I managed to loose half of my day yesterday, thanks to a malware infection on the One Lap blog.  It was more like an irritating rash really, but one that scarred our front page with a link to some off branded male enhancement drug.  I wish you could just buy the little blue pills like Advil, as it would eliminate 90% of SPAM, malware and exploits on the Internet.  It almost pains me to put the name of the site in this post, as I know they win by propagating their name once again.

After backing everything up and changing all of the account logins, I had the not-so pleasant task of finding the infection. Following the path of most repair work, I started with Google.  I also found a lot of dead ends and blanket fixes.

I figured I would dump some of the more useful links I could find up here, to help the next soul looking to get rid of the annoying link on the top of their website for kamagra.  Most of the first searches out there, have you hacking away at unknown base64 files, eventually resulting in a complete lobotomy of your site functionality before it is rebuilt with new files.

Run through some best practices first and reset your account passwords for the site, including your FTP accounts.  Realistically the attacker used an SQL injection, allowing them to write straight to the database.  These holes are common during the flexible days before the patches are released.  If you were lucky, the only thing that was added was an annoying link.  So far, that is the only thing I have found.

The code was found in the WP_OPTIONS table in the database, which is where the plugins and other toys get to write to for Wordpress. Search through the table for some key words and you will find the inputted entry.  Delete the entire entry and the text goes away. It sounds much easier, now that I know where to look.

Here is the discussion again, between a site owner who knows more than the people offering advice. http://wordpress.org/support/topic/304847

There were a couple useful tools to help parse through this crap.  The Exploit Scanner Plugin, helped draw out some of the code that didn’t look right.  Use with caution and don’t just delete everything it says.

http://wordpress.org/extend/plugins/exploit-scanner/

That helped me pull out the code that was not supposed to be there, allowing me to find the first post of where it was hiding. Their example didn’t have the little pill as the problem, so I didn’t see it initially as I was searching for our miracle drug.

The Morning After

Having a small celebration after getting the malware off of your Wordpress site, only to find the next morning the code is right back on the top of your site?  Well we only removed the entry in the database on the first round. Now we need to get rid of the code setup to run to put it back in place on a scheduled basis.

Now we need to dig into where this is being initiated from.  If you search through your files for credit_text2, you won’t find anything.  That is because they have encoded the text itself inside of a function file you don’t actually need.

Inside of the header.php file, there was a call to a start_template() function, directly after the body.  If you open up the

start_template.php file, you find a pile of encoded garbled junk.

Take the meat of that junk, and use one of the freely available Base 64 Decoders online to decode the file.

http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/

In this particular case, the code was coded twice.  So take the output of the first round of decoding, and run it through the decoder again.

That presents us with the following code. If you notice the time reference, you now see why this annoyance comes back around.

Now our second round of cleanup to see if we can last 24 hours without getting a return of the exploit.

• Delete the function call out of the header.php & remove the call to the require_once line that names the license file.  There are valid calls to these files in my theme, which tells me the entire theme may have been exploited.
• If you delete the start_template.php file and it breaks the site, it is probably being called as required once some place else.  Start by removing everything from the file, or leaving only the PHP call in the file.

IT Perspectives

My role as a secret change agent takes on many disguises. My technology credentials are strong enough to move me throughout the nerd community undetected.  As technology brings businesses, communities, and people together, I am able to stretch my legs into new areas, leveraging my technology credentials as  a form of VIP card.  Now I find myself in a new, though not unfamiliar role inside of the world of medical legislation. With an official title of IT Coordinator, I now carry the badge of HIPAA security officer.  Take the fast moving world of technology, watch the reaction when you mix in government legislation and the medical community, and you have the perfect train wreck for a change agent to prevent.

One year is a lifetime for technology, but one year moves really fast in the world of legislation.  While HIPAA policies are based off of legislation, meetings and adjustments representing a rather painful process from a change agent perspective, the technology screws were tightened this year, causing some growing pains throughout the HIPAA community.  Tomorrow is the one year anniversary of the HITECH Act, which also marks the deadline to implement the Act. Before we celebrate the anniversary, let’s run down what this means and what we missed.

