Thursday, April 30, 2009

Swine Flu in Google Earth

OK, guess where I found this article about tracking the Swine Flu outbreaks on Google Earth. Right! Once again, the GearthBlog. This is yet another wonderful post that points us to a kml file (Google Earth format file) that will plot all cases of the Swine Flu on the map - and even post live updates! It shows both confirmed and suspected cases, too.

So, if your current events class is talking about this (and how can it NOT be, as the Swine Flu is also being blamed for fluctuating oil prices) then this is a must-read article.

Looking for data? Try (and link to) this

A recent post in the Official Google Blog really caught my eye. Now it's possible to not only find public data and view it in a chart, but now you can interact with it, adding other data for comparison, for example. Even better, you can link to your chart!

Take a look at the video at the end of that blog post and then try it yourself. Here is one that I made that compares the unemployment rate in PA with that in Allegheny County (Pittsburgh) and Philadelphia.

Another great way for kids to create non-powerpoint presentations.

Wednesday, April 29, 2009

Reflections on the Webinar

It was really exciting to be able to offer a free webinar on the American Recovery & Reinvestment Act of 2009. I decided about three weeks ago with all of the clamor of this stimulus package to share my ideas on how school districts can begin to dialog on how best to plan for purchases and professional development. First off I would like to thank Glance for providing me with use of their incredibly easy to use screensharing and teleconferencing service. It went off almost without a hitch- slight error on my part of giving my participants my old Glance address. Once I rectified that, we were on our way to having a smooth and successful webinar.

The stimulus package is an ideal was to really build and shore up your school's assistive technology program. While there is a lot to think about, the stimulus dollars will only be here for a two year period of time. One of the top priorities is for schools to purchase state of the art assistive technologies along with intensive professional development for regular and special education teachers. While there will be challenge- never has there been such a great opportunity for those of us in the field of assistive technology to demonstrate just how important these tools can be for the students to reach their goals. For those of you who were not able to make the webinar here is a copy of my presentation.

Impressions from One to One

In no particular order, some thoughts about this year's One to One conference held in Penn State over the past three days.

  • VERY frustrating Internet connectivity. ARRGGHHH!!!
  • The kids from the CLC Charter School did a GREAT job with their projects AND their presentations. One team created a video that told the story of "Flowers for Algernon" but from the perspective of the character of Miss Kinney. Excellent. Another team did a project that told the story of Nuclear power that rivaled the kinds of movies you might see at Three Mile Island. It was just incredible. And really, it was made in one day. OUTSTANDING! The last was a funny movie about Pirates. A fun and funny video and a nice presentation. All the students represented themselves and their school VERY well. I am SO glad I got to see them. Take a look at some of their archived projects on their website. (Y' know, I almost expected to hear one of these kids talk about, "the beauty of knowledge." They were so good!
  • The presentations by David Warlick, Chris Champion - er.. check that, Chris Lehman!! (Thanks, Kristen, for pointing that out), and Cole Camplese were all excellent. I enjoyed every second of each one.
  • I really enjoyed talking to the David Jurkiewicz, Rob Nelson, and Bill McRae, the teachers behind that Springfield High School's Inauguration project. They did a nice job presenting, too. One student comment that stuck with me was the one that a girl said when the project was over. She said, "I don't want this to end. I'm going to miss this project." When you see what they did and how they worked so hard to troubleshoot issues and to make the event a truly student-produced event you can understand why she would not want it to end - if it meant going back to classes as usual.
  • Not sure how I feel about watching a Prezi presention.
  • I was impressed and touched to watch a teacher give moral support to a shy student presenter. Just through proximity.
  • I envied the relationships that some teachers have with their students. It was obvious that there is a caring, nurturing, and supportive relationship there. Once again I longed for just one more year back in the classroom.
  • I was encouraged to hear some of the changes that Penn State faculty is making in their teacher education undergrad program. It sounded like those teachers will be MUCH better prepared to enter the kinds of classrooms they're going to find when entering PA's CFF classrooms.
  • I wish the VERY best to a friend who just discovered that his cancer has returned. Yet, he was here and talking about wanting another year to work with his teachers. Good luck, Larry. I hope you can have a DOZEN more years with your teachers, if you want to.
  • While we as a state have a long way to go before we're able to say that we're all providing World Class education for our students, we certainly have made great progress to that end.
  • Overheard: "I can't tell you how nice it is to be in the company of people who would use the word, 'Indeed!' in casual conversation." (That certainly tells a story, doesn't it?)
  • Did I mention that the Internet Connectivity STUNK?
  • Even when sitting with "The Converted" there are still many who don't know the whole story.
  • I get embarrassed when sitting with folks who feel compelled to talk - in a full voice - to a neighbor DURING A KEYNOTE PRESENTATION. SHUT UP! IT IS RUDE!
  • Why don't schools do more to 'celebrate' the many cultures within their district? What a missed opportunity to promote cultural and global understanding.
  • I'm VERY proud of the efforts and the work of the teachers who attended this conference. They were here to learn so that they can do a better job for their students.
  • It was GREAT to say hello st some of the folks I follow on twitter!
  • Backchannel conversations CAN be VERY focused and beneficial - especially if folks are directed to express their thoughts in the backchannel. It keeps them from perhaps talking about last night's hockey game.
Anyone else who was here care to share your thoughts?

Invert Image Processing and Source Code In Delphi

Hi Friend. Do You need Source Code of Image Processing..? But I’m only have in Delphi Programming. It is easy to Follow and Understand.

Invert Image is one of image processing to invert the color. The easy way to understand is Change Black Color to White and White to Black, but there are variation if the Red, Green and Blue value have variation.

Invert Image Basically obtain from decrease Value of 255 to Red Pixel Value, 255 to Green Pixel Value and 255 to B Pixel Value.



Below is Source Code for Invert Image Processing in Delphi.


procedure TForm1.ToolButtonInvertClick(Sender: TObject);
var i,j :byte;
PH:PByteArray;
R,G,B : integer;
begin
for i:=0 to FormHasil.ImgHasil.Height-1 do
begin
PH:=FormHasil.ImgHasil.Picture.Bitmap.ScanLine[i];
for j:=0 to FormHasil.ImgHasil.Width-1 do
begin
R:=255-PH[3*j];
G:=255-PH[3*j+1];
B:=255-PH[3*j+2];

PH[3*j]:= R;
PH[3*j+1]:= G;
PH[3*j+2]:= B;
end;
end;
FormHasil.ImgHasil.Repaint;
FormHistogram.Histogram;
end;


Please Comment If I’m Wrong. Comment are widely open…!!

Tuesday, April 28, 2009

Brightness Image Processing and Source Code In Delphi

Hi Friend. Do You need Source Code of Image Processing..? But I’m only have in Delphi Programming. It is easy to Follow and Understand.

Brightness manipulation is widely use in image processing. We give a value to the procedure to change the brightness. Positive value mean increase brighness and negative value mean decrease brightness.

