October 2007


Uncategorized20 Oct 2007 05:55 am

Getting in to additional modules that I need to make changes to and compile has exposed an interesting behavior.    Code compiled with the old compiler had logical and procedural mistakes that were compiled and worked properly, but, compiled after 8 years with a new version of the compiler have problems.

Case and point.  I recompile a program, and it blows up and complains about reading a file beyond the end of file. SNAP.

Finding and identifying the code in question was no walk in the park, but when I found the code, I finally indentified a syntax error.   The data file was opened on #filechannel which was assigned using a get_next_filechannel function.   The file was being read on a hardcoded read channel #1.   The previous compilation of the program automatically assinged file channel #1 to #filechannel variable.  Only to have this new version of the compiler assign a different file channel number (not #1) at runtime to blow up the program.  Same code.  Different version of the compiler.  And much debugging.

Object oriented program has many benenfits over procedural programming as it makes the program more elegant.   While making changes to a module on Friday, during testing, the program froze up and the CPU on my computer shot to the roof.  More debugging found that I coded an inadvertant goto statement into a hard loop that was triggered by a specific condition.  There was no escape from this specific routine and it needed to be recoded.   This type of mess would have been virtually impossible using Object Oriented Programming. 

Uncategorized19 Oct 2007 09:12 pm

Another consultant sitting next to me had some problems with his computer accessng the echange server.   Speaking with the help desk in India, the level 1 support guy asked if he could remote control his computer.  My collegue said sure, and hung up the phone.

The support engineer took over and continued testing all manor of changes to the configuration of the PC.   The PC was still having trouble connecting to email, and as we were watching, the support guy opened up a DOS CMD window and typed:

ipconfig /release

SNAP.

There went all IP connectivity including the remote control.

About 5 minutes later the support desk from India called to ask if he could renew the IP address.   It was pretty silly.

Uncategorized16 Oct 2007 12:50 pm

So now that I made the first set of revisions to the legacy system, another request came in to actually change the codes functionality.  No biggie?  Well, think again.  The software was last compiled a zillion years ago, and the new version of the compiler doesn’t like the syntax of a few statements.    No clue where the old compiler is.  All I have is the current compiler installed on this computer, and I don’t even want to guess where to find the old compiler since it has been replaced with a bazillion versions since this code was last compiled.

Hugh effort.  Tremendous debugging, identifying the offending line of code, and then developing a work around.  Compile, unit test, and Bang.  It works.

Another interesting day in software development.

Uncategorized12 Oct 2007 09:21 am

In addition to my Enterprise Security and Technical consulting, I own a retail business.  My partner actually runs it, and one of the avenues for retail sales is on Ebay.   99% of the business trasacted on eBay is paid through paypal. 

After selling stuff on ebay, the buyer pays for it with Paypal, and the funds sit in your paypal account.    The next logical step is to transfer the money back to your banking account.    So you log into paypal and initiate the ACH transfer.  Paypal informs you that it will take 3 to 4 business days.

whaaatttt????

I thought that this was the norm until we opened up a TD Ameritrade brokerage account.  When you initiate an ACH transfer using TD Ameritrade account, the funds are transfered and available by the next business day.

It turns out that PayPal is NOT regulated by ANYBODY.  They play the float on MY money for 3 or 4 days before making it available to me.  Its not in my account the day I initiate the transfer, and not avaialble to me at my bank for 4 days.   PayPal uses the float.  Seems like an illegal practice to me.  Go figure.

development11 Oct 2007 04:40 pm

I think that some of my development buddies would get a kick out of some of the work I have been doing to support my current client.  As I shared earlier, they had a key developer walk out right before some significant changes needed to be made to a legacy computer application that supports their business.  They brought me in to make the changes to keep the business running smoothly.  The thing is, the old software does NOT have a visual development environment.  In fact, if you attempt to edit the files using the Microsoft development environment, it munges the files so that they will no longer compile and link.  And forget about any type of iterative debugger.   Command line compiles and no debugging.  TRUELY primative.  And lets not forget the Glory of figuring out spagetti code.   And figuring out how to get the actual software to compile was another treat.  But, the more I look into the software suite, its a very Elegant solution given when the software was developed.