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) was part of the American Recovery and Reinvestment Act (ARRA)of 2009 or the economic stimulus plan that came about in February 2009. It has a series of dates and deadlines throughout the year, bringing us to this 1 year anniversary on February 18th, 2010 when it goes into effect.

If HIPAA was the neighborhood watch, setup to protect us in the medical world with rules and guidelines, the HITECH Act would be Tony Soprano, coming to break your knee caps if you weren’t playing by the rules. It doesn’t tell you how to fix everything wrong with your HIPAA policy, but sets up some pretty strict penalties for when you get it wrong.

Let’s review what happened so far…

February 17, 2009 – HITECH Act Enacted

April 20, 2009 – (60 Days)

Human Health Services must set forth a list of technologies and methodologies that render information “unusable, unreadable or indecipherable.”

Result: section 13402(h) of the Act, which really should be called the “Oh, that’s what encryption is” Act. While the tech industry knew what encryption meant, the medical world didn’t want to listen. Frankly, they made up their own interpretation of what encryption was and it was painful.

HHS & FTC Guidance Rules

August 18, 2009 – (180 Days)

HHS and FTC must each publish “interim final” regulations on breach notification. These regulations apply to breaches discovered on or after the “interim final” regulations have been published.

Result: Section 13402 of Subtitle D

There is an entire layering system defining who you are required to tell and notify if you loose information, starting with the owner of the information you lost. It is rather thick, but on the scary side of things people are legally bound to notify the news media if you breach over 500 records.  The new focus is also on the Burden of Proof, requiring everybody to prove that they notified everybody and that the message was received.

December 31, 2009 -

Due date for the HHS to adopt rules for the first set of standards regarding disclosures and accounting for disclosures. Then they have a 6 month stopwatch starting which requires them to implement the standard.

You are going to want to read up on Sec. 13405 for this one.  That defines what the HHS needs to have in order to process all of this information they are about to unleash.  This covers what needs to be disclosed, what can’t be disclosed, how long you need to prove that you disclosed the information and a few other guidelines to make sure you follow through. I read through it and ran out of white boards to draw the number of clauses.

February 18th 2010

This marks the date when everything is adhered to and organizations are responsible for following the legislation. The HIPAA Survival Guide site, setup a great breakdown of what just happened and what is about to take effect and do a much better job tying it all together, but here is the summary of what is happening.

• Organizations are to apply the rules, are accountable for their consequences along with all business associates.
• Patient’s right to restrict disclosures to health plans.
• Deeming of limited data set as satisfying the minimum necessary standard.
• Patient’s right to electronic access to, and an electronic copy of, their health record.
• Clarification regarding marketing provisions.
• Opt-out for fund raising communications; HIPAA’s current provisions regarding fund raising remain in full force an effect.
• Clarification regarding the ability to impose criminal penalties against individuals.
• Civil monetary penalties and settlements flowing to HHS/OCR (Office of Civil Rights) for enforcement.
• Requirement for HHS to begin conducting mandatory audits.

The last one is important. (hence the powerful red color) No longer does the HHS only hold the right to conduct audits, they are required do. Now that the legislation is in place for the monetary values, they will hold audits, and they will collect your money.

What do I expect to really see out of this?   6 months from now, they want to review all of the initial findings from the audits and report back to the federal government.  I would predict that things will not be as secure as they “envisioned” when they wrote the act in the first place.  The government will tighten the screws a little more, legislation will react, and we will fall into a cycle that keeps us chasing stronger regulations.

That prediction isn’t what will happen, because there are factors in the mix that nobody wants to acknowledge.   Without tipping my entire hand, let’s just say that my work as a secret change agent is just beginning.

Regardless, nobody wants to be involved in the first round of audits, including the auditors.  So expect some scrambling around and tidying up as the first wave reaches the shore.

IT Perspectives

Facebook allows anybody to start a Group or a Page, but is not until you have actually created one do you understand which direction to pick.

Adding a Facebook Page should be part of every business owners “list of free tools I should take advantage of on the Internet to enhance viral marketing”.  As of this post, you can not magically transform a group into a page without having some sort of VIP card into the support team of Facebook, so I wanted to offer some insight as to why your business should have a page setup.