(a. normal image)

(b. decrease brightness, histogram spread)


(c. increase brightness 1, histogram collect together in right side)

(d. increase brightness 2, histogram collect together in right side)


Below is Source Code for Brightness Image Processing in Delphi.


procedure TFormBright_Con.Brightness (A:integer);
var
i, j: integer;
R,G,B : integer;
PH:PByteArray;
begin
for i:= 0 to FormHasil.ImgHasil.Picture.Height-1 do
begin
PH:= FormHasil.ImgHasil.Picture.Bitmap.ScanLine[i];
for j:= 0 to FormHasil.ImgHasil.Picture.Width-1 do
begin
R:= A + round((PH[3*j]/255)*(255-A));
G:= A + round((PH[3*j+1]/255)*(255-A));
B:= A + round((PH[3*j+2]/255)*(255-A));

if R >255 Then R:=255
else if R<0 Then R:=0;
if G>255 then G:=255
else if G<0 Then G:=0;
if B>255 then B:=255
else if B<0 Then B:=0;

PH[3*j] := R;
PH[3*j+1] := G;
PH[3*j+2] := B;

end;
end;
end;




Please pass the value from SpinEdit Maybe or by TrackBar or manualy by Edit.
Example :

Brightness(TrackBar.Position);

Please Comment If I’m Wrong. Comment are widely open…!!

Monday, April 27, 2009

PollDaddy Polls for Twitter

Thanks to @mackrellr for pointing me to this: Polldaddy polls for twitter.

There are others, for sure, but what I like about this one is the ability to leave comments on the poll to explain your vote.

Check out this sample:


The 16th Carnival of Computer Help and Advice

Welcome to the sixteenth monthly Carnival of Computer Help and Advice. Another collection of blog articles to help you avoid problems and get the most out of your PCs.

I would like to thank everyone who contributed yet another bumper haul of excellent posts. As ever, limitations of space mean that not all submissions can be included.

We get the ball rolling this month with Kristofer Brozio's review post 16gb USB Drive Comparison - 17 Drives Compared from Testfreaks | The Blog. While we are on the subject of hardware, Jules of PCauthorities.com tells us how to How to Boost Your Laptop Audio.

In recent years the Linux has emerged as a viable alternative to Windows. The next two posts extoll the virtues of the two major distributions of this free operating system: Paul Dickinson presents Dumping Windows for Ubuntu posted at Live Without Work; and gadgetphix author Mike Pettinato shares his post Tired of Windows but Can't Afford a Mac? Try Fedora Linux 10.

Next up we have a selection of posts about web browsers: Nesher of Collection of Web Freebies shares his 22 Useful Google Chrome Shortcuts; Rohit explains Blocking Advertisements In Internet Explorer 8 at Advanced Technology Hacks; WindowsFixUp's Admin suggests ways of Speeding Up Internet Explorer 8; and, zangozzz from blogging tips tells us How To Speed up Firefox | Tweak internet browser speeds.

Staying with the Internet theme, the next few posts deal with various email issues: Margaret Garcia presents 100 Best Web Tools and Tips to Organize Your Inbox posted at Radiology Technician Schools; PCStuffBlog.com lists 13 tips for hiding e-mail addresses from the spammers; and, Don Salva tells us how to Stop Spam, use temporary and disposable mail inboxes!

The final few featured posts this month are a pick'n'mix. Regular contributor, Andrew Edgington explains How Adobe Photoshop Restores Old and Worn Out Photographs at Learn Photoshop Now. For those that like to customise Windows, ramaraobobby of Bloggersbase shows a Desktop.ini trick to apply image to a drive icon area. Last but not least, WrapT NoTES author JuzaNobo helps us recognise Signs of Computer Virus Infection.

If you are interested in hosting a future carnival please leave a comment on this post or use the contact form over at our Blog Carnival page where you can also submit your blog posts for inclusion. Don't worry, if you don't want to write the Carnival post I can do it for you.

More next month.

Sunday, April 26, 2009

Informix community news

International Informix User Group is hosting the annual Informix User Conference. It's taking place in Kansas City, not far from the Lenexa development labs where most of the IDS development is done.
This allows the conference participants to meet with some of the more influential people in Informix development. Most of the product architects will be at the conference.

It should be starting, and it will end on Wednesday. You can check the schedule on the IIUG site.
The conference is packaged with a lot of interesting sessions, workshops and you can even take the exams for IDS v11 certification. If you're not going to the conference you can also take a free online test just to get some feedback on your knowledge level. The exams are available on the Prometric website and you can get a promotional code which makes the test exam free (usually it costs $10). Please check http://www.ibm.com/software/data/education/cert-assessment.html?ca=09iiugoffer
and go to the Prometric Website. Use the promotional code IIUG2009.

Taking advantage of being at the conference, Cathy Elliot, Informix Software Marketing Manager, has just created a new blob, called Informix Voices ( https://www.ibm.com/developerworks/mydeveloperworks/blogs/InformixVoices/ ) where she intends to post some interviews with relevant people from the Informix community. Should be worth to keep an eye on it.

Finally, we are all waiting for IDS 11.50.xC4 which we know by now that will bring table compression to the Informix world. I will post about it when the version is available. Meanwhile if you're going to the IIUG conference, enjoy it. If not, keep an eye on the Informix blogs for updates.

"The Beauty of Knowledge"

In the latest daily email from the Diigo in Education group was this bookmarked site: Be Very Afraid."Prof. Stephen Heppell and his team once again brings together some of the best examples of Digital Creativity from schools, colleges and Higher Education in the South East." Note that along the top of the page are links to the various year's events. BVA1 thru BVA5. (BVA=Be Very Afraid) Spend some time watching the videos from the various years. Yo'l be glad you did.

This particular piece was done in 2005, but don't let that stop you from watching it. In particular, I was impressed by the two girls in the Matching Green School video. At one point these two girls talk about the work that they've been doing - solving a problem of a computer having crashed. The computer crashed and now has the knowledge of a 6 yr old. But, by solving problems and correctly answering questions, they are able to give the computer back, "...the beauty of knowledge."

"The beauty of knowledge."

Wow. Isn't that just.. beautiful?

YouTube Symphony Orchestra performance

I hadn't seen this part before. Here are three children playing a piano piece, Sergei Rachmaninoff's Vase from Two Pieces for Piano. It's the first piece when this starts.

Having spent the first part of my life as a (bad) music teacher, but still holding onto the soft spot in my heart for young musicians, this caught my breath when the camera moved the the image of these three young children seated at the piano.

If you've got some time, watch the entire piece. Oh, and don't forget to watch the first half of their performance here, too.

Saturday, April 25, 2009

What Stops Population Growth? - Hans Rosling

http://www.gapminder.org/videos/what-stops-population-growth/

I'm sure that you know of the WONDERFUL website: Gapminder.org (correction made to original post). You might have seen one of his presentations on Ted. I was browsing the gapminder.org site just now and was exploring some of the other , perhaps less well known features of the site. For example, under the Gapminder World link, click on the link for "Gaps Between" and watch data about the gaps between states in the US, or in China. Or, on the front page, click the links to watch some of the videos like the one I linked to at the top of this post.

First, watch the video (above) and then ask yourself if that data told the story. I think you'll agree that it did. Then ask yourself if giving a presentation like this is better than diving a PowerPoint presentation. I think you'll agree, again, that it is.

