GEEKLOG: Communication Basics

This will be a fairly long post. It’s a Web version of a slideshow that I made up a couple of years ago (downloads a PowerPoint slideshow).

Basically, when it comes to “communications,” lots of folks (not just those of us in NA Service) have terrible problems. We end up thinking other people are stupid, willfully ignorant, or even inimical; when, much of the time, there has simply been a basic failure in communication.

The basic gist of this post is that the onus for clear communication falls on the communicatOR, not the recipient. It’s up to us, as communicators, to ensure that we get our message across.

Failure of communication is seldom “their” fault.

Read more »

GEEKLOG: Of Content Management Systems and Crazed Birds

A few years ago, the Regional Web site that I had constructed and maintained for a number of years was hacked.

It wasn’t an immensely destructive hack, and I was able to clean it up, but it was pretty sobering (Ed: I can say “sober” here, right?).

Basically, they were able to get into the WordPress site I maintained, add admin users, and add header text to every PHP page that re-established the hack if it was cleaned out.

The hack was probably live for six months or more before I noticed it. The hackers didn’t really do much with our site (thank God). You don’t want your site getting blacklisted as a malware distribution site.

I spent a fair amount of time cleaning it up.
Read more »

Safe Harbor 2.0 or EU-US Privacy Shield and the issue of ensuring privacy

AS discussed previously here and elsewhere, the issue of protecting data has been undergoing some significant amount of scrutiny over the past decade.  That scrutiny increased significantly  last year and the EU recently disavowed the Safe Harbor Act, which served as the agreement between the US and the European Union countries.  The links below discuss the agreement reached in principle as well as brief overview of the issue itself.

Article 1   |    Article 2

Why is this important to NA?  Narcotics Anonymous is an ever-growing fellowship that exists in many countries, which are governed by various laws concerning privacy and the protection of personal data.  It was discussed briefly here in this post.  As mentioned within that post, www.na.org’s privacy policies were revised and can be seen at http://www.na.org/?ID=privacy.  Many of our websites, not just the main website at na.org is visited by people from Europe and elsewhere.  Website operators have a responsibility to safeguard the privacy and personal data of their visitors.  Our websites, and the information collected via those websites, including all the event registrations, subscriptions of various type, and shopping carts, etc.  are our responsibility.  Europe is much more active in this area than the US, and the danger was that if an agreement was not reached, the repercussions could be grave.  Repercussions could range from warnings to fines to other legal actions.

Websites from mom-and-pop operations to major corporations are being scanned constantly, trying to hack in and gather whatever data is collected by those websites.  And, in all reality, no website is ever 100% safe from being hacked.  We, at na.org, do our best, but know the only way we can keep our visitor’s data safe is to not keep them on the webservers, but transfer them to more secure environments, or use time-tested third-party vendors.  We employ four layers of security in our network and know that we are still not completely safe.  Vigilance, updated current antivirus, security devices  and software,  analytics and truly actionable intelligence are the keys for us, along with a tested disaster-recovery solution.

The days of us thinking “this concerns them, not us” are long gone.  We need to become and stay aware of what practices we use on our websites and in our networks to comply with these laws.  More information is always available on the net.  I would suggest that if you are interested, look at some of the links mentioned in various posts in this blog, to stay updated about what’s new in security.

Until next time,

Stephan Lantos

IT Manager
NA World Services
818.773.9999 ext. 181
stephan@na.org | www.na.org

 

Overdue – updates and looking ahead

Well, I have been remiss, again, in keeping this blog updated.  I have a T-shirt that reads “more people have read this T-shirt than your blog.” and it would be appropriate for here.

My most recent post was about the changing face of privacy laws in the US and around the world.  I know that the EU is starting to take a much closer look at what various companies are doing with the data of Europeans…  It will be interesting to see what falls out as a result.

