com/

Thursday, November 18, 2004

Management Implications of Tech Trends

Q: What are the implications for management of each of the following trends:
  • Reduction in cost of hardware with time
  • Reduction in size of hardware with time
  • Increase in power of hardware with time
Implication means consequence. The obvious benefits are better management of information and better productivity. The benefits listed in the text are better quality information, more accurate, helps to provide improved service, increase in productivity (which means doing a lot more in the same amount of available time). Instead of completing 5 things in 8 hours you are completing 30 things in 8 hours. They also provide competitive advantages.

One would think that the trends stated above would have a positive impact on your business. The key word in those items list is time. The only positive benefits that can be reaped is in the future purchases of that better hardware. There is no benefits to a business currents state and does impact a business in negative ways. This is not stated in the text provided.

Taking your current business state with the huge investment in hardware, software, engineering and ongoing support costs, a reduction of cost, size and an increase in power of hardware can affect the business by allowing competitors who are in a position to purchase and deploy the hardware into production immediately.

Most businesses have a fixed budget in which they can afford to purchase, lease and write-off the hardware as a capital expense. If a business is held in financial hostage and can not afford to make the purchase of the faster better hardware, then they are at a disadvantage point against those who can make the purchase.

I see this every day as businesses try to squeeze every last ounce out of their purchases to get a return on their investment, more commonly know as ROI. Microsoft in there marketing packages called this the “Total Cost of Ownership”.

How to know when to upgrade is easy. Is the overall cost of doing business losing money using the existing hardware? If so, can the current company financial state afford to make the purchase relevant to the loss in doing business with the current hardware?

So the overall implications as a result of faster, smaller, cheaper hardware puts companies with current heavy investment at a disadvantage. However as the company is able to afford in the future the newer faster, smaller, cheaper hardware it will greatly benefit the company.

Another key word in the question is “hardware”. Notice that there was no mention of software. Software has its own dynamics.

Monday, October 25, 2004

Cost-Benefit Analysis & Decision Tree


Cost-Benefit Analysis is a tool used to determine what costs are associated with decision making and problem solving. A cost-benefit analysis can be simple basic math or as complex as one presented by Center for Information Technology - National Institutes of Health.

A simple cost-benefit analysis would be how much time would it take to resolve the problem and what is the rate of the person solving the problem.

  • If a problem takes 30 minutes to resolve at Technician A’s rate of $150.00 per hour, then the cost to resolve the problem would be $75.00.
  • If a problem takes 1 hour to resolve at Technician B’s rate of $100.00 per hour, then the cost to resolve the problem would be $100.00.
  • If a problem takes 4 hours to resolve at Technician C’s rate of $50.00 per hour, then the cost to resolve the problem would be $200.00.

So the rates are relevant to the skills of the tech. In this case cheaper rates don’t mean it is less expensive to solve a problem. This is a simple example of cost-benefit analysis.

A more complex and involved cost-benefit analysis would be like what the Center for Information Technology - National Institutes of Health uses. They implemented in their management guide a section that identifies the cost benefits analysis as a part of a requirement that was previously established in the Paperwork Reduction Act (PRA) of 1995 and implemented by the Office of Management and Budget (OMB) in revisions to OMB A-130.

They define Cost-Benefit Analysis as: Preparing an analysis for IT initiatives to demonstrate how the IT resource will meet ICD mission requirements, support ongoing management oversight processes, maximize return on investment and minimize financial and operational risk;

  • In section 5.1 of the NIH IT Management Guide the first step is to define the problem.
  • In Section 5.5 they use a number of tools and techniques to determine IT performance measures. These tool and techniques are very similar to the one we are studying in this class.
  • In Section 5.6 Prepare Cost Benefit Analysis they use this tool as their primary justification for the development or major modification of an IT system. So the Cost-Benefit analysis result plays a major role in determining if the project or problem to be solved will be doable. The key to the cost benefit analysis for the NIH IT is to make it commensurate with the size and complexity of the system.
  • In Section 5.6 they refer to a number of governmental and regulatory documents to help guide them in there cost-benefit analysis. This means that the cost-benefit analysis is not as straight forward as simple math. A regulatory requirement could very easily cause the costs of a solution to sky rocket. This is one example of why many government projects have budget over runs and are a sign that a proper or complete cost benefit analysis was not conducted.

A Decision Tree is typically used with deductive logical thinking. It is used with most all the elements are known and the problem has clearly been identified. It is used to help guide the way through the problem to the end result solution. A Decision Tree where the problem is known, a tree is already pre-rendered and can be easily followed.

A Decision Tree can also be used to help state goals and define specific tasks necessary to reach that goal for a particular project and in planning. In this case no decision tree may exist. Therefore it must be constructed.

A Decision Tree can be constructed by using backward planning to build the task lists and their groupings. Backward planning starts with asking the question: What is the finial task to be completed? What are the supporting tasks for that task? You repeat the process for all supporting tasks and sub tasks. The Decision Tree’s backward planning method provides a road map to follow to the finial task.

There are many software programs that can help in the creation of a Decision Tree. The Decision Tree Example below was created in Microsoft Visio. Microsoft Paint Brush and Microsoft Project are just a few applications to help in creating a decision tree. Simple pencil and paper will work too. In Microsoft Word the Outline feature can be used as a quick way of getting your thoughts down and sub tasks to list them. I prefer that method over the Visio method.