Now, if you're s social studies teacher who talks about global issues or how tries, at least, to put the events of the US into a global perspective, why not spend some time in Gapminder exploring the data? Why not find those data elements that, when plotted together, tell a story much more effectively than ANY PowerPoint could do?

Send this post along to your favorite Social Studies teacher after you watch the video. In a World Class education system, shouldn't the students be making presentations like this?

Falcon Cam active in Harrisburg again

http://www.dep.state.pa.us/dep/falcon/

Every year I try to remind folks about the camera atop the Rachel Carson building in Harrisburg, PA that is trained on the nest of a peregrine falcon. You can either watch the still images as they are updated every two minutees or you can watch the live camera.

Right now mama is sitting on the nest so there's not a whole lot of action. But, soon the egss will begin to hatch and the fun starts. Last year I watched as one or the other of the adults brought back a pigeon it had caught. It was fascinating watching it feed the four eyasess.

You can find lesson plans for teachers, and even register a class to receive updates and other information about the birds.

Check it out. Register your class so that you know when the eggs begin to hatch. Great fun!

Returning to null...

In a recent article I talked about the way to return a NULL from a query. That remembered me how "picky" Informix is with NULL. Did this sound like me saying Informix does something wrong?! That would be strange in an Informix dedicated blog...
Well... I said "picky" because that's the feeling I get from people who face the way Informix deals with NULL. Usually those persons have a background in other RDBMS which may times behave differently. Let me show some situations common in Informix:

  1. The query below returns NULL. Most of the times people expect it to return "SomeString"
    SELECT
    "SomeString"||NULL
    FROM
    systables
    WHERE
    tabid = 1;

  2. The query below return no rows. People would expect it to return some rows
    SELECT
    "SomeString"
    FROM
    systables
    WHERE
    "A" != NULL::CHAR

  3. The query below also returns NULL. People usually expect it to return 10
    SELECT
    10 + NULL::INTEGER
    FROM
    systables
    WHERE
    tabid = 1

Query 1) and 3) are similar. Above I wrote that Informix is "picky". I could say it in another way: Informix is very strict on the way it treats NULL. By definition (SQL standards), NULL is the absence of value. That means that you can't do nothing with it... Any operation (concatenation in query 1 and addition in query 3 for example) will return NULL. Any comparison with NULL returns FALSE. In order to understand it we must avoid looking at the question with a practical approach and instead use a formal, conceptual approach. In other words, it would be intuitive that if we concatenate a string with "nothing" we would still get the string. But on the other hand, conceptually, we cannot concatenate a string with the absence of string... And we cannot compare anything with NULL, because it does not exist. So, by definition any such comparison should return FALSE. "A" is not equal to something that does not exists, but conceptually you can't compare these two operands, so the comparison fails (FALSE).

Also note that in Informix NULL cannot be represented by "" for example. "" is an empty string. But at least it has a defined value. NULL hasn't.

Many developers argue that the way Informix deals with NULL does not make sense and causes incoveniences. I argue that this makes a lot of sense (mathematically) and I concede that it can be inconvenient sometimes from a practical perspective. But in reality, what those developers or I think is pretty irrelevant. What is relevant is that it's the way the SQL standard defines NULL and Informix follows it.

In order to overcome the inconveniences we can use the NVL() function.

Ocean Trash Vortex

Sorry this is too late for Earth Day, but not too late to make a lesson out of it. I hope you already knew about this and already built it into your lessons for Earth Day.

Enormous Ocean Vortex of Trash

Imagine garbage covering the entire state of Texas. Now imagine it floating in the ocean. Now imagine that it's not only floating, but it's swirling in the ocean and circumnavigating the globe.

"Researchers have discovered a Texas-sized area of trash floating in the Pacific Ocean. Composed primarily of plastic garbage from landlubbers, the area has become both a major threat to marine life and a frightening example of how polluted our oceans are."

There's a great animation of how this happens here on the GreenPeace site. Scroll down and click the blue map. Once you're viewing the map, click the tab in the bottom left corner to see an animation of how long it takes the trash to move around in the ocean currents.

Here's a quote from the GreenPeace site:
"Many seabirds and their chicks have been found dead, their stomachs filled with medium sized plastic items such as bottle tops, lighters and balloons. A turtle found dead in Hawaii had over a thousand pieces of plastic in its stomach and intestines. It has been estimated that over a million sea-birds and one hundred thousand marine mammals and sea turtles are killed each year by ingestion of plastics or entanglement. "

Remember, this is a problem that we're creating NOW and leaving the cleanup solution to our children. What a GREAT lesson this could be for your students, eh?

Using the Vernier GPS Sensor with the LabQuest

I first want to thank Vernier Software & Technology for sending me their latest GPS Sensor to review that can be used with LoggerPro 3.7 and the LabQuest. I have always had a keen interest in both science and technology and would have loved to have access to a LabQuest in my science classes when I was in school. In this day in age of technology, the LabQuest foots the bill for an easy to use handheld data collection tool. The LabQuest continues to grow as an educational tool as more and more sensors get added to the product line. I was very glad to hear that Vernier was going to release a GPS Sensor this spring that could be used with the LabQuest and when it arrived at my doors steps, I couldn't wait to give it a try. Vernier shipped me the GPS Sensor along with LoggerPro 3.7 software which incorprates some new features that can take advantage of the GPS sensor. My first reaction was "wow," when I first saw the GPS Sensor, no bigger than a USB thumbdrive that I carry with me. My first order of business was to update the system software on my LabQuest which went off without a hitch. Once the LabQuest was updated, I plugged in the GPS Sensor and watched as my LabQuest honed in on the satellities. Within seconds my LabQuest was displaying a readout of the latitude and longitude.

I decided to give the GPS Sensor a try and walked around the periphery of my home located in the Northwest part of New Jersey. I plugged the GPS Sensor into the LabQuest and pressed the Start collection button. As I walked around the property line, I watched as the LabQuest updated my position on the screen. After walking around the property line, I came back into my office and launched LoggerPro 3.7 and plugged the LabQuest into my computer. Within seconds, LoggerPro 3.7 prompted me to download the data that I had just collected. You will find LoggerPro and LabQuest easy to use and the helpful prompts will ensure that you are able to offload your data correctly to your computer. Once the data had been downloaded to LoggerPro you can take a look at your Speed, Altitude, Time and Latitude (Direction) from within the software.

One of the really exciting features of bringing your GPS data into LoggerPro 3.7 is the ability to map it. Right now there a two options for mapping your data: exporting the data in a GIS format or exporting it to Google Maps. In my instance, since I was connected to the web, I decided to export the data directly to Google Maps which was really exciting. Within seconds my route around the periphery of my home was plotted within Google Maps, which you can see in the screenshot.



The GPS Sesnor from Vernier worked really well and should give you some reason to think how you can integrate this location based technology in your science and math programs. It should be noted that you can connect other sensors to your LabQuest while the GPS Sensor is connected which makes this an ideal tool for doing field work where there is a need to have your position automatically recorded. Think about the type of environmental projects that would benefit from using the LabQuest and the GPS Sensor in the field. Certainly water quality studies are a prime candidate for using this type of technology. If you can think of some other ideas please leave a comment. The GPS Sensor is an excellent addition to the full line of Vernier sensors that can be used with the LabQuest and begs teachers to think about innovative ways to use location based data collection tools in their classrooms'.