Search Engine Journal has a nice comparison chart between a group and a page if you are still the fence about which one to choose.

From a marketing perspective, the Page offers a few distinct advantages.

1. A page can be viewed by non Facebook members.  Among a list of reasons why that is powerful is the fact that it opens up the page to be indexed by the search engines.
2. A page will provide statistical analysis in terms of users, time online, demographics, all in the form of what they call “Insights”.

Don’t laugh too hard that I have two empty graphs here.  I created this particular Facebook Page while I wrote this post. The idea is that I can return to you in 6 months and show you how to interpret the trends and turning them into useful information.  That is of course if I get anybody to add the page.

Last year we took an epic journey into the racing world by establishing a team to run in the One Lap of America.  We started a Facebook group, allowing us to coordinate members of that group, schedule meeting events, and create some communication paths for people to follow us.  We didn’t know it then, but what we needed was a page.

Facebook Page of RochesterDSM One Lap Team

While we were not a business, we wanted to use the page for the same reasons, which was to promote our escapades across the country.

The Facebook Page becomes a free extension of your own website, allowing you to have instant access to a photo gallery, discussion boards and resources that allow fans of your product to keep up to date and help spread the word.

Updating the page is amazingly easy for a team traveling across the country with limited internet access, as they allow you to even post updates by providing you with an email address.  Setting up the page to tie back into Twitter and becomes quite a useful resource for getting information updates published.

If you own a business, setup a Facebook Page. If you want to promote a brand, setup a Facebook Page.  If you want to have closed door meeting, allowing select members into those meetings without the prying eyes of the Internet, setup a Facebook Group.

Automotive, IT Perspectives

In case you missed the technical specs of the new Apple iPad, you may have overlooked the word “micro” in front of the SIM card slot on the iPad.  That can be read a couple of ways, and certainly will be touted as a move to the new standard by Apple and AT&T.

It really can’t be a standard, when the rest of the planet still conforms to a standard SIM card size for every device. The Micro SIM has been slow to adopt, because it is frankly not needed.   Apple’s move to put the Micro SIM card into the iPad can be seen as nothing more than a blocking attempt to keep current data users from putting taking their SIM card out of their iPhone and putting it into the iPad.

That doesn’t mean people won’t try and make it work. The micro SIM card is smaller, yet retains the same contact patch for connectivity. I would certainly trim down a SIM card to see if it works.  You would need to create an adapter ring to put it back in the iPhone.  Seems a little more reasonable than paying for another unlimited data plan.  The industry really needs to stop using the word unlimited in describing anything.

In the mean time, good luck finding a carrier who knows what a Micro SIM card is.  While T-Mobile announced some platform movements in that direction at CES this year, the low availability of the cards themselves, will cause some hiccups on rolling out the iPad.  While the rest of the devices on the AT&T network use a normal SIM card, having one device that does not, will certainly cause complications.

IT Perspectives

In the realm of technology, I consider Apple to be what BMW is to automobiles.  They both make beautiful and well engineered hardware which induces an experience more evolved than mere driving or computing.  Apple has done it again this week when they announced their new product, the iPad.  Lying somewhere between a tablet computer and an eBook reader, the iPad is another showpiece of Apple engineering and design.   There was only one flaw in the logic when creating this new revolutionary device.  Apple has gone and created the most beautiful piece of hardware, which nobody needs.

Whether you know it or not, the iPad has many battles on it’s road to gaining consumer acceptance. With such a grand build up of publicity, the expectations are that this device will do more.  More than what we already do in an E Book reader, more than what we already do in a tablet computer, and certainly more than we can do in a netbook.

Where the iPad looses the eBook battle.

The Kindle didn’t win over the market for the excellent hardware design.  With awkward buttons conveniently placed where you need to hold onto the device, the Kindle is no challenging threat at all. Putting the iPad next to the Kindle would clearly expose how superior the Apple product is yet again.  Right?

