I’d like to take the opportunity to introduce a project that may be of considerable interest to the readers of this blog: The BMLT.

What’s the BMLT? A Sandwich?

BLT Sandwich


An old 80’s power trio band?


OK. I Give Up. What Is It?

Here’s the “Elevator Pitch” from the Main BMLT Web Site:

The BMLT is a complete Web-based NA Meeting List that will work with existing or new NA Web sites, and is already in use by dozens of NA Service bodies around the world.

It allows easy, customizable meeting searches for all types of NA Web sites, mobile devices, and printable lists.

It allows easy synchronization of your meeting list with NA World Services (NAWS). However, even though developed in coordination with NAWS, the BMLT is an independent, standalone project; with no connections to any NA Service entity or philosophy.

It is very secure and extremely easy to install, use, and administer with the ability to assign sequestered, isolated logins to individual administrators.

You can manage thousands of meetings, with dozens of Service bodies, from one server; yet allow each Service body to have its own implementation and expression of the meeting data. Alternatively, you can use the BMLT to manage just a few meetings.

It is of incredibly high quality and under active development by highly-experienced professional-grade software engineers.

It is COMPLETELY free and open source.

All work on the BMLT is done by NA members, and adheres to the FIPT.

There are absolutely no restrictions whatsoever on using, deploying or modifying it. It works with modern Web sites, is highly flexible and customizable, and completely localizable (translatable into different languages).

The BMLT helps Service bodies to provide a very important, fundamental Service to their Groups.

The BMLT is meant to fit YOUR needs; not the other way around.

That Sounds Cool! Tell Me More!

Sure. The BMLT is totally open-source, and carries absolutely no obligations whatsoever. You don’t even have to be in NA to use it (several non-NA organizations employ modified versions of the BMLT).

You don’t even have to give the authors of the BMLT credit. In fact, it’s probably best that you don’t, if the site that uses it is a registered NA Service body site.

All that I want is for addicts to be able to find NA meetings. It’s really that simple.

That Interactive Map Thingy Is Cool, But My Area Only Has 15 Meetings. Do I Have to Use It?

Absolutely not. There are literally dozens of ways the BMLT can be deployed, including simple tables (NOTE: The linked meeting search is a demonstration only, and does not reflect the current meetings in the Quincy ASC).

My ASC Is Part of A Big Region. Can We Use This Without Our Region?

Yes, but I’d suggest against that. The Region should really run the main database server, and your ASC should link to that server. It’s really the best way for us to work. Unity, and all that…

Can I Get Statistics From the BMLT? I Want to Give A Report…

Glad you asked.

Yes, you can.

That’s Nice, But I Live In Sweden. I’d Like It In My Language.

Ask, and ye shall receive (At the time of this post, Sweden was still working on a new site, so the styling is a bit “raw”).

Gee…This Looks Awful Slick. What Does It Cost?

Let’s see… How shall I put this…


I hope that was clear enough. I’m the author of the BMLT, and I can assure you that I seek not one single penny of compensation.

Not one red cent.



Where’s the source? Are You Keeping it Hidden? Will You Suddenly Present Us With A “Bill”?

Here you go.

The BMLT is a 100% open-source project, licensed as GPL. That means that anyone can use it, nothing is being “kept back,” and there are no obligations beyond the simple obligations inherent in the GPL license (which only count if you are modifying the project and redistributing it).

I Gots Mad PHP Skillz. Can I Get Involved?

Absolutely. There’s dozens of ways to get involved. Some require no permission or coordination with me (such as documenting/extending the project); others may require a bit more coordination (such as working on the core code).

The main restriction is that I am a professional software engineer, and this is a full-fat professional system, with professional-level quality. The closer you come to the core, the more I’ll be asking you to pay attention to quality and coding conventions.

An immediately useful way that people could get involved is to start some communities around the BMLT. There is a rather moribund Google Group that was set up for the BMLT. Come on in, and show us some love.

We could also use help creating localizations, documentation, and even things like instructional videos.

I can be contacted at “bmlt@magshare – dot – net“. Drop me a line.

Tell Me More…

Please Visit the Main Documentation Site To Get WAAAAY Too Much Information About the BMLT.

Are You Some Kind of “Renegade?” What Does NAWS Think About This?

Um… Look up. No, all the way up to the Web Address bar at the top of this window. See that domain?

What’s In It For You? Why the Heck Would You Do This?

I was brought up “old school” (I got clean in 1980). We were taught that “NA has given you EVERYTHING. No matter what you do, it will never be more than a tiny down payment on the interest you owe.”

I’ve already been paid.

Changing Ideas and Attitudes

Recently, the 6th Symposium brought information technology (IT) from as far east as Scotland and west as California. Our experience, strength and hope generated many ideas in Tampa!

We met NA trusted servants who have an amazing array of skills. Programmers and database workers, web servants and corporate IT managers all contributed to the weekend.

Still we share the same goal: To help members and others by adapting technology to our spiritual principles.

Of course, our specific jobs will change. We rotate. Our replacements need to hit the decks a-running, too! They may lack extensive experience. Surely, they will lack time. Thus, they require simple useful tools and records to do their jobs.