Computer Business Plan Tips for Getting Great Clients

As you are writing your computer business plan, you need to think about a very important question: WHO will be benefit from your services?

Many computer business owners make the mistake of chasing after prospects that only need services now and on a short-term basis. What you should be doing however is marketing to those prospects that will be with you for many years to come and bring you predictable, steady revenue. This is the core, but potentially $100,000+ difference between transactional-oriented cherry-picking, one-shot-deal customers and long-term, steady, high-paying great clients.

Although many mistakenly use the terms customer and client synonymously, it's a huge oversight because of their enormous differences in long-term potential to your computer business.

They fail to see how working for fly-by-night customers will leave them scrambling to make their next buck and dissatisfied as they move from customer to customer, never establishing solid, mutually-beneficial relationships that can make computer consulting work more rewarding and successful.

Consider the following 4 ways to build a computer business plan around the needs of great clients, rather than one-shot deal customers.

1. Think About Customer and Client Acquisition Costs. As you are creating your computer business plan, think about the time and money that will go into your marketing campaigns. Customer or client acquisition costs are simply defined as those time and out-of-pocket expenses that can be directly traced to the acquisition of new customers or clients. In order to measure this correctly, you need to have controls and techniques in place to help you measure where your customers or clients originate.

2. Track the Origins of Your Customers and Clients. Tracking where your customers and clients originate is critical to understanding how to get more of the clients that will stick by you long term … and less of the customers that have no interest in building long-term relationships. For example, when you send out a postcard or other piece of marketing collateral to a set of leads or prospects, you can send them to a Web site landing page to fill out a form, register for a free seminar or request a free CD. If you use a special URL and landing page, you easily can count how many clicks you got and how many sign-ups you got. Then after the campaign, you can measure which percentage of sign-ups got qualified, which ended up becoming customers or clients and finally, how much new and eventual revenue can be traced to these specific new customers or clients from that specific campaign.

3. Measure How Much Time and Money Goes into Seminars and Relationship-Building Events. You need to know how much time and money goes into the seminars that you hold for your prospects, customers and clients, so you can understand the cost of acquiring a real client... and even more importantly, understand exactly what a really great client is worth to your computer business. As a simple example, think about what would happen if you invested $1,000 and 16 hours of time (that you value at $100 per hour) planning, marketing and holding a seminar event. From this, perhaps you got a new customer that spent initially $400. Then, that same customer might become a steady, high-paying client on a $12,000 per year on-going service contract. This basically means you spent $2,600 in money and time finding a new client that was worth $12,400 in the first year of your relationship. The client acquisition cost was $2,600. But what if you didn’t push on-going service contracts, and that client just spent $400 with you once? Then, that $2,600 cost was certainly not worth the trouble. The customer vs. client mindset makes all the difference in your computer business plan.

4. Target Clients with Your Marketing Activities. Unless you have a huge Fortune 1000-sized marketing budget, you have to work smarter when it comes to marketing. You have to focus on small businesses that are most likely to become steady, high-paying clients. There’s a world of difference in the lifetime profitability potential or lifetime value between customers and clients. As you design your computer business plan, you can’t afford to market to any companies that don’t have the potential to become steady, high-paying clients. The targeting and lead qualification becomes mission critical.

In this article we gave you 4 tips to help you build your business around getting great clients rather than one-shot-deal customers. Learn more about creating a computer business plan that will get you great, steady, high-paying clients now at the attached link.

Copyright (C) ComputerBusinessPlans.com All Rights Reserved

Thursday, April 23, 2009

Compress and free....

Guy Bowerman post's about two new Informix white papers. One of them talks about the new compression feature of IDS 11.50.xC4. Be sure to check it, if you feel your data is growing beyond acceptable limits.
The other paper gives an extensive and detailed overview of managing IDS on Windows platform.

Here's the article: http://www.ibm.com/developerworks/blogs/page/gbowerman?entry=new_informix_white_papers

Wednesday, April 22, 2009

Project Planning in MindView 3

In a previous post, I had asked my readers to share their thoughts and ideas about project planning and management and mind mapping software. I had created a short 10 question poll about the issues and features that you are looking for in your mind mapping software and just how important and integral is project management to the tool. Not surprising a large percentage of the respondents felt that using mind mapping software for project planning was a very important reason for using the tool.

Earlier this week I posted a review of MindView 3 from Matchware, Inc. which focused on the mind mapping environment and thought that you would be interested in some of the unique project management features that are built into MindView 3 BE. With this in mind, I had a chance to take a look at MindView 3 Business Edition (BE) to see how it handles project planning. MindView 3 BE has project planning tools integrated into the mind mapping application and it is easy to go from mind mapping to the Gantt View with a single click. Once you are in the Gantt View you have a full range of tools at your disposal which you would come to expect from a project planning application. Once you go from the mind mapping view to the Gantt View MindView 3 now will treat your Main Topics as Summary Tasks and all your subtopics as your working tasks. In the Gantt View it is easy to set the Start Dates and the Duration for the task and watch the End Date automatically recalculate. MindView 3 BE lets you select the dates from the standard calendar picker which makes it easy to enter the data. You can link your Tasks as well as your Summary Tasks with the Linking tool that is provided in the Toolbar and watch as your Gantt chart is recalculated when changes are made. MindView 3 BE supports a number of common dependencies such as Start to Start, Start to Finish, Finish to Start, and Finish to Finish. To make changes to the type of dependency, simply double click on the link between the tasks and select the dependency type from the drop down menu. Entering task completion is easily accomplished by placing your cursor in the task bar and dragging the completion bar to the right. You could just as easily extend how long a task will take by clicking on the outer edge of the task and dragging to the right. MindView 3 is very responsive and changes are automatically updated. MindView 3 has several overall styles that you can apply to your Gantt chart as well as allowing you to fully customize individual tasks with your own color schemes if you so desire.

Setting up your resources for the project can be accomplished in several different ways. For small projects it is easy to just type in the name of your resource. For larger projects you can import your resources from you Address Book or from your Active Directory. There is also the option of importing your Resources from OpenMind, MindView, Microsoft Project and from MindManager. Once you have entered your Resources into your project you can allocate the Resource by selecting the resource from the Assign Resources dialog box. I would have liked to been able to select the Resource right within Resource area without the need to bring up another dialog box to do so.

Setting up the Project Calendar for the Project is quick and intuitive and allows you to define the standard work day as well as set days off for the project. Setting up non-default days was accomplished very quickly. It is important to understand the each Project Calendar is set up for each project that you are working on. It is not possible for MindView 3 to be able to share Resources among multiple projects you are tracking and so Resource leveling is not an option in this application. To view the Critical Path you simply click on the Critical Path button which is prominently located on the toolbar.