Working in this environment reminds me of some of the early development work I did on Sun/3 computers using the Original Glockenspiel C++ Complier.  It was not really a compiler but more a C++ pre-processor that took your C++ code and converted it into “C” and then used the standard Sun “C” compiler.   It was virtually impossible to debug anything, since the C++ code was complete tokenized and stripped before being compiled by the “C” compilor for speed.

One of the development tricks I used back then was to compile constantly to see where syntax errors occurred.   This process allowed me to unit test the code so I was very confident that the code was solid.   I’ve been using the exact same process with the development work at this client to ensure that my code changes work, with the trick being not breaking any down stream functionality.

Getting back into a development role for this project has been a real treat.  I sit in a room with another consultant and a PM for the company, and its really fun shooting the breeze during the day, eating pastacio’s from Costco, and solving business problems.  In recent years, I spent alot of time in the “C” suite as a CISO for a multi-billion dollar company directing 50+ people as well as a high level enterprise security consultant.  Its nice to know that when push comes to shove, I can roll up my sleves and solve business problems.  

Uncategorized11 Oct 2007 09:02 am

Back in the day, I worked with a guy from Naw’leans who used a phrase occassionally. “I wouldna told that.”.   e.g. You probably should NOT have told me what you just told me. 

One of my banks has been sending out notifications for the last few months that they would be updating their Internet banking site.   The new rage for online banking and bill payment is to ask you for a phrase and a picture that only you could identify that would ensure that you are on their web site versus a spoofing site trying to get your account information.   A more useful approach would be teaching people to click on the little LOCK icon on your web browser to verify the SSL certificate is indeed from your a bank and not a spoof site, but, security for the masses never has much to do with real security versus the perception of security.

I used to attend IT Security conferences like Black Hat and the likes, but, stopped going since they mostly kept me from sleeping at night.  But, I can tell you that a resourceful hacker with knowledge of Javascript could very easily create a spoof website that requested the phrase and authentication image from the banks web site while still posting the response back to their hacking site.  Anyways, back to my story.

I could not find the physical mail I received from my bank that contained my new temporary password to log on to their new home banking system.  I called the support desk and asked them to reset my password, so I could log on to their new site.

The nice lady asked me a bunch of questions to determine if I was really me, and finally she was ready to tell me my temporary password.    She said the following.

“We reset everybody to the last 6 digits of your social security number.”

SNAP.

Let me get this straight.  You JUST TOLD ME that to log on, all I needed was my SSN, and the last 6 digits of my social?  OMG.  How difficult would it be to create an HTTP post program that started with 000-000-0000 and iterated to 999-99-9999 to eventually hit an account and transfer money out of the bank.

Sometimes, being the IT security guy paid to make systems more secure is a scary place to be.  

I did NOT tell the lady, “I wouldna told that!”  <smirk>

Uncategorized11 Oct 2007 07:49 am

I woke up this morning and stumbled downstairs to my office to find that my computer had a strange blue screen staring me in the face instead of my screen saver.  Never a good sign, seeing the light blue Windows XP screen that is halfway between the machine rebooting and the Login screen.    Alt+Ctl+Delete didn’t help, and I had to reach over and hold the reset button on the Computer.   I hate having to do this because I leave all manor of software running including Quick Books and others.   The reboot process completed successfully and I logged in.  After the computer finally came back to life, I was greeted by a cheerie message from Microsoft that the computer was rebooted automatically as a courtesy to install the latest round of Microsoft Super Tuesday security patches.   It is completely obscene that Microsoft set the auto update process to put a window up on your computer in the middle of the night that says, I’m going to reboot now unless you push this button.   My vote would be a box that stays on your screen UNTIL you push the button to reboot.  Not Microsoft taking the initiative to reboot your computer messing up all manor of applications running on your computer.     Go figure.

Uncategorized10 Oct 2007 07:40 am

Getting back to a discussion on my current consulting client, I have an opportunity to create a next generation application to replace the legacy application that I am currently working on.   The client has not green lighted the activity, but, as a skunk works project, I could have a chance to replace the legacy application, which has served its purpose very well, but, is extremely long in the tooth and could use a serious face lift.