So let me provide some updates about what has been going in NAWS IT world:

Successes

  • over 100,000 members are getting JFT’s from us and hundreds/thousands more from jftna.org.nz in English.  We have started to communicate with the various language groups about their posting the JFT on a daily basis.  For more info, they can contact me at stephan@na.org. Just to clarify, this is for non-english languages and it has to be done by an RSC.
  • the NA Meeting Search app has been installed about 160,000 times since its launch…  we are constantly working towards making sure that we have the most up-to-date and accurate information.  The local implementation of the BMLT (see previous posts), and the import process are helping a great deal.
  • we are intending on making all of the books in all languages available on iTunes/Amazon and Google Books… this will obviously take some time as the production department is pretty swamped since we took in doing most of our printing in-house.  And it is not as simple converting a PDF into epubs…  the proofing process often discovers errors… so we would rather be thorough and do it right the first time.
  • we are starting to have more and more service-related webinars.  We intend to have a new page on the website shortly after the conference with specific information about what is coming up, how to signup to attend, and more.
  • We launched our first monetized app, the NA Recovery Companion–available in iTunes and Google.  We intend to keep adding features to upcoming releases.

Challenges

  • as online shopping became the major source of our orders some years ago, we started to look at alternatives to our antiquated accounting software and shopping cart.  We ended up choosing Microsoft Dynamics AX, but it is a very time-consuming process.  Because of who we are with branch office, multiple currencies and over 40 languages, and processing hundreds of orders weekly, the work has gone slowly.  We plan on going live later this year…  as with other things, more will be revealed.
  • security continues to be a major concern for us.  Whether the problem of our network being scanned for vulnerabilities hundreds of times every hour to the necessity for us to go to websites whose security is lacking and infected, it is an ongoing challenge.
  • while the NA Meeting Search appears to be successful, we are still struggling with getting local committees to update their meeting information with us.

Plans

  • once the conference is over, we will be focusing on finalizing the new accounting software/shopping cart…  we anticipate that customer and technical support will be busy for the first 90-120 days after launch.
  • we intend to overhaul the mobile version of the website in this next year…  not so much look and feel but functionality.  Likewise we will look to develop and implement some functional improvements for our main website.
  • to update more frequently… sheepish smile.

Any questions, concerns, reach me at stephan@na.org. Until then I remain

Yours in fellowship,

Stephan Lantos
IT Manager
NA World Services
818.773.9999 ext. 181
stephan@na.org | www.na.org

 

 

GEEKLOG: The BMLT

I’d like to take the opportunity to introduce a project that may be of considerable interest to the readers of this blog: The BMLT.

What’s the BMLT? A Sandwich?

BLT Sandwich

No.

An old 80’s power trio band?

No.

OK. I Give Up. What Is It?

Here’s the “Elevator Pitch” from the Main BMLT Web Site:

The BMLT is a complete Web-based NA Meeting List that will work with existing or new NA Web sites, and is already in use by dozens of NA Service bodies around the world.

It allows easy, customizable meeting searches for all types of NA Web sites, mobile devices, and printable lists.

It allows easy synchronization of your meeting list with NA World Services (NAWS). However, even though developed in coordination with NAWS, the BMLT is an independent, standalone project; with no connections to any NA Service entity or philosophy.

It is very secure and extremely easy to install, use, and administer with the ability to assign sequestered, isolated logins to individual administrators.

You can manage thousands of meetings, with dozens of Service bodies, from one server; yet allow each Service body to have its own implementation and expression of the meeting data. Alternatively, you can use the BMLT to manage just a few meetings.

It is of incredibly high quality and under active development by highly-experienced professional-grade software engineers.

It is COMPLETELY free and open source.

All work on the BMLT is done by NA members, and adheres to the FIPT.

There are absolutely no restrictions whatsoever on using, deploying or modifying it. It works with modern Web sites, is highly flexible and customizable, and completely localizable (translatable into different languages).

The BMLT helps Service bodies to provide a very important, fundamental Service to their Groups.

The BMLT is meant to fit YOUR needs; not the other way around.

That Sounds Cool! Tell Me More!

Sure. The BMLT is totally open-source, and carries absolutely no obligations whatsoever. You don’t even have to be in NA to use it (several non-NA organizations employ modified versions of the BMLT).