Setting up project costs within MindView 3 BE is accomplished by using the Calculation Panel. As you see in this Gantt Chart, I have set up three different branch values for each task; Labor Costs, Materials, and Total Costs. Once these values have been set up I can then click on any task and enter a dollar value. Using the formula tools within MindView 3 BE, I can also sum up the Total Costs which are based on adding the values of Labor Costs and Materials for each task. Creating the formula to do this was straight forward and intuitive. MindView 3 BE has a very powerful SUM tool that can be utilized to roll up all of the values in your project and provide you with and overall cost for your project. To get a sense of the power of the Calculations-simply use the Export to Excel Advanced feature to generate a fully formatted project cost analysis spreadsheet with all of the data in one place. You can also use the Project Reports tool that is found within the Gantt View to give you a number of key reports that you can generate on the fly. The Project Reports generates html files and opens your reports within the browser. You will find the reporting to be be very quick and easy to use.

When it comes time for sharing your Gantt chart you can easily print it out using the various formatting features found in MindView 3 BE or export your project to Microsoft Project if you like. You can easily export your Gantt view to a Picture file in a number of formats. I would have liked to see the ability to export to PDF within MindView 3 BE,, which is I believe the standard for file exchange.

For those situations when a Timeline will do to communicate the project, MindView 3 BE provides you with an alternative to the Gantt Chart. The Timeline environment is just a click away and is packed with features to help communicate your project tasks and goals. There are several ways to format your Timeline within MindView 3 to take advantage of both timelines and Gantt charts. This is a really handy tool to have access and gives you multiple ways to represent your project tasks. You will notice in the screenshot that you can also show the costs associated with each task.

Summary
MindView 3 BE gives you some easy yet powerful tools which lets you go from mind mapping to project planning with the click of the mouse. MindView 3 BE provides an intuitive and easy to use interface within the Gantt View to get your project planning done and on time. While the calculation feature provides some powerful reporting features it doesn't go far enough to help link the duration of the task with costs. I would have liked to been able to have my costs for the project keyed into the duration of the task and the cost as related to the resource being accessed so that MindView 3 could automatically calculate the current cost for the project. I believe that this is an area for improvement but it does not mar the effectiveness of the tool or the ability to work with calculations and the Excel Export to generate your project costing reports. All told, MindView 3 is a formidable mind mapping tool with strong timeline and project planning features.

Monday, April 20, 2009

Proloquo2Go Webinar

With the marvels of the Internet I was able to connect with David Neimeijer, from Assistiveware via Skype and began chatting with him about the impending release of Proloquo2Go. Proloquo2Go is a portable augmentative communication device that runs on Apple's iPhone and iPod Touch. Proloquo2Go is a very innovative, programmable and cost effective device that can be used with students to give them a "voice". As we were chatting, I asked David if he would mind giving my Assistive Technology Class and introduction to Proloquo2Go-but considering the time difference he thought that his partner Samuel Senott might be available to do it. Within minutes David, Samuel, and I were talking over Skype and setting up the impromptu webinar.

Using Skype, Samuel came into the classroom and introduced himself before we went into a GotoMeeting session. My students appreciated the chance to see Samuel and get a feel for the device before we went into our webinar session. Once in the webinar Samuel was able to show us the iPhone emulator and demonstrate to us first hand how Proloquo2Go will work. My students were really excited to see Proloquo2Go in action and could not believe just how easy it was to use and the quality of the speech. Some of my students were glad to find out the cost and really thought that the size and weight of the device were two very important features. Everyone really enjoyed just how flexible a tool Proloquo2Go is and are looking forward to its imment release on the Apple Store. I personally want to thank Samuel and David for making this happen and wish them the best on their new product launch.

Undergraduate Examination

Dear All,
I need Support from All My Friend in The Blog World
to Succeced my Undergraduate Examination
in Friday, 24 April 2009

wish all the best for Me.

Sunday, April 19, 2009

YouTube Symphony Orchestra performance

This gives me goosebumps!




How cool is this?

2020 Forecast - a tool to help shape the future

Many thanks again to John Branson for sharing this one with me via email. Thank you, John. You'll see that John referred to this article back in that comment.

There are many changes taking place, and many trends taking shape, as well as may new technologies that allow us to do new things, involve more people, visualize data, take control of your own learning, and organize people like never before. This report identifies these factors and shows how they interact to create real change.

From the report: "Over the next decade, the most vibrant innovations in education will take place outside traditional institutions. This 2020 Forecast: Creating the Future of Learning presents a critical dilemma facing these institutions: how to reconcile bottom-up developments in education with the traditional top-down hierarchy that is currently in place. Such peripheral innovation will redefine how learning is organized, who comprises the broad “school community,” and what the actual experiences of learners will be like in the future. The validity and role of formal institutions of education will be challenged by key forces of change and will be reconsidered by an expanding group of stakeholders. Together, the pressures of change and new stakeholder demands will create a new future for learning."

And, "This 2020 Forecast is a tool for thinking about, preparing for, and shaping the future. It outlines key forces of change that will shape the landscape of learning over the next decade. The forecast does not predict what will happen, but rather serves as a guide to the as-yet-unwritten future. It is designed to help you see connections among things that once seemed unrelated and to help you consider the changes and challenges that you are facing today within the context of wider patterns of change."

My suggestion is to start here http://www.futureofed.org/request-copy/ to create a login so you can download your own copy of this report. Share it with your Administrators. Talk about it in your next faculty meeting and in the lunchroom. Have a copy of the k12 Horizon report, too. This is good stuff.

Y' know, I just read (on one of the many sites I just skimmed) a rhetorical question that said something like, "Do you have to be a Principal to lead a school?" I would have to argue that no, you don't. You just have to be a leader. Be the change that you want to see in others, as Ghandi would say. Be a lifelong learner. Share your learning. Encourage others to think about and share their learning, as well. Lead these kinds of discussions that focus on the role of education in this rapidly changing world. When you're in meetings and the question comes up, "Does anyone have anything else to share?" you say yes, and you share what you've been reading and learning. Sned articles like this to your fellow teachers along with a question about the article that causes them to read the article closely. You will become known as the person who is a forward thinker, and one who is focused on the profession of being a teacher, and you will, in fact, lead your school by example.



You CAN do it!

Empat Tingkatan Kekuatan berdasarkan Pekerjaan Seseorang

Apakah anda setuju ataukah tidak dengan pendapat berikut :

Ada 4 tipe pekerjaan yang berlaku di masyarakat dan menjebloskan kita ke masing-masing tipe /level pekerjaan itu :

1. Teknik / Teknis.
2. Ekonomik.
3. Hukum.
4. Dewan atau tingkat wakil rakyat.

Orang orang teknik ternyata paling bawah levelnya, mereka diperintah untuk benerin ini itu, ngecek ini itu, dan memastikan semua berjalan baik.

Orang ekonomi menguasai orang teknik, manajemen kebanyakan dilakukan oleh orang-orang yang tau ekonomi dan yang mampu memanajemen penghasilan.

Orang Hukum tentunya diatas orang ekonomi dan juga teknik levelnya. Keputusan keputusan yang ada tentunya harus menaati hukum yang ada. orang ekonomi dan teknik tidak boleh melaksanakan sesuatu pekerjaan yang melanggar hukum tentunya.

Diatas semuanya ada level yang banyak direbutkan di dekat dekat Pemilu, yaitu Dewan atau wakil rakyat. Mereka lah yang merancang dan membuat undang-undang atau peraturan yang dilaksanakan orang Hukum, dan dipatuhi orang ekonomi dan teknik juga !!!