The widespread adoption of the Kindle had little to do with the hardware.  As long as Apple captures everything that the Kindle does within the eReader experience, they should have no problem winning over that market.  First on that list, is it’s ability to be always connected.

It was impressive that Apple was able to get AT&T to setup non-contractual terms for the iPad. Unfortunately, contract or not, nobody wants to deal with AT&T to get, well, anything.  Especially when the agreement for the data connection on the Kindle all happens in the background.  Having an always connected service is far more magical than my ability to pay AT&T more on a monthly basis.  When you can buy a Kindle and get to download content indefinitely, it doesn’t look good to pay $29.99 a month, or $360 for the first year for unlimited data.

The Apple iPad will have a 10 hour battery life, while in use. Certainly they must mean 10 days, right?  Today most eBook readers last a week without charging.  The entire advantage about NOT having a backlit screen is to use the E ink technology to deliver content without using a lot of energy.

Talking about that E ink technology, don’t expect to bring this iPad outside to the beach, where the glaring sun is really going to do a number on a big glossy display screen.  Not too many people curl up to read a book and look for darkness.

Apple may have missed the book reader demographic, but surely this is a revolutionary tablet computer.

Where the iPad looses the Tablet battle.

I am not sure there is a tablet war. You see, this tablet concept is not new at all.  I still have my Honeywell Webpad from 10 years ago.  While they have gotten rid of the pen for the interface, the iPad misses some key elements if it is to revolutionize the tablet platform.

In true Apple fashion, they couldn’t have just stuck a standard SD card slot or even a USB slot into the side of the iPad. That may have actually made it useful to offloading camera pictures, or replacing that electronic picture frame on the mantel, which is even capable of such an easy task.  Luckily it looks like Apple is nice enough to sell an additional adapter at an inflated cost that will allow that SD card hookup and it comes with one adapter for USB.

It may not be a prominent feature, but there has to be a large concern about dropping this thing. It doesn’t come with the case to protect it, which I can pay for, and I suspect there will be a large after market surge of protective cases. How about a lanyard hookup? I know it sounds like a step backwards, but when I spend that much money on a perfect piece of hardware, I would feel more comfortable falling back to a good string to keep it safe.  In Apple world, I would suspect to see an anti-gravity kit selling for $59 in the Apple store.

Where is the camera?  If the iPad survives it’s first year, the next version better have a camera.  As I was thinking of what this thing could bring to the tablet market, I kept returning to videophones and web conferencing.  Using Skype and webcams to communicate has only made it into the homes the past couple years.  Put that in a wireless device I can walk around the house with, and you may have opened a useful feature on the list.  While my old tablet didn’t have this either, it was 10 years old.

Where the iPad looses the Netbook battle.

Apple refuses to acknowledge my ability to buy a completely usable notebook computer for under $400.  It doesn’t dismiss the fact that I can.

A large part of the Apple presentation was to show off how you can buy iWork for the iPad, indicating that you might be ready to type up your next novel or prepare a presentation on this “revolutionary” platform.

As soon as I finish retro-fitting my entire office with bean bag chairs and turning my typing productivity down to a crawl, I might be ready for an iPad.  It would appear my options are to use my lap, brace the device with one hand, or to purchase a kit that allows me to type with a keyboard.  They have those devices already, in the form of laptops and netbooks. While the iPad would look really cool around that college coffee shop, it would frustrate me as a platform to use regularly for work.

Will the iPad win the war?

We have this beautifully engineered piece of hardware, which we hopefully have under-estimate in potential.  With so many strikes against it, before it hits the actual market, Apple has some work to do in order to make it a success.  As we have learned with the iPhone, the majority of the success comes through a viral adoption of the technology.  So now the pressure falls to the reaction of the consumers and the app developers.  The platform will only survive if it becomes more than it was sold for. That will not happen when it reaches the shelves.

IT Perspectives

I remember being 8 years old when all of the kids on the street got together to watch our first 3D movie. It was awesome. A pile of kids in one room with red and blue glasses on all to capture this cool technology. I don’t remember the movie. But what I do remember is that I didn’t get 3D at the time. It didn’t work well enough for me to know whether or not I was seeing something or I wasn’t.  3D has progressed over the years, the glasses have become polarized, but my entertainment value still remains.