Questions that come to mind are, should it be a web browser based application.  The application needs add/edit/delete functionality.  And report printing functionality.  The one bell and whistle that makes the GUI a bit complex is the ability to display a list of items from a database, and using the GUI, be able to drag and drop them into a new order just by lets say right clicking on an item, dragging it down five places, dropping it, and having it insert the object into the right location and update the database relationship to reflect the change.

I believe that there must be custom components out there in google land that will accomplish this functionality.    Any thoughts on development frameworks would be greatly appreciated.

I’m very confomtable using mysql as the back end database.   But, the queston remains, should it be a Microsoft Visual Frame stand alone application?   Or a web based application?

The application is used a remote work force.  The information that the application processes is sent down from a mainframe system.  There is a case for having the application sit on a server giving the users web based access to the application, which simplifies keeping the data in sync between the main server and the remote clients.  Or the information can be sent down to the stand alone PC users.

Comments would be appreciated as I puzzle through this.

Uncategorized09 Oct 2007 10:11 am

For anybody reading this that has children in K-5, I highly recommend the Indian Guides and Indian Princesses program.  I have been in the Guides with my boys and the Princesses with my daughter.  Last year, I was the Chief of the Crow Tribe of the Prarie Nation, this year I am the Medicine Man for the Cherokee Tribe of the Chiricaua Nation and next year I will be the Chief.

The Guides and Pricesses program is alot of fun.  We meet once a month for a meeting which includes a craft and some time for the children to play together.   There is a monthly nation event, and Fall, Winter and Spring camp outs.  Last weekend, I attended Camp Phantom Lake in Wisconsin with the Princesses.   The weather was unseasonably warm for October, but, it was a great time camping out in Platform tents.

Camp Phantom Lake is the 2nd oldest camp in North America, created in 1896. It was really interesting in the mess hall looking at the some of the signatures of the original campers. Most of them were a slice of tree bark with all of the campers signing it. There was one from 1912 that was very cool. Image the 100 plus 9 year old boys signing their name to this piece of tree bark, to have it displayed in 2007 with me and my 10 year old daughter looking at it. It was very cool.
 The group we belong to is the Algonquin Longhouse.

Uncategorized09 Oct 2007 10:01 am

As I was working at my previous client, Andrew Corporation, doing InfoSec security consulting, again fat dumb and happy, I aw0ke on a fine morning to read online that they were purchased for CASH by one of their arch competitors.   Andrew previously tried to be sold to ADC corporation a year ago, but that deal feel apart about 4 months after it was announced when both companies lost approximately 1.5 BILLION dollars in market cap after the buyout was announced.  I suppose once on the block, always on the block, so as soon as a 60Million poison pill expired, Andrew was purchased.  Not much need for headquarters staff when your buying a company for its manufacturing facilities, so no suprise when my contract was not renewed.   It was a nice 2 month gig that turned into 18 months.   But, it was time to look for a new gig.

I sent out an email to some of my contacts that I was going to be available and got an email back realitively quickly from a collegue that thought I could help out his company.  It seems that his company signed a major agreement for some new business, and a key teechnology resource who was required to make some changes in a legacy system up and quit right before the deal was announced.    They needed somebody to come in, assess the situation and make changes to a suite of legacy software to support the new business deal.  And to make matters more interesting, there was a VERY short deadline to complete the changes.

The position was an excellent fit for as I like to call myself, “The Last of the Great Generalists” in IT consulting.   Since I started out back in the day as a software developer at London House, and the O’Connor Partners, I have a large bag of tricks that I bring to the table and a lot of experience finding quick solutions to business problems quickly.

After reviewing the situation and a 20 page document on yellowing green-bar computer paper with instructions for making some of the changes that were required, I promptly determined that there had to be a better way.  Using google I was able to indentify a bunch of 4th generation data minipulation tools that turned the 20 pages of yellowing and complex notes into 6 SQL statements using a SQL interface to the legacy system.  Wow.

I hit all of the deliverables for my client and completed a large work package of activites.  It did require some extensive additional hours, since the deadline was short.  I haven’t been in that mode of consulting for a while, but, it was really fun.  Its nice to be be working for a client that apprciates the work I am doing. 

Next Page »