You don’t even have to give the authors of the BMLT credit. In fact, it’s probably best that you don’t, if the site that uses it is a registered NA Service body site.

All that I want is for addicts to be able to find NA meetings. It’s really that simple.

That Interactive Map Thingy Is Cool, But My Area Only Has 15 Meetings. Do I Have to Use It?

Absolutely not. There are literally dozens of ways the BMLT can be deployed, including simple tables (NOTE: The linked meeting search is a demonstration only, and does not reflect the current meetings in the Quincy ASC).

My ASC Is Part of A Big Region. Can We Use This Without Our Region?

Yes, but I’d suggest against that. The Region should really run the main database server, and your ASC should link to that server. It’s really the best way for us to work. Unity, and all that…

Can I Get Statistics From the BMLT? I Want to Give A Report…

Glad you asked.

Yes, you can.

That’s Nice, But I Live In Sweden. I’d Like It In My Language.

Ask, and ye shall receive (At the time of this post, Sweden was still working on a new site, so the styling is a bit “raw”).

Gee…This Looks Awful Slick. What Does It Cost?

Let’s see… How shall I put this…

NOTHING

I hope that was clear enough. I’m the author of the BMLT, and I can assure you that I seek not one single penny of compensation.

Not one red cent.

Seriously?

Yup.

Where’s the source? Are You Keeping it Hidden? Will You Suddenly Present Us With A “Bill”?

Here you go.

The BMLT is a 100% open-source project, licensed as GPL. That means that anyone can use it, nothing is being “kept back,” and there are no obligations beyond the simple obligations inherent in the GPL license (which only count if you are modifying the project and redistributing it).

I Gots Mad PHP Skillz. Can I Get Involved?

Absolutely. There’s dozens of ways to get involved. Some require no permission or coordination with me (such as documenting/extending the project); others may require a bit more coordination (such as working on the core code).

The main restriction is that I am a professional software engineer, and this is a full-fat professional system, with professional-level quality. The closer you come to the core, the more I’ll be asking you to pay attention to quality and coding conventions.

An immediately useful way that people could get involved is to start some communities around the BMLT. There is a rather moribund Google Group that was set up for the BMLT. Come on in, and show us some love.

We could also use help creating localizations, documentation, and even things like instructional videos.

I can be contacted at “bmlt@magshare – dot – net“. Drop me a line.

Tell Me More…

Please Visit the Main Documentation Site To Get WAAAAY Too Much Information About the BMLT.

Are You Some Kind of “Renegade?” What Does NAWS Think About This?

Um… Look up. No, all the way up to the Web Address bar at the top of this window. See that domain?

What’s In It For You? Why the Heck Would You Do This?

I was brought up “old school” (I got clean in 1980). We were taught that “NA has given you EVERYTHING. No matter what you do, it will never be more than a tiny down payment on the interest you owe.”

I’ve already been paid.

Changing Ideas and Attitudes

Recently, the 6th Symposium brought information technology (IT) from as far east as Scotland and west as California. Our experience, strength and hope generated many ideas in Tampa!

We met NA trusted servants who have an amazing array of skills. Programmers and database workers, web servants and corporate IT managers all contributed to the weekend.

Still we share the same goal: To help members and others by adapting technology to our spiritual principles.

Of course, our specific jobs will change. We rotate. Our replacements need to hit the decks a-running, too! They may lack extensive experience. Surely, they will lack time. Thus, they require simple useful tools and records to do their jobs.

Read more »

Well another FSS IT track has come and gone… news about privacy laws for the US

The Florida Service Symposium was held this past weekend, March 12-14, 2015 in Tampa. As usual the IT Track was great, attendance was a bit lower than expected, but very informative.  Also, as usual, is the clear evidence here that my blogging has been lacking.  I have made promises before and broken them, so I won’t do it again.

As always, if you wish to post, contact me at stephan@na.org and let me know what information you would like to start adding to this blog.