I went and saw Avatar in 3D at an IMAX theater.  Yes it looked cool.  Yes you have to go see it. If you are going to see it, it should be done in 3D in IMAX.  Just to clarify, No, I don’t want that in my living room. We were there, in that environment, for that experience.  It was a moment, and now it has passed.

I might be the only one who doesn’t want 3D in my living room.  There were some large players announcing larger investments coming from CES this week. In case you weren’t paying attention here are the highlights to pay attention to.

The Discovery Channel, IMAX and Sony huddled together to deliver the first 3D channel. Press Release

ESPN will be delivering a 3D sports channel. This isn’t a stretch, as they have broadcast 3D events before, as they broadcast college football last year in 3D.

Sony is pushing the platform hard, bringing 3D televisions and throwing the 3D label on top of the rising BluRay name.

Intel had a demo of a 3D television without the glasses.  It’s a move in the right direction, but far from living-room ready.  Intel 3D Demo – Engaget

Panasonic makes a 3D camera you can buy for a mere $21K, if you don’t want to duct tape two normal cameras together.  Though it was not new to CES this year, it has been “officially announced for pre-order” making it still not available.

Photograph: Steve Marcus/Reuters

What does all of this lead to with the innovation and adoption of 3D into my house?  Absolutely nothing. The industry is scrambling to create this false notion that 3D is the next evolving technology and that I need it.  On the list of things I need right now, 3D isn’t it.  You see, 3D has been around most of my life. Yes it has evolved from anaglyph systems to the polarized systems, but I don’t care.

It is depressing to hear that predominant trend for CES in 2010 is 3D.  It means the industry is in trouble so much that it is grasping for anything, falling back on this old friend they have been with for 30 years for support.  It isn’t a surprising move, only depressing. When Panasonic expects to sell one million sets in the first year alone, I almost feel bad for them.  Unless people buy the TV and it happens to have 3D in the feature list, I can’t imagine a flock of anybody stating that they now need 3D.

Will 3D ever capture my attention?  Ever since Princess Leia was able to project herself out from a little droid, I expected that next evolution of technology to show up. I don’t watch many sports now, but if I could fill my living room with the football game or put myself inside the car for a race, with the ability to look around me, you will have my attention.  The current definition of viewing the scene straight ahead and watching for objects to draw my eyes closer than normal “is not the 3D I am looking for”.

Until that day arrives, I wanted to give the industry a few pieces to help gain my attention again. Consider them requirements I will judge against when you bring us your next great 3D revelation.

1. I don’t need to wear apparel to make it happen.  I don’t have a pair of sunglasses that last more than a year, so buying in to some special polarized glasses in order for me to appreciate a show, isn’t going to happen.

2. Keep the cost jump to 3D under 15% of the cost of the hardware I was going to buy anyway.  It might allow you to sneak the hardware into my room if I have to buy the TV anyway.

3. I better be able to get up, walk to the fridge and have the same experience when I look back at the television than when I am in your perfectly measured optimal viewing position.   I don’t watch TV from a perfect “one seat” only position.

Considering my Avatar movie experience was the first time back to a theater in a long time, keep focused on making that 3D experience only get in a theater.  I don’t go to the theater any more, because it is better to watch everything in my living room.  I don’t have to wait long for movies to hit the shelves, so the only thing you can hope for is to offer something in the theater that I can’t get at home.

IT Perspectives

2010 is lining up to be the year of the PS3, at least for me. I bought in to the Playstation 3 when it first came out in 2006, and have been waiting for the egg to hatch. I finally feel the platform has reached the maturity level that it needs to be at in order to increase it’s adoption rate into the homes of America. At least I hope it does, since it makes it much more fun than playing alone.

Source: Seattle PI Blogs

XBox 360 Equation

Let’s get the Xbox 360 discussion over with. I am not comparing it to the PS3 for functionality, as they are both attractive platforms. I would like an Xbox 360 for the handful of propitiatory games, yet I can’t bring my wallet out to make it happen. For one, the subscription based, online playing bothers me. If I am going to pay a monthly fee to play online with your console, then why not subsidize the cost of the console? The other looming problem I have is paying good money for a piece of hardware that is going to break. Take the 54% failure rate of the console and that directly equates to a 10% chance I will use my money to buy one. Give me a 3 year 1 day replacement warranty and subsidize the monthly online gaming cost, and I will buy in.