Read more »

Well another FSS IT track has come and gone… news about privacy laws for the US

The Florida Service Symposium was held this past weekend, March 12-14, 2015 in Tampa. As usual the IT Track was great, attendance was a bit lower than expected, but very informative.  Also, as usual, is the clear evidence here that my blogging has been lacking.  I have made promises before and broken them, so I won’t do it again.

As always, if you wish to post, contact me at and let me know what information you would like to start adding to this blog.

Now for the important stuff:  We have all been aware of the Data Protection Directive in Europe that was adopted by the European Union some years ago, but there has been little in formal laws or rules for the US, outside of the Can-Spam Act of 2003.  There was the Safe Harbor to help US organizations/firms to comply with the EU Directive, but not much else.  Some states have developed their own, but the nationwide there has been little.  Well, apparently that has changed.

Rather than go into lengthy details, you can find the specifics for yourself by going to  I would suggest downloading the PDF of the article for offline reading.

Over the next couple of weeks, I will be finalizing new privacy policies for and will share it here.  To all webmasters: please consider the need for your own site’s privacy policies.

Until next time, thanks for reading and stay safe.

Stephan Lantos | IT Manager
NA World Services
Tel: +1 818-773-9999 ext.181 |

Post WSC 2014 news

Hi all,

Just a quick update.  We are in the early stages of two upgrades, one major, one medium:  We are installing a new ERP system that will result in a more robust accounting system and much more user-friendly shopping cart.  For years there have been many complaints (with mine at the top of that list) about how clunky and stuck in the ’90s our cart was.  That was what we were stuck with until a real upgrade of not only the cart, but also everything attached to it.  So that is taking up the vast majority of our time for the next few months.  Additionally, the database program is getting a facelift/upgrade as well.  Some of the changes are cosmetic but others under the hood should help it become more functional.  We are expecting the ERP upgrade to take about six to eight months and the database upgrade to be completed by end of the summer.

On another note, we are working on a mobile app for the Step Working Guides.  The apps will be available on Android and iOS platforms, not Windows mobile as yet. We are still in alpha-testing stage, but as soon as we have something that resembles beta stage, I will send an invite to the folks who are registered here now (please don’t send out an all-points bulletin to your community for testers, I will only accept a maximum of 30 total–any more becomes unwieldy for me.) and a couple of others.  Testers will be asked to sign an agreement not to distribute the test versions to anyone–that will be necessary for Android, as TestFlight no longer works for that platform.

Other than that, remember to stay safe, the amount of malware continues to increase.  To that end I am enclosing a link to the Websense annual report on threats here – (over 9 megs, so it may take some time to open)

Until next time

Stephan Lantos | IT Manager
NA World Services |


Heartbleed bug

The news has been out there for a few days now:  OpenSSL, the means by which most major email companies and some banks, etc. keep your information safe has been compromised.  At first I did not realize how big of an issue this was until I did some research late last night and this morning.  While the companies are scrambling to change their software, your passwords may have been stolen, as this issue has been out there for over a year.    The worst part of this is that you may have no idea that your information has been stolen or not, as there is no way to tell until you start sending out spam, or much worse, your identity is stolen…

Change your password everywhere.   This is no joke, and it’s something that is supremely important: change your password and not into something that is easily hacked, so use a combination of upper case, lower case, numbers and, if allowed, characters.

A good read (somewhat technical but not as much as others) is here:  And here is full disclosure about the bug:

Thanks, and stay safe!

Stephan Lantos | IT Manager
NA World Services |

GEEKLOG: Localization And Adaptability Part Two: Token-Based Text

In Part One of this series, I explained how you should establish a basic text rendering environment that will display non-Roman character sets.

In this entry, I’ll discuss one of the most common patterns used to get those characters onto the screen.

The objective of this exercise is to explain a basic way to allow a display (in this case, a Web page) to reuse the same framework, yet drastically change the content, depending upon the chosen language of the viewer.

I’ll use PHP as the example language. This pattern can be applied to almost any programming language, and actually tends to be supported by many development frameworks. PHP is well-understood, and also has native support for associative arrays, which makes this all much easier to explain. It is also the base language for a number of content-management systems that use this pattern for their own localization.
Read more »

From a friend and fellow contributor about some safe measures

A friend sent me an email when he realized that this blog was not a public one meaning anyone could post.  He offered me the post below to do with as I choose.  Of course I am choosing to include it here as it contains really valuable info.


In the OEM windows world it appears vendors (such a Dell, HP, etc.) deliver machines with the user having administrative privileges. It really isn’t necessary to have these rights for checking e-mail, browsing, word processing, (basic) web programming, etc.

I would advise against logging in with administrative permissions for everyday computing.
In Linux or an OS X terminal you can ‘sudo’. Recent versions of Windows try to implement this in the GUI with User Account Control. I noticed users who do not like UAC come from the Win 3, 95, 98, ME world. It’s not difficult to become acclimated with computing as a member of the Users group. Note: The Power Users group is still there for backward compatibility with NT 5.0 (Windows 2000) and is not necessary for 5.1 (XP) 6.0 (Vista) or 6.1 (Windows 7).

