Sunday, October 10, 2010

From Potholes to Graffiti: A Primer to Civic Engagement


In February, I saw an article about Tucson, Arizona, using SeeClickFix.com (SCF) to report potholes and reported the 2-foot pothole in my neighborhood.  Wow, it was fixed in a few days!  I never thought the city could be so responsive, this is great!

Commuting by bike, I see graffiti (tags) on utility and light poles, utility boxes, signs, curbs, everywhere.  The tags are a visual blight in the city, a cancer, a disease to be treated.  Because SCF allows users to post other types of issues including graffiti, I hoped with SCF I could help the city fight this disease and keep the vandalism from lowering our property values.  The article I read did not say the City was using SCF for anything other than potholes, but it is worth a shot.  I used SCF to report some graffiti near my neighborhood.  Unfortunately, it was not fixed quickly like the pothole.

A couple of months later while searching for something else on the city’s web site, I found that the city has a web form and email address to request graffiti abatement.  I quickly realized the city’s form and email address are black holes.  There is no tracking or feedback mechanism.  In July, when a wall near my house was tagged, I used both SCF and the City’s web form.  The graffiti was removed in a few days.  The graffiti reported previously was still there.  I had found a way help clean up the city and track the reports; report the graffiti using SCF and the city’s form.

The city’s Graffiti Removal Program said they do not monitor SCF, so if I used the SCF mobile application, the city would not see the issue.  Entering the information twice was becoming a pain.  I had to find a way to streamline my reporting process.  On SCF, I would include the address in the description of the issue, forward the "Thank you for reporting your issue" email to the city and bypass their web form.  This reduced the amount of typing.

The Graffiti Removal Program is in the same department (transportation) that is fixing the potholes.  I wish they would setup a watch area and get alerts.  Wait a minute; I can setup a watch area for them!  I created a citywide watch area filtering on the key word graffiti and added their email.  Now they will get alerts about graffiti within the city and I can use the mobile application!

Now that I have a system worked out, what do I put in the reports?  I know the crews use different process to abate the graffiti based on what the graffiti is on, so I include details they will appreciate.  I include the exact location so they can find it, what the graffiti is on, painted or unpainted, block or wood, etc. so they know what to prepare for.  I include the color of the graffiti although I do not bother including the characters.

As long as the City funds the program, I will report the graffiti I see.

Theodore Roosevelt said, "Do what you can, where you are, with what you've got."  I think he would have loved SeeClickFix.

Thursday, March 18, 2010

Passwords, Passphrases and Pass-acronyms

It may come as a surprise to you that I, a Certified Information Systems Security Professional, hate passwords as much as the average person does.  On the other hand, I like passphrases.  A phrase is stronger than a single word.  Before computers, magic phrases like “Open Sesame” opened caves full of treasure and “Alla Peanut Butter Sandwiches” & “Meeska, Mooska, Mickey Mouse” entertained children watching TV.  Sure, a few words that have magic power, Abracadabra, Alakazam and Shazam, are the only ones I can find.  However, there are more example of magic phrases, “Hocus pocus,” “Presto change” and of course “uh eh uh ah ah ting tang walla walla bing bang.”

As security professionals, we should stop using word and use phrase or acronym if there are technical limitations on the allowed length.  Because words are short and relatively simple, saying “password” sends the wrong message.  Maybe we should call them “authorization-expressions” so people stop thinking “word” and thinking about using filenames, fake email addresses, fake dates or times, fake web address, fake phone numbers, titles, places, addresses even baby talk is better than thinking of an eight character word with a number appended to it.  Here are some examples:

Filenames

C:\work\resume.pdf
Fake email addresses

Santa@WestPole.gov
Fake dates or times

H.G.Wells 12, 802701 @ 42:00 AP
Fake web address

$$$.Money4Free.gov
Fake phone numbers

1-246-Party!
Titles

Mr. Roast Beef Sandwich, III
Places

Booting Up Hard Drive Blvd
Address

6765 O. MorrisonAvenue St.
Baby talk

boogo, boogo Ophoov
Numbers

7 is VII = 3+4

X-Ray x-ray India Victor
(the number XXIV or 24)
Combinations of the above  

XXIV boogo Hard 2 Drive St.


You can start with a line from a movie www.imdb.com/search, song, book, poem, quote www.QuotationsPage.com or www.QuoteLand.com or idioms idioms.thefreedictionary.com but please do not use it word for word.  The password crackers already have them.  Mix them up like:
Don't beat a dead gift horse in the mouth.
The 22-character phrase has uppercase, lowercase and symbols.

If you want more ideas for passphrases, check out by Perfect Passwords by Mark Burnett.


If you cannot use the full passphrase, you can make a pass-acronym out of it.  Pass-acronyms are weaker than passphrases but some old systems will not let you use more than eight characters.
Here are some examples:
Pass-acronym

Passphrase
Ihp,tmmc

I hate passwords, they make me crazy
TyIwl10#

This year I will lose 10 pounds
Mw&katb!

My wife and kids are the best!
Ilmd,M&S

I love my dogs, Max and Spot
Iwqsbikm
I will quit smoking before it kills me

Monday, November 30, 2009

Up, Up and Away!

I am "biting the bullet" and moving to the cloud!  After running the servers for my domain for over a decade, I am getting out of the server admin business.  Others can run more servers with more services for less than I can.  Being a server admin is not my core business anymore, nor has it been for some time, but old habits die-hard.

Running my own servers was never hard, but the email from the RAID system the other day was the last straw.  I have better things, more enjoyable things to do with my time than chase after failing equipment.  Someone else is willing to do that as well or better than I can and they will do it for less than I can.  Let me see, I can have my service and save money?  That is an easy decision.  Why did I not do this before?  Well, the cloud is "bleeding edge" stuff; I could get hurt.  I did not need to be someone’s guinea pig.  The truth is the cloud is no longer "bleeding edge."  Hosted services have been around for a long time.  We just forgot about them.

Of course, we did not call anything hosted back then, we called them service providers and later internet service providers.  CompuServe was "hosted" email, chat, dialup, etc.  It was that or connect your PC to UUCP and/or a bulletin board system and host your own.  Call me crazy; man that was fun.  There was so much to learn, so much to do.  Now I want to do other things.  I want to help people solve their business problems with appropriate information technology.

What cloud services are you using, you ask.  As you can tell from this blog I am using Google, but they are not the only one, my backup is at Amazon S3; cannot put all your eggs in one basket.  :)  PBWorks is hosting a project WiKi for my friends and me.  I am still looking for more solutions and we may end up using SourceForge for that project.  Next, I need to evaluate some application hosting providers.  :)


What cloud services are you using?