Dibalik semua ini ternyata ada orang yang memiliki 2 level atau lebih sekaligus, misalnya:
  • orang ekonomi yang mengerti teknik
  • orang hukum yang tau ekonomi, atau
  • wakil rakyat yang tau teknik komputer.

hal itu hanya contoh, semua orang tentunya ingin mereka ada pada lebih dari 1 level agar tidak ditipu oleh orang orang level lain.

Saturday, April 18, 2009

Informix authentication and connections

The idea for this post comes from a recent discussion on c.d.i and also from checking the URL referrers that bring people here.
Most of this blog visits comes from Google or other search engines. And apparently there are a lot of questions about how Informix authenticates and establishes user connections.

I will try go give a generic overview on these subjects. I'll point out a few less known aspects of Informix authentication.
This article in no way tries to substitute the official documentation, but I hope this can be used as a concentrated information resource about the subject.


Authentication versus privileges

First, we have to create a distinction between two steps involved in a connection establishment.
As we all know, IDS and other databases have several privileges required for doing any action in the database.
At the first level we have Database level privileges. These are CONNECT, RESOURCE and DBA. Then we have object level privileges. For tables we have INSERT, DELETE, ALTER, REFERENCE and for column level we have SELECT and UPDATE
The list above is not exhaustive. The privileges relevant for this article are the database level ones. In particular the CONNECT privilege. Without it we will not be able to connect.
Privileges can be given using the SQL stament GRANT and removed with the REVOKE. Object level privileges can be GRANT'ed to individual users or to ROLEs. You can imagine ROLEs as groups and you can GRANT a role to individual users.

But let's get back on track. The purpose here is not to explain the privilege infra-structure, but to explain how do we connect to the database. I just explained the privileges because we need to go through two steps for establishing a connection:
  1. First Informix has to make sure we are who we pretend to be. This is called the authentication phase
  2. Second, Informix will check if the user we are defining in the connection has the required privileges to establish the connection.
    It cannot do the second step without first completing the authentication.
    To be able to connect we need at least CONNECT privilege on the database level. This privilege can be granted specifically to the user or to the special role PUBLIC which means "anyone"

User repositories

One very important aspect of Informix is that it doesn't use the concept of database only users. Any user in an Informix database must be recognized by the underlying OS (up to the current version at the time of writing which is IDS 11.50.xC3).
It's essential to know this in order to understand how it works. For example, if you want to create a user for Informix Dynamic Server usage, you have to create it in the OS or other repository, but you must make the OS aware of that user. And for users created in the OS, if you need to change their password you must do it using the OS tools.

Some people may consider this a big limitation, but the subject is a bit more complex than what it may look at first.
There are reasons for this requirement:
  • In an Informix stored procedure, you can call an OS command or script. This is done using the SYSTEM() SPL statement. This command will be run with the user identity that was used to establish the database connection.
    Other databases execute these commands as a specifically configured user or as the user running the database software. The way Informix works can give you a lot of flexibility, but the price for that is the need to have the user recognized at the OS level
  • When we ask the database server to print out the explain of a query using the SET EXPLAIN SQL instruction, Informix will create a file on the database server. The information is written by the database instance processes, so it has to be written on the server running the database.
    This files are written with the user ID used for the connection. The file is written on the current client directory for connections local to the database server and on the users $HOME for remote connections. Again, this requires a user created in the OS
  • The SET DEBUG FILE/TRACE ON SPL instructions have the same behavior and requirements

The above doesn't necessarily means we need to have the users in /etc/passwd (Unix/Linux). It means that getpwnam() must be able to retrieve the user info. This will happen transparently if you configure your system to use LDAP or NIS authentication.
So you can have a central user management infra-structure like LDAP, MS Active Directory or NIS. Informix also doesn't require the user to be able to establish a session (ssh or telnet for example) on the database server at the OS level. You can for example set the users Shell to /bin/false or use other means to prevent the users to connect to the OS.
To complicate things a little bit more, we should not confuse the need to have the user id recognized in the OS with the authentication mechanism. Since 9.40 Informix can use PAM for authentication. This gives you complete freedom to implement complex and sophisticated authentication methods. You can use whatever PAM modules you desire to implement the authentication, which means your Informix authentication doesn't have to be the same as your OS authentication.
But the user has to be known by the OS due to the reasons presented before. As a quick example, you can create your users with random passwords in the OS (not known to anyone) and configure IDS to authenticate your users based on files, or any remote process using PAM.

The fact that the user has to be known in the OS is generally accepted as an inconvenience, and as such I believe it's safe to assume that in a future version Informix will relax these requirements. It could probably accept connections from users not recognized by the OS (either authenticated internally or with PAM or both) and have some parameter to define a default user for the situations where it needs a user id.


Types of connections

Informix implements the following types of connections:
  • Trusted connections
    These connections are based on trusted relations between hosts. Basically the database server host is configured to trust the user if he connects from a specific host or list of hosts.
    As such, this connections can be established without providing a password or any other authentication mechanism. The way it works is exactly the same as the "r" services (rshell, rcmd, rlogin).
    The configuration is done using the network connectivity files, /etc/hosts.equiv and ~/.rhosts

  • Non trusted connections
    These connections are the standard type of connections. Typically we provide a user and a password that is used to check the identity. The password is checked against the user's stored password


  • Challenge/response based authentication using PAM modules
    Connections made to PAM configured ports (DBSERVERALIAS). PAM stands for Plugin Authentication Modules and can be used in any Unix/Linux system (AIX, HP-UX, Linux and Solaris)

  • Distributed query connections
    These connections can be considered trusted connections. But they're established implicitly when a client connected to instance "A" sends a query referencing instance "B".
    In these situation the IDS server "A" will make an implicit connection on behalf of the user, to IDS server "B". The connection authentication will follow the rules for implicit connections, or will use a different authentication mechanism if server "B" is setup with PAM authentication (more on this later)

Non trusted connections

We use non-trusted connections when we give a user id and a token (typically a password) that guarantees our identity (only the user should know it's personal authentication secret or password) . Meaning we have not only the user id, but also it's secret key.
These connections are used mostly in applications that use JDBC, ODBC, .NET, PHP (PDO), Perl (DBI) etc. These APIs require a connection string or URL, or use specific API connection functions. So we define the password in the string, or we provide is as an argument for the API connection function.
Here's an example of a JDBC URL to connect to an Informix instance:

jdbc:informix-sqli://ids_server_machine:9088/my_database;user=username;password=secret

In ESQL/C (embedded SQL/C - which is basically C language with SQL commands) or Informix 4GL we can use the CONNECT instruction:

CONNECT TO database@ids_instance USER <"username"|variable_user> USING <variable_password>


One important note, that allows me to show the two steps in a connection establishment: authentication and database open:
Typically in 4GL we use a "database test_auth" instruction. This, by default, makes the two steps by trying to make a trusted connection using the owner of the process.
But let's create a simple 4GL program to show the difference between authentication and the database opening phase. Here's the code (don't worry if you don't know 4GL, because these lines are self explanatory):