Observed Adoption Rates

I have to ignore the online adoption statistics and tell you what I see. I see the PS3 making it into the homes of my friends and my family members, even if they don’t have a gamer in the house. This year alone, my PS3 friends list tripled, as neighbors, co-workers and friends found their way to the Playstation platform. That growth rate, while remaining un-published, will be come viral. It was the same generation that pushed the PS2 into the longest life selling console.

The Core of Gamers

I had one main requirement that the PS3 seems to fill. I want to be able to go online, connect with my friends, wherever they may be, and escape together into a game. I want to be able to team up with my friends once a week to and go in to shoot some 8 year old kids who have somehow made it into the M rated first person shooter world. I want to connect with my surrogate nephews across the country and help them make it through the mining level of Little Big Planet, laughing with them along the way. I want to be able to race the the tracks with my team for One Lap 2010, learning the turns of the tracks before I ever step foot on them. Oh, and I don’t want to pay extra to connect.

The Video

We have begun to amass a collection of BlueRay discs over the past couple of years. We are lucky to have a nice television, and the BlueRay format really makes a huge difference on the screen. I am now looking to buy another BlueRay player for the house, and it is really difficult to not buy a second PS3, given all of the additional functions it brings.

Netflix caught up with the PS3 console and delivered a disc that allows any netflix subscriber the ability to play their streaming movies through the console. I will predict that it won’t take long into 2010, before this gets built into the console itself.

PS3 Media Server

If you have a new PS3, you have a contractual obligation after reading this to check out PS3 Media Server. It is an open source project to deliver all of your content on your home computer, through your PS3. The most impressive part about it is, that it just works.

It can be a pain to play different videos on your computer, needing to download things like CODECs and drivers to make sure that the particular video clip will actually play right. The beautiful part about the PS3 media server is that it will transcode the files for you. Meaning it will take that DIVX media video, chew it up, and spit it back out to your PS3 in a format it will play, all over your network.

Now you have a console that can, play the hard drive of music you have, stream the video clips of the family vacation or create a slideshow of pictures on the screen, without moving a single file.

The Wii Factor

The Wii serves a purpose, which is to allow anybody who is not a gamer, introduce themselves to the world of video games. I have a Wii and bought it on release day. I have not turned it on in over a year. The lack of an immersive online experience combined with the sub-par graphics make the system unattractive to play when given my alternatives. I keep it around for the kids and visiting non-gamers to play.

2010 Predictions

It is that time of year where people put predictions on the table. The Wii will grow in sales, still adopting the non-gamer crowd. The growth rate of the PS3 will be exponential for the first time in 4 years. For Sony it will not surpass the other consoles, but it will stabilize, allowing the platform to reach some more longevity goals. What does Sony need to do to make that happen? Bring back the compatibility to the PS2 games in the PS3 console. All of your PS2 owners with new televisions will be ready to make the move, being able to still play the PS2 games will give them the push they need.

Uncategorized

Today Ustream released an application that allows for live streaming of video for the iPhone. If you are not familiar with Ustream at all, the concept is rather simple.  You plug in a webcam to your computer, setup an account on Ustream and you are broadcasting live online, allowing any number of people to tune in.  Take that functionality, and put it into the pockets of over 30 million iPhone owners and you have just turned the planet into a live show itself.   Sort of…

The app will only work with the iPhone 3G and the 3Gs, which makes sense when it will not work at all over the EDGE network.

While this functionality in a smartphone is not ground breaking technology, nor is it the news. The news is that UStream was able to get Apple to allow the app into the iTunes store.  The larger news is that AT&T let it sneak by, the same week they were publicly denouncing the fact that there data network is in trouble, and urging customers to use data sparingly.

My advice if you have an iPhone, download this application as soon as possible.  I would not be surprised if the news brought an unexpected level of awareness and it would not be beyond Apple to yank the app out of the store.

