Paulishing

I've moved this blog from the generic blogspot.com domain to my own ... paulishing.com.

Paulishing is a term I made up at NewPage Corporation where part of what I did was review documents and presentations for spelling, grammar and clarity, basically polishing up documents.  So Paulishing is just a twist on polishing, and reflects my love of writing.

The old blogspot link will redirect to the new.  The direct link to the new name is:

http://technologyviewpoint.paulishing.com/

Despicable Words

There are a few fashionable words and phrases thrown about in business that I simply can’t stand. They are used to shut down conversation, make something sound like something it’s not, or ask for something in a way they don’t mean. Here is my list of un-favorites.

• Best Practices - I despise this one the most because it doesn’t mean a damn thing. “Our product incorporates Best Practices”. Really? How did you know that? How did you come to that conclusion? Which other practices were considered and why were they rejected as only good? Never an answer. It’s just marketing BS to make their stuff sound better than the competition.

• Intuitive - “the ability to understand something immediately, without the need for conscious reasoning” is the dictionary definition. Generally used by technology vendors to make it sound like using their software is child’s play, and you, the buyer should feel ashamed if you don’t understand it at first glance.

• Partnership - “an arrangement where parties, known as partners, agree to cooperate to advance their mutual interests”. Generally used in business to shut down any conversation on why a particular vendor is preferred even when they cost way too much or deliver crappy service. Just ask what’s the “mutual interest”. Nada.

• Candid - Makes it sound like the requester is looking for an honest opinion and is expecting to hear the worst. Try that someday and tell me how that worked for you.

• Politically Correct - A “polite” way of saying that it’s not fair or not right, but we do it anyway. If you’re the one being told that, that generally means you’re the one being screwed. Has nothing to do with politics, where being politically correct has true value.

• To Tell The Truth and Well Honestly - How did these ever get any traction? It’s like they’re saying “I lie most of the time, but just this once I’ll give you the truth”. Should I just ignore everything you say until you preface it with “Hey I’m not lying this time”?

If you catch me rolling my eyes after any of these words are spoken, you’ll know you’ve just tapped my “that’s just plain stupid” nerve and I’ve likely just tuned you out. Just so you’re forewarned.

Wireshark and AWK

In the world of technology, guessing (or blaming) games as to the source of a problem seem to be a time-honored pastime.  While I’m not against the occasional bout, life’s too short to constantly repeat a loop of “guess-and-be-wrong” before stumbling upon the right solution, or giving up to find another game to play.

Seeing is believing, and in the computer world, a “Sniffer” trace, a capture of every bit of data flowing on a network is a great source of seeing.  A real “Sniffer” is an expensive device, deployed by a network guru, and is overkill for most diagnostic data capture.  Enter Wireshark, a free (I love free) software package that runs on Windows, Mac and Linux that captures every bit of data that enters or exits the machine it’s running on.  In most cases you crank it up, recreate your problem, stop the capture and scroll through a few thousand packets, looking for something out of place.  There’s also the capability to filter those packets to just those you’re interested in, for example DNS look-ups, reducing your search to a manageable few.

But what to do when you need to capture millions of packets over an hour or more when you’re looking for a needle in a haystack?  One solution I’ve found very effective is employ a small AWK formatting program.  AWK is a sleek programming language, named after its creators, Aho, Weinberger and Kernighan.  I’ll demonstrate one example of how I used this combination to help find one of those needles, including the AWK source code.

The problem involved trying to eliminate the printing of an unused label from an application with limited source code and even less documentation.  On the positive side, the application keeps just about everything in an SQLServer database.  I was hoping that capturing and analysing the database traffic between the app server and database server would reveal clues on how the label printing application worked.

To start, I ran a Wireshark trace on the app server, capturing all packets without any filters.  I stopped the trace after a label was printed and exported all packets using the “File...Export Packet Dissections…” as a text file.  There are a number of options on what to export, but only the Packet Header and Packet Bytes are needed, so I made sure only those two selection boxes were checked.  The resulting text file has many lines per packet, and it’s too tedious to scan down to find clues and near impossible to make Find commands useful.  Having one, long line for each packet is much more useful.  Enter the AWK code.

I use the GNU version of AWK which can be downloaded from:     http://gnuwin32.sourceforge.net/packages/gawk.htm

Besides AWK being a simple programming language that is very good at handing strings, I also find that having a single, stand-alone executable (gawk.exe) much easier to deploy, with no Windows installation, DLL’s or configuration files.  I keep the executable in same directory as all the input files I use and output files I create, C:\GAWK, which avoids the tedium of having repeatedly spell out directory paths.  To run the formatting program (code included below), open a Command Prompt, navigate to the C:\GAWK directory and enter the following command, replacing the italicized file names with the appropriate names.