DEFINE username,password char(20)
DEFINE c CHAR

MAIN
PROMPT "Insert your username: " FOR username
PROMPT "Insert your password: " FOR password ATTRIBUTE ( INVISIBLE )
CONNECT TO "@cheetah2" USER username USING password
PROMPT "We are authenticated, but not yet connected to a database..." FOR CHAR c
DATABASE test_auth

PROMPT "Now we have an opened database!" FOR CHAR c
END MAIN


So, we're asking the user's name and password. Than we're CONNECTing to the server. Note that I didn't use a database name. This is a supported syntax, although not very frequently used.
After the connect, we then issue the usual "DATABASE" instruction. Let's see what happens when we run the program above. First the status of the IDS instance showing the existing sessions:

cheetah2@PacMan.onlinedomus.net:informix-> onstat -u

IBM Informix Dynamic Server Version 11.50.UC2 -- On-Line -- Up 09:52:57 -- 88064 Kbytes

Userthreads
address flags sessid user tty wait tout locks nreads nwrites
4780c018 ---P--D 1 informix - 0 0 0 69 559
4780c5f0 ---P--F 0 informix - 0 0 0 0 1032
4780cbc8 ---P--F 0 informix - 0 0 0 0 596
4780d1a0 ---P--- 5 informix - 0 0 0 0 0
4780d778 ---P--B 6 informix - 0 0 0 48 0
4780e328 ---P--- 17 informix - 0 0 1 315 224
4780e900 ---P--D 9 informix - 0 0 0 3 0
4780eed8 ---P--- 16 informix - 0 0 1 1286 1093
4780f4b0 ---P--- 15 informix - 0 0 1 189 3
47810060 Y--P--D 21 informix - 440cfe28 0 0 0 0
10 active, 128 total, 18 maximum concurrent


So... Only informix user system sessions. Now let's run the program (I'll do it as root):

cheetah2@pacman.onlinedomus.net:root-> ./test.4ge
Insert your username: fnunes

Insert your password: [......][ENTER]

We are authenticated, but not yet connected to a database...


The program is now holding at the first "PROMPT" instruction after the connect. Let's see the list of sessions:

cheetah2@PacMan.onlinedomus.net:informix-> onstat -u

IBM Informix Dynamic Server Version 11.50.UC2 -- On-Line -- Up 09:57:30 -- 88064 Kbytes

Userthreads
address flags sessid user tty wait tout locks nreads nwrites
4780c018 ---P--D 1 informix - 0 0 0 69 559
4780c5f0 ---P--F 0 informix - 0 0 0 0 1032
4780cbc8 ---P--F 0 informix - 0 0 0 0 596
4780d1a0 ---P--- 5 informix - 0 0 0 0 0
4780d778 ---P--B 6 informix - 0 0 0 48 0
4780e328 ---P--- 17 informix - 0 0 1 315 224
4780e900 ---P--D 9 informix - 0 0 0 3 0
4780eed8 ---P--- 16 informix - 0 0 1 1286 1093
4780f4b0 ---P--- 15 informix - 0 0 1 189 3
4780fa88 Y--P--- 61 fnunes 4 485bff38 0 0 0 0
47810060 Y--P--D 21 informix - 440cfe28 0 0 0 0
11 active, 128 total, 18 maximum concurrent

cheetah2@PacMan.onlinedomus.net:informix-> onstat -g ses 61

IBM Informix Dynamic Server Version 11.50.UC2 -- On-Line -- Up 09:57:39 -- 88064 Kbytes

session effective #RSAM total used dynamic
id user user tty pid hostname threads memory memory explain
61 fnunes - 4 15267 pacman.o 1 40960 37280 off

tid name rstcb flags curstk status
85 sqlexec 4780fa88 Y--P--- 5728 cond wait netnorm -

Memory pools count 1
name class addr totalsize freesize #allocfrag #freefrag
61 V 483c3028 40960 3680 68 7

name free used name free used
overhead 0 1672 scb 0 96
opentable 0 784 filetable 0 192
misc 0 64 log 0 16512
temprec 0 1608 gentcb 0 1232
ostcb 0 2632 sqscb 0 8192
sql 0 40 hashfiletab 0 280
osenv 0 1720 sqtcb 0 2208
fragman 0 48

sqscb info
scb sqscb optofc pdqpriority sqlstats optcompind directives
488a18a0 48558018 0 0 0 2 1

Sess SQL Current Iso Lock SQL ISAM F.E.
Id Stmt type Database Lvl Mode ERR ERR Vers Explain
61 - - - Not Wait 0 0 9.29 Off


So what do we see? We have a session, on behalf of user "fnunes" but the "Current Database" is not defined. So we've just gone through the authentication process with success.
Now, if I press ENTER on the program I'll force the program to execute the DATABASE statement and wait on the second PROMPT:

cheetah2@pacman.onlinedomus.net:root-> ./test.4ge
Insert your username: fnunes

Insert your password: [...] [ENTER]

We are authenticated, but not yet connected to a database... [ENTER]
Now we have an opened database!

ok... now let's look at the database session again:

IBM Informix Dynamic Server Version 11.50.UC2     -- On-Line -- Up 10:09:32 -- 88064 Kbytes

session effective #RSAM total used dynamic
id user user tty pid hostname threads memory memory explain
61 fnunes - 4 15267 pacman.o 1 49152 45544 off

tid name rstcb flags curstk status
85 sqlexec 4780fa88 Y--P--- 5728 cond wait netnorm -

Memory pools count 1
name class addr totalsize freesize #allocfrag #freefrag
61 V 483c3028 49152 3608 83 6

name free used name free used
overhead 0 1672 scb 0 96
opentable 0 1792 filetable 0 352
misc 0 64 log 0 16512
temprec 0 1608 gentcb 0 1232
ostcb 0 2632 sqscb 0 13712
sql 0 40 rdahead 0 832
hashfiletab 0 280 osenv 0 1720
sqtcb 0 2792 fragman 0 208

sqscb info
scb sqscb optofc pdqpriority sqlstats optcompind directives
488a18a0 48558018 0 0 0 2 1

Sess SQL Current Iso Lock SQL ISAM F.E.
Id Stmt type Database Lvl Mode ERR ERR Vers Explain
61 - test_auth CR Not Wait 0 0 9.29 Off


So, now we have a current database, in the same session.
This ends the description of non trusted connections using username and passwords. Pretty simple, just like in any other database server.


Challenge/response connections using PAM

Another kind of non trusted connections are connections established through PAM configured DBSERVERALIAS (specific ports where the instance will listen for connections).
I will not go into details about this, because I already wrote an article about it. In http://informix-technology.blogspot.com/2007/11/informix-user-authentication-pam-for.html I explain how to setup and give examples of challenge/response scenarios.

In summary, a non-trusted connection in Informix is similar to connections in other RDBMS. You supply a username and a token that certifies you're entitled to connect as that user.
Typically this token is a password. But with PAM this can be a much more complex item.
In IDS 11.50 we can also use single sign on with kerberos. Due to the complexity of this scenario I've left it out in this article.
Non trusted connections are used mostly in more recent applications, like Web based applications, Windows client applications, or script languages (PHP, Perl, Ruby etc.) languages.