Now for the important stuff:  We have all been aware of the Data Protection Directive in Europe that was adopted by the European Union some years ago, but there has been little in formal laws or rules for the US, outside of the Can-Spam Act of 2003.  There was the Safe Harbor to help US organizations/firms to comply with the EU Directive, but not much else.  Some states have developed their own, but the nationwide there has been little.  Well, apparently that has changed.

Rather than go into lengthy details, you can find the specifics for yourself by going to http://global.practicallaw.com/6-502-0467.  I would suggest downloading the PDF of the article for offline reading.

Over the next couple of weeks, I will be finalizing new privacy policies for www.na.org and will share it here.  To all webmasters: please consider the need for your own site’s privacy policies.

Until next time, thanks for reading and stay safe.

Stephan Lantos | IT Manager
NA World Services
Tel: +1 818-773-9999 ext.181
Stephan@na.org | www.na.org

Post WSC 2014 news

Hi all,

Just a quick update.  We are in the early stages of two upgrades, one major, one medium:  We are installing a new ERP system that will result in a more robust accounting system and much more user-friendly shopping cart.  For years there have been many complaints (with mine at the top of that list) about how clunky and stuck in the ’90s our cart was.  That was what we were stuck with until a real upgrade of not only the cart, but also everything attached to it.  So that is taking up the vast majority of our time for the next few months.  Additionally, the database program is getting a facelift/upgrade as well.  Some of the changes are cosmetic but others under the hood should help it become more functional.  We are expecting the ERP upgrade to take about six to eight months and the database upgrade to be completed by end of the summer.

On another note, we are working on a mobile app for the Step Working Guides.  The apps will be available on Android and iOS platforms, not Windows mobile as yet. We are still in alpha-testing stage, but as soon as we have something that resembles beta stage, I will send an invite to the folks who are registered here now (please don’t send out an all-points bulletin to your community for testers, I will only accept a maximum of 30 total–any more becomes unwieldy for me.) and a couple of others.  Testers will be asked to sign an agreement not to distribute the test versions to anyone–that will be necessary for Android, as TestFlight no longer works for that platform.

Other than that, remember to stay safe, the amount of malware continues to increase.  To that end I am enclosing a link to the Websense annual report on threats here – https://www.dropbox.com/s/6tf34hvp5szu5v2/Websense-2014-threat-report-en.pdf (over 9 megs, so it may take some time to open)

Until next time

Stephan Lantos | IT Manager
NA World Services
Stephan@na.org | www.na.org

 

Heartbleed bug

The news has been out there for a few days now:  OpenSSL, the means by which most major email companies and some banks, etc. keep your information safe has been compromised.  At first I did not realize how big of an issue this was until I did some research late last night and this morning.  While the companies are scrambling to change their software, your passwords may have been stolen, as this issue has been out there for over a year.    The worst part of this is that you may have no idea that your information has been stolen or not, as there is no way to tell until you start sending out spam, or much worse, your identity is stolen…

Change your password everywhere.   This is no joke, and it’s something that is supremely important: change your password and not into something that is easily hacked, so use a combination of upper case, lower case, numbers and, if allowed, characters.

A good read (somewhat technical but not as much as others) is here: http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/.  And here is full disclosure about the bug: http://heartbleed.com/

Thanks, and stay safe!

Stephan Lantos | IT Manager
NA World Services
Stephan@na.org | www.na.org

GEEKLOG: Localization And Adaptability Part Two: Token-Based Text

ABSTRACT
In Part One of this series, I explained how you should establish a basic text rendering environment that will display non-Roman character sets.

In this entry, I’ll discuss one of the most common patterns used to get those characters onto the screen.

The objective of this exercise is to explain a basic way to allow a display (in this case, a Web page) to reuse the same framework, yet drastically change the content, depending upon the chosen language of the viewer.

I’ll use PHP as the example language. This pattern can be applied to almost any programming language, and actually tends to be supported by many development frameworks. PHP is well-understood, and also has native support for associative arrays, which makes this all much easier to explain. It is also the base language for a number of content-management systems that use this pattern for their own localization.
Read more »