< input file gawk.exe -f printpdml.awk > output file

The “< input file” throws the file into the input stream.  “-f printpdml.awk” tells “gawk.exe” which file contains the program code and “> output file” sends all the program’s print output to the named file.

The resulting file contains the desired one line per packet, and while I’m not claiming it’s perfect, it’s 90% of the way there.  In the case of the unwanted label, I was able to quickly find where the label printed, then backed up to find a Stored Procedure that looked appropriate. Searching that procedure led to another procedure that inserted one database record for each label.  Commenting out the unwanted insert resolved the issue.

Not bad for less than an hour’s time and using two free programs.

Source Code for “printpdml.awk”

# This awk program formats that text file into a smaller, more readable format.

#

BEGIN {

  line = "";

}

# Print the single, consolidated line collected by the code below.

{

if (NF < 2) {

  if (length(line) > 0) {

     print packet " " time " " source " " destination " " line;

     line = "";

     }

  }

#

# Get the information from the Packet Header line.

#

# This code assumes that the first field is the packet number, the second and third are the

# date/time, the fourth and fifth are the the source IP/port, and the sixth and seventh are the

# destination IP/port.  Most importantly, it assumes a “2” in column 9 of any line represents a

# header line.  These may need adjusted depending on the exact format of your export.

#

if (substr($0,9,1) == "2") {

  packet = $1;

  time = $2 ":" $3;

  source = $4 ":" $5;

  destination = $6 ":" $7;

  next;

  }

#

# Ignore the first three lines and part of the fourth of the Packet Bytes lines,

# which contain unneeded network header information.

#

if (substr($0,1,4) == "0000") {next;}

if (substr($0,1,4) == "0010") {next;}

if (substr($0,1,4) == "0020") {next;}

if (substr($0,1,4) == "0030") {i=8;} else {i=2;}

#

# Get the information from the Packet Bytes lines.

#

# Ignoring binary zeroes (“00”) reduces the line size and makes

# seeing and finding things much easier.

#

while (i < 18) {

  if (substr($0,7+((i-2)*3),2) != "00") {

     line = line substr($0,i+55,1);

     }

  i++;

  }

}

GMail to GSheet App Script

It’s a typical IT practice to send alert messages via email, enabling a quicker and more informed response. That’s great for responding to individual incidents, but not to attempt to see any patterns in these messages or to generate daily reports to show trends. An easy solution is to create a free (I love free) GMail account and add it to the distribution list of the alert messages. Then add a Google App script to process each message and add selected message details to a Google Sheet. Sample code to process a message is included below.

Here’s a blow-by-blow description of what’s needed.

1. Create a new GMail account
2. Forward a few test emails to the new account
3. Log into the new Gmail account
4. Go to drive.google.com
5. Create the Google Sheet that will contain your information
6. Go to script.google.com
7. Paste in the sample code, replacing the shell code provided
8. Change the sample code to meet your needs
9. Give your project a name
10. Click the Run menu item to test out your code
11. Click the View menu item for additional debugging information
12. Click the Resource menu item and “Current project’s triggers”
13. Add a trigger to run the code at your desired interval

The final step you will probably want to add is a GMail filter to automatically archive the daily Google App Script summary email. You could add it to your code, but it’s a bit easier to just use a filter.

That’s it. Your data is now being collected in a Google Sheet awaiting your inspection, analysis, reporting and charting.

A good starting point for learning more about Google App Script can be found at:

https://developers.google.com/apps-script/

SAMPLE CODE

function processInboxToSheet() {

//  

// Grab up to 100 threads in the Inbox

//

 var start = 0;

 var threads = GmailApp.getInboxThreads(start, 100);

//

// SPREADSHEET_URL contains the URL of your Google Sheet. Replace

//    “YOUR SHEET” with your name.

// SHEET_NAME contains the name of the tab to append data to

//

 var SPREADSHEET_URL = 'https://docs.google.com/spreadsheets/YOUR SHEET/edit?usp=sharing';

 var SHEET_NAME = 'Sheet1';

 var result = [];

 var spreadsheet = SpreadsheetApp.openByUrl(SPREADSHEET_URL);

 var sheet = spreadsheet.getSheetByName(SHEET_NAME);

//

// Looping through the threads

// Get the message, then get the body of the email in plain text  

//

 for (var i = 0; i < threads.length; i++) {

   var messages = threads[i].getMessages();

   var content = messages[0].getPlainBody();

//

// If there is a body to the email, process its contents

//

   if (content) {

     var date;

     var time;

     var interface;

     var message;

//

// The body is returned as one long string.  I prefer to process it

// line by line, so use “.split” to load an array, each line separated

// by a new line.