Trials and Impressions

I heard that this application came out by listening to my podcast on the way to work.  While I was too excited to know that I could have this leve of connectivity in my pocket, I am afraid I would have to wait until I got home to try it out.  You see I work exactly 1.5 miles away from the invisible line that flips me over from a 3G network to an EDGE network on AT&T.  I have to tell you AT&T, it will be in your best interest to bring me a 3G network out to Newark, NY in the not too distant future.

The application itself is quick and slick.  My first test was over my home WiFi, just to see if the functionality was there. The video buffers in the phone, and even has the option to record locally and upload if you are not tied into a 3G signal or perhaps in need of a retake. While I didn’t wait around long enough to get anybody in the chat room, the interface even has the comments posting up on the screen from people chatting.

I did turn off the WiFi and record a quick video and the quality was equally as good.  This is a video walk around narration of our ridiculous Christmas Tree we have in the house. I was pleasantly surprised to find that the quality did not degrade, and will be excited to try it out when there is actual light around to do the camera justice.

While my videos are rather tame in comparison to what is possible, imagine the broadcast capabilities.  I am excited to think of how we can leverage this on One Lap of America 2010.  The largest negative of course being the AT&T network support around the country.

I did mention this technology was not new, only new to the iPhone.  Perhaps one of the larger mobile broadcasting applications is from Kyte, which has been around longer and may be more mature for anybody who has a phone compatible with that software.

IT Perspectives

It would be hard for me to ignore the topic of disaster recovery after these past two weeks. I was able to witness an organization react to their own disaster while I played the active role in a rather blind recovery process. It was a powerful perspective to be in, to help understand what really is needed from having a good disaster recovery plan.

I rarely find a company that has not confused the actual role of a disaster recovery plan. We know we need it, we think we know it what it is, yet most companies over-think the process, muddying the discussion with what really should be a business continuity strategy.   The disaster recovery plan should be a simple, yet focused outline of what keeps your organization running.  As the person yeilding the power to bring you back to a functional organization, I need to know where to focus my energy and how much energy to exert.  What departments make the organization run? (psst, trick question, it’s all of them) Identify the crucial resources of each department (psst, risk analysis model). How long can they operate without those resources? (psst, recovery prioritization model).

While you have toiled for hours to create what you consider to be the perfect plan for that perfect disaster, you missed one important step.  A disaster is something you can not plan for.  It wouldn’t be much of a disaster if you could, would it? Get your head out of “fire in the server room” or “plane in the building” scenarios and start with asking the important questions, like “what do we need to run this organization?”

Here are some easy signs to identify your disaster recovery plan needs revising.

You don’t have one. Don’t worry you are not alone. Many companies out there are still “really intending” to get to that disaster plan. The good news is, after the disaster, you will have all sorts of resources and attention put towards making one.  We are a reactionary culture and while the events of 9/11 were enough to shock most companies into putting attention towards a disaster recovery plan, we all react at different paces.  Give me a call after your disaster and we can talk because we all know you are too busy to sit down before hand.

You created the plan out of compliance. Mildly worse than not having one at all, is having one that isn’t really focused one what you need. Many companies don’t sit down to create a disaster recovery plan until some auditor tells them they need one.  Most resultant plans are structured to ensure compliance, not act as a usable resource when the disaster actually happens.  You will find yourself pulling out this document only confuses and delays an actually recovery process.

The auditing companies are either financial based or compliancy driven for some single objective. Come to the realization that you may be maintaining a surface level disaster recovery plan, along side of the one that will actually be useful in a disaster.

It goes unread. D day arrives, your disaster is upon you, and nobody reads the document.  Hopefully it is because you have been so involved with making such a solid plan, that you have it memorized.  Realistically you don’t look to the plan because it holds no pertinent information, it is outdated, or nobody knows how to find it anyway.

It is thick. Most people mis-apply the relevance to creating a disaster recovery plan. If you plan resembles the encyclopedia, then congratulations.  You have officially created a plan so detailed that nobody could actually follow it if they needed to.  Except for perhaps the one person who wrote it.