Some things that a member of the Users group cannot do are:

Cannot install software or hardware, but can access programs that have already been installed on the computer.

Cannot change his or her account name or account type. A user with a computer administrator account must make these kinds of changes.

Can change his or her account picture and can also create, change, or delete his or her password.

When I get a machine a few things I do are:

Rename Administrator to something other than Administrator, Admin or root.

Enable Guest account and set a passwd for people who want to use my computer. This way they do not have access to my files.

Setup an account and add it to the Users group. I do not use my name because website cookies will identify me by my username. This is the account I use for everyday computing.

Install applications under this user context using an administrative account (UAC).

If you are having difficulty running applications, check out this page:
There are additional links at the bottom of this page that are similar.

I do not login to e-mail (POP3, IMAP4, SMTP) using ‘clear text’. I use SSL, TLS or HTTPS. For information on securing e-mail authentication, contact you provider.

I do not rely on third-party software to protect my computer, network and (especially) my data. I tie down my computer to protect myself from myself- read the dialogue boxes carefully, don’t click on things I do not know, do not open e-mail from people I do not know or attachments that look suspicious (judgment call). After a short time practicing “safe computing” is easy to deal with.

These are a bit more technical:

If I am not familiar with an application, I do not install it, I’ll place it in a “Sandbox” or Virtual Machine

Go into Network adapter properties (UAC asks for administrative passwd) and disable bindings to services I do not use. In my case that includes:

Client for Microsoft Networks (I can still access my Network Attached Storage).
File and Printer Sharing for Microsoft Networks.
IPv6 (for now since many ISP’s do not support it anyway).

When Windows detects a new network connection, I set it to Public (not Home).

Disable (hidden) administrative shares C$, D$, ADMIN$ etc. This is a good article explaining how to do it.
It will not work with Home editions of Windows.

** Whitelist (this will paralyze most malware even if they get through (like CryptoLocker which Kaspersky, MacAfee, etc. did not come up with a signature for after weeks). Here’s a bit about whitelisting:

I also create a sub-folder within my downloads folder and create a policy that allows execution (NOT from the Downloads directory). I download and drag it into this sub-directory then execute it.

If people use P2P (including Skype) or are opening ports in a firewall or router I recommend they have at least two (firewalls/routers) and place that machine/device in between the two routers (or behind a firewall but in front of a router) and disable UPnP on the (internal) router. This is called a DMZ.

I have a Slingbox, TV’s Ethernet connection, VoIP adapter, Verizon (managed FiOS) router and server in a DMZ. Anything that is not mine (I don’t care what it is), I do not pace it on my internal network. I have wireless access for my guests in the DMZ as well. Not that I do not trust my guests but I do not know their computing habits.

For my family (and friends) in areas that do not practice Net Neutrality, I have them using the Tor Browser Bundle or VPN over SSH or SSL (NOT PPTP or L2TP). That’s not beyond the scope of “Security – personal computers” but this post is already too long.


Thanks K

Keep em coming!

Not abandoned yet… just…

To all who have faithfully followed this experiment, I apologize for neglecting it.  There have been many events and things that have taken all of my time.  There will be some news in the near future focusing on:

  • V2 of the mobile meeting search apps
  • Some plans for the next year in NAWS’ IT world, including possibly a new and much improved shopping cart
  • Some changes expected for the website
  • etc.

Again, I am sorry, but things like the World Convention happen and this goes on the back burner.  If I promised any of you that I would be in touch with you and seemingly flaked, I apologize, but have not forgotten… just trying to clear some time to actually have a meaningful conversation.

Yours in fellowship,

Stephan Lantos | IT Manager
NA World Services
Tel: +1 818-773-9999 ext.181 |

Meeting search apps up and running on iOS and Android

The meeting search apps were uploaded to both platforms within the past few weeks.  iOS went up in April while the Android version  was launched in the middle of May.  Thus far the responses for both versions have been overwhelmingly positive.  In addition to the standard map-based meeting search, there is the option to search for local phonelines and websites as well.   As an added feature, the daily posting of Just For Today is included.

You can download them either via the application distribution store on your mobile device or by clicking on the links below.

iOS Version:

Andoid version:

Support or comments about the apps can be sent to

Yours in fellowship,

Stephan Lantos | IT Manager
NA World Services
Tel: +1 818-773-9999 ext.181 |

New update about security and WordPress and Joomla

Periodically I will post an especially interesting set of updates I receive from Qualys or SANS, that may have an impact  on fellowship websites.  This week, I received the attached update from Qualys about the most recent vulnerabilities.  The title, “RFI Botnet Compromising WordPress, Joomla Sites Worldwide” caught my eye as you can imagine.  So rather than keep it to myself I am attaching the entire update as a PDF. (see link after sig).

Anyone can subscribe to the vulnerability updates.  I have found over the past few years that Qualys, SANS, etc. reporting is a bit ahead of main-stream consumer-oriented publications and present it in a concise fashion that makes it easy for me at least to skim through, reading what pertauins to me and leaving the rest.

Yours in fellowship,

Stephan Lantos | IT Manager
NA World Services
Tel: +1 818-773-9999 ext.181 |