//

     var array1 = [{}];

     array1 = content.split("\n");

//

// This is where your specific data gathering logic is placed

//

     for(var n in array1) {        

        if (array1[n].substring(0,11) == 'DATE/TIME =') {

           date = array1[n].substring(13,array1[n].length-9);

           time = array1[n].substring(23,array1[n].length);

        }

        if (array1[n].substring(0,8) == 'MESSAGE =') {

           message = array1[n].substring(11,array1[n].length);

        }

     }

//

// Add a row to the end of the sheet

//

     sheet.appendRow([date,time,message]);

//

// Finally, mark the message as read and move it to the archive

//

     threads[i].markRead();

     threads[i].moveToArchive();

     Utilities.sleep(500);

   }

 }

}

Buyers Seek Sellers

In the normal course of my life I am a buyer. I buy groceries, gadgets on Amazon and occasionally a new car or furniture. In all these cases I select the seller and go to their marketplace, electronic or physical, to search for the exact product I want. This system works well for me, it's efficient and doesn't waste my time.

Then there are the others, like the door-to-door salesperson, hoping to find that I have carpet in my house so I will submit to a demonstration of their multi-thousand dollar amazing carpet cleaner and high-pressure me into buying one. Sadly they see hardware flooring and trudge away. But it's still a waste of time to answer the door and say no. And there are the alternate electric and natural gas suppliers, various religious groups and magazine sales people. Sellers seeking buyers is very annoying, even more so when they use my email inbox to get my attention that way. Even with spam filters and blacklists they get through on a routine basis.

Perhaps this is why the job seeker is in such a bad position. They are a seller of services trying to find a buyer. This should be very inefficient, if not downright annoying, to the buyer. And it is. Digging through dozens or even hundreds of resumes per job posting, hoping to find some keywords that differentiate a few applicants that deserve a first interview. To make matters worse, the job seeker usually doesn’t find the hiring manager directly, at least not until the first interview, if then. So we end up with a seller dealing with an agent (HR) of the buyer. Or even worse, a seller dealing with an agent (recruiting firm) of the agent (HR) of the buyer. Not surprising this situation is horribly inefficient and terribly frustrating.

Solving this situation is the purpose of a reverse job fair. A typical job fair has the buyer occupying a booth with the sellers wandering around trying to figure out who to talk to. The reverse job fair flips this. The seller occupies the booth and the buyer seeks the type of seller they need. This makes the marketing of the seller at the forefront. If it was me, my booth would clearly display my talents, experiences and the types of positions that interest me. A buyer would immediately know if I’m the type of seller they are looking for, and not waste their time, nor mine. A short, face-to-face conversation between the buyer and seller will quickly determine if there is mutual interest in taking the next step.   

So at first blush a reverse job fair might seem like a strange idea. But applying the rule that buyer’s seeking seller’s is the proper direction, you can quickly understand why a reverse job fair is not just a great idea, it’s simply following the same path that you, the consumer, know is the right way to approach any purchasing decision.

Recent MIS Careers

The increasing complexity of modern businesses, opportunities driven by continually decreasing technology costs and the dependence on these technology assets have led to similar patterns of problems across many companies. The right projects are not being identified, selected or scoped properly. Projects are not consistently completed, often delivered late or come in significantly over budget. Business decisions are made without solid understanding, even though we're seemingly swimming in data, spread throughout the company's disparate systems. Computer viruses, social engineering attacks and headline-making data breaches are causing Board-level attention to the risks, threats and reality they pose. Each of these problems in turn create career opportunities for the creative, the disciplined and the deeply curious. And these in turn created the demand for advanced degrees and concentration in these specialized areas.

That led me to take a critical look at the creation of four concentrations within the University and Dayton's graduate Management Information Systems (MIS) program. The business problems described above are addressed by focused curriculum on Business Analysis and Design, Project Management, Business Intelligence and Cyber-Security.

I put a single word to describe each of these, hoping that might lend some insight. Here's what they mean to me.