So you realize you may actually need to focus on a disaster recovery plan before the disaster.  Now the trick is to give you some easy tools to make it happen.  As I navigate my own organization through the following weeks of preparing a disaster recovery plan, I will publish up some very usable and basic guides for you to use in setting up your own plan. Consider it a usable guide to IT disaster recovery, apposed to the document you have creating dust now.

That is not to say there aren’t a lot of valid, powerful resources out there if you need a head start.

Disaster Recovery Journal

Guide to Rules and Regulations (compliance requirements)

NIST IT Contingency Planning

IT Perspectives

The resources available for how to create, modify, and optimize your resume seem to be growing exponentially with the unemployment rates.  During my “summer off” I took advantage of the resume workshop over at Rochester Works, thinking I would get a leg up on the new hot trends in resume building.  That particular class… was not for me.  Being the only person in the class with a resume was my first sign I was in trouble.

That workshop taught me that there are a lot of people worse off than I am.  Luckily I have been able to get a few very valuable tips through my communications with various positions, job recruitment agencies and the people who actually read your resume.

So I spent some time completely re-writing my resume, which oddly still doesn’t depict all of the things bouncing around in my head.  It does however give me a chance to add some  suggestions in how to trim up your resume, having gone through the process.  Add this to the Resume 101 class you can obtain on any corner unemployment line.

Titles – Your title is not your title. The title that you put on a resume should not the one bestowed upon you by your previous employer.  I had a lot of challenges explaining I was titled as supervisor, while my job responsibilities were above that of a manager or director.

URLs – The person reading your resume is going to read the name of the company, and probably type in the name of that company online to find out more about where you were.  Save them the step and put the URL in of the company.

Plain Text – Read your resume in plain text.  All of the formatting disappears when copy and paste it into some of the online job sites, so you may end up modifying the layout so it does not cause painful overlaps in the copy and paste process.

Dates – Under work experience, just list the year and not the month/year.  Overlaps and holes throw up flags and in an economy where everybody has been unemployed it is a flag everybody needs to avoid.

Things to Ditch (from the old school of resumes)

Get rid of the activities. If you get past the first round of eliminations these days, it won’t be because you are part of the local book club.

10 year cut off.  Get rid of any work that you did over 10 years ago, unless it is directly pertinent to the position you are applying for. Yes, I was an IT Manager for an international manufacturing corporation, but let’s not forget that I used to blow up balloons at the local party supply store. (I did do that AND had to wear a bow tie)

32 Flavors of a resume

If you are a seasoned professional, you are going to have a completely different resume for every job you apply for, and here is why.  The person reading the resume picks it up and starts with the process of elimination.  The longer they have to hunt to see if you match the minimum requirements, the closer your resume gets to the trash.  You want to change your format of the resume to get those items on the “qualifications” list, front and center and allow that person to put you in the pile that does not get recycled.

One resume to rule them ALL

The resume you send out still has to conform to the one page rule.  For somebody just out of school, this is pretty easy.  Throw in some life experience, and the resume that you create for your  job hunting is going to be ridiculously long.  Start by making one long resume, multiple pages if needed and write down everything you did.  I mean everything.  When it comes time to send in the resume, save off the document as a new name, specific to this position, and start chopping out everything that does not apply to this position until you hit the one page rule.  It is the quickest way I have found to not suck away your entire life re-writing each resume.

Tracking and Patience

Keep track of the resume you send out, and keep a copy of the job description.  Download something like PDFCreator and make a new PDF for every resume/job description you can.  The average turn around time for a resume to become a call back was well over a month.  By the time I tried to find the original job advertisement it was gone, so having a copy of the original somewhere is important.

At least 3 times I received a letter from the employers HR department, saying that I did not qualify for the position.  The following week I would get a call for an interview.  I still have the letter from the place I am working at now, telling me that I didn’t make the cut.  Be sure to have patience and if in doubt, send them more than they ask for.   Job searching is a 3 month process, so don’t wait around for your perfect resume to be created.  It will evolve more and more as time goes on, but getting your name out there is more important.

IT Perspectives