• Business Analysis and Design - “Starting”
• Project Management - “Finishing”
• Business Intelligence - “Knowing"
• Cyber-Security - “Protecting”

So what does that mean to a prospective student? That depends on understanding what you really like to do. That can be a difficult introspection for those early in their adulthood, and those preferences can change over a lifetime. But perhaps some guidance or direction can be gained by seeing which of the following, if any, is appealing.

"Starting" appeals to the creative person who sees a blank sheet of paper as their type of challenge, willing to explore the unknown and quickly turn around when they’re headed down a dead-end alley. One win amidst five losses is not just OK, but the way they want their world to work. Like many entrepreneurs, they are big-picture risk-takers, flexible and open-minded.

"Finishing" appeals to the disciplined person that defines success as getting it done, completed, put to bed. They like picking up a defined project with clear goals, laying out responsibilities, caring about the details, clearly communicating, understanding the interdependencies among hundreds or thousands of tasks and being the task-master, holding people accountable for completing their parts on time. They deal with the inevitable roadblocks, bottlenecks and issues, finding creative ways to restructure the plan to meet the objectives.

"Knowing" appeals to people that like bringing clarity, a deeper understanding or a new insight into an existing situation and the persistence to solve complex problems. Most of the data that exists within companies start in transaction-based systems. This data is structured to support running their defined business processes, but it's typical that this data is not designed to help support changing those processes. Merging this type of data, which can originate in many different systems, and performing advanced analysis is an appealing big reward, big challenge puzzle.

"Protecting" appeals to the safety minded, those who look to defend their set of technology assets, increasingly a "life or death" struggle, to ward off computer hackers, data thieves and anyone with an agenda against their company. It's an environment of constant learning and challenge as these criminals employ the latest techniques against both the technology and their users. You must be ever vigilant, never satisfied or complacent, and persevere through the tough times, as most companies will be compromised at some point from either external or internal threats.

All four MIS concentrations should provide a long-term career as their underlying business and technology drivers continue to become ever larger and more complex. If one or more of the above sounds like your type of challenge, explore them with the faculty at your university.

A Dose Of Human Reality

In the world of computer security, much depends on users selecting complex passwords and avoiding using known information like their children’s names or their favorite hobbies. It’s really important, and we count on their active involvement.

Now, a dose of human reality.

These are the same folks that slow down to 60 mph in a 70 mph zone when they see a police car, the same folks that won’t put a new roll of toilet paper to replace the one they just finished, and the same people that never make more coffee even when there’s ⅛” left in the pot.   

So now let’s head down the path of password construction, adding the human element.

In the beginning, well, not really THE beginning, but since we have to start somewhere, let’s baseline with the common 8-character password, which has about 200 billion (26**8) possible, lowercase combinations. Of course, there are many more when you factor in their uppercase and numerical brethren, but why add pressing the shift key or reaching for the top row when it isn't necessary?

Now, for whatever reason, real, imaginary, or just job security, the powers decided that a number was needed to increase that 200 billion even higher. Now there will be nearly 3 trillion (36**8) possible combinations, clearly much better.

Now, a dose of human reality.

We replaced the 8th character with a number, so we actually reduced the actual combinations down to 80 billion ((26**7)*10), clearly a step backward. But we really appreciated that we no longer had to decide on a new password each time; we just incremented the number on the end. Thanks for the tip, IT!

Well, that last one didn’t work out so well, so now the word came down from high that a capital letter and a number would both be required.  That would increase the possible combinations to over 200 trillion (62**8). Now we're really getting somewhere!

Now, a dose of human reality.

We all just capitalized the first letter, so we’re still stuck back at 80 billion.  What the heck did they think we would do? Then they tried requiring a special character, which we all put as the last character, and moved the number up to position 7. Since there are fewer special characters than letters, we're now down to about 30 billion or so combinations.

Frustrated that these stupid humans just won’t get with the program, they recommend that we build a password from a phrase.  So using the last sentence as the phrase, we generate an 8-character password of “Fttshjwg”, then change the “s” to a “3” and the “j” to a “!”, resulting in the beautifully constructed password of “Ftt3h!wg”.  

Now, a dose of human reality.

No. You people have lost your minds or are smoking funny things. Perhaps both.

Then more advice. Change your password every 60 days, never use the same password across sites, and never, ever write them down.

Not just no, but HELL NO! You guys are in serious need of rehab.  

So why don't we go really nuts and have Unicode passwords, and we'll have umpteen jillion combinations.  Mine will be the following, made from Greek, Gaelic, Russian, French, Roman Numeral, and Latin Script, Dotless and Cedilla. And an easy phrase for me to remember.

ΒÍТÊⅯℰıţ