Trusted connections

These connections are made without any token to confirm the user identity. It's assumed that the user is already identified on the client system and we configure the database server to trust that identification. Trusted connections are mostly used in applications created using Informix 4GL and Informix ESQL/C.
The definition of the trusts are done by configuration of the so called network security files. These files are /etc/hosts.equiv and the ~/.rhosts (.rhosts created in each users's home dir).
Before we dig into these files content, and what it means I have to make a parenthesis to deal with something I'd almost call a myth surrounding Informix trusted connections. If you look around on the Internet you'll easy find a lot of information about how insecure is to use these files. In particular, you may found explicit instructions to not use the ~/.rhosts file.
The main reasons for these are two facts:
  1. These files are not specific for Informix, and in fact they were created to configure a group of services, sometimes called the "r" services. These services are rexec (allows remote execution of a command) on TCP port 512, rlogin (allows remote login) on TCP port 513 and rcmd (all remote shell execution) on TCP port 514.
  2. Many of these services are considered insecure and have a long history of security flaws. The most famous worm also took advantage of some of these security flaws, and also from very relaxed security setup on many of the networks connected to the Internet at the time.

Why did I referrer before the "myth"? Well, many customers have the idea that since IDS uses the same files for trusted connections authentication that you need to be running the above services for it to work. This is completely false. I cannot stress this enough. Even in the official documentation, the administrator guide, is written:

To determine whether a client is trusted, execute the following statement on the client computer: rlogin hostname If you log in successfully without receiving a password prompt, the client is a trusted computer.


Although this is not wrong, it misses the point, and gives the idea that the rlogin service should be running. The above sentence, saying that if rlogin works the user is trusted, is true. But you can create a trust for an Informix connection without having the service(s) running. In this case you'll get a "can't connect error" instead of the password prompt when you run rlogin. And it doesn't mean it won't work with Informix.
I strongly believe Informix should not use these same files for defining it's trust relationships. But the concern that this usage raises is not really an issue. If you're concerned about security, you probably will not use the "r" services. Most of the sites which take security seriously have replaced them with ssh or something similar. So the truth is that these files should be useless in a modern system. And in this scenario, the fact that they're used by Informix should not be considered too critical, since nothing else should depend on them.


I hope this contributes to the disappearance of the "myth". Now let's see how we have to change the network security files in order to create the trusts.
The contents of the files should be similar to how you would configure "r" services trusts. Let's see the two files, because there some slight but very important differences.
  • /etc/hosts.equiv
    Each line in this file defines a trust relation. You can specify a host only, or a host and a user. This file is a system file. No user other than system administrator should have permission to change it.
    If you specify only the host name, you're saying that any user from the remote host is trusted to connect as the same user in the local host. If you specify a "+" (plus sign) this means "any host" and you should never do that...
    There is a significant difference between how Informix and "r" services interpret the file if you specify a hostname followed by a user name. For "r" services, this means that you trust the remote user on the remote system to connect as ANY user in the local system (except root). This is obviously a very serious issue... And by the way, "+ +" means any user from anywhere can login locally as any user! (don't try this even at home :) )
    Informix on the other hand interprets this as a way to specify user by user and not all the users. The remote user cannot connect as another local user without providing a username and password.
  • ~/.rhosts
    This file also includes a trust relation in each non comment line. This file, being in the user home directory, means that you allow the user on the local host to define who he trusts. Many systems verify that the file has no write permissions to the "world". In this case it ignores the settings.
    A line with a host and a username means that the specified username on the specified remote host can connect as the local user owning the .rhosts file. So, for "r" services, if you specify a host and user in /etc/hosts.equiv it means that user can connect as any local user. If you do the same in ~/.rhosts you're reducing the scope of local users that the remote user can authenticate as, to only the file owner
    For Informix, the interpretation is the same: The remote user can authenticate on the local machine, but without changing it's identity. It means that for example, if the local user is luser and it's ~/.rhosts contains "remotehost ruser", then this entry is useless because Informix doesn't have a way to specify the identity change in a connection attempt.

Some additional notes on these files:
  • You can specify negative entries. For example you could use the following in /etc/hosts.equiv:

    pacman -informix
    pacman

    This would allow all users from host "pacman" to connect except informix
  • An entry with a host name means "trust all users except root". A trust relation for root user has to be defined in it's .rhosts file.
  • The order of the entries is relevant. If we exchange the order of the entries in the example above, even informix will be allowed to connect. That's because a positive entry will be found first


Let's see some examples. I have two hosts (pacman and ids1150srvr). I'm running IDS on the ids1150srvr host. If I want to allow the user informix to connect to this instance from the pacman host I can do it in the following ways (these file entries are on the ids1150srvr host):

  • /etc/hosts.equiv:

    pacman
    pacman informix

    The first entry allows all users (except root) to connect from pacman. The second will allow only informix. But be aware that if you're running "r" services you're saying that informix on pacman can connect as any user (again, except root) on ids1150srvr.

  • ~informix/.rhosts

    pacman

Distributed query connections

We've seen a client/server trusted connection. But we have another situation where we must establish trusts between systems. That's the case when you need to join data from two Informix instances. The SQL syntax to do this will look like this:

SELECT
local_table.column, remote_table.column
FROM
table1 local_table, remote_database@remote_ids_instance:table2 remote_table
WHERE
local_table.join_column = remote_table.join_column;

Assuming we are connected to a "local_ids_instance" on ServerA, and that "remote_ids_instance" is running on ServerB, this query will establish a connection on "remote_ids_instance" from the "local_ids_instance". Informix will establish this connection on behalf of our user on "local_ids_instance". As such, our user must be trusted on ServerB when connecting from ServerA. Note that the trust is not done between our client and the ServerB. It's between ServerA and ServerB. If the "remote_ids_instance" is accessed through a normal Informix port, the authentication mechanism used is the same as for trusted connections.

The situation will be different if the "remote_ids_instance" port is configured with PAM. In this situation the trust configuration is done entirely through SQL instructions. IDS versions that support PAM also have a new system database. It's called sysuser. In it we have a table called sysauth with the following schema:


{ TABLE "informix".sysauth row size = 322 number of columns = 4 index size = 295 }
create table "informix".sysauth
(
username char(32) not null ,
groupname char(32),
servers varchar(128) not null ,
hosts varchar(128) not null ,
check (groupname IS NULL )
);
revoke all on "informix".sysauth from "public" as "informix";


create unique index "informix".sysauth_idx on "informix".sysauth (username,servers,hosts) using btree ;



This table is used to define trusts for distributed queries when the destination Informix instance is configured for PAM authentication.
We must specify the username, the hostname and the IDS server from where the connection is made. Note that this not only avoids the usage of the network security files but also provides more control. With the network security files we cannot specify the Informix instance originating the connection.

So, picking up the query above, and assuming the username is "fnunes" we would need the following configuration on ServerB for it to work:
  • Using /etc/hosts.equiv one of the following lines:

    ServerA
    # this would create a trust for all users from ServerA
    ServerA fnunes
    # This would restrict the trust in Informix for user fnunes.
    # But for "r" services it would allow fnunes to login as any user except root on ServerB

  • Using ~fnunes/.rhosts
    ServerA

  • Using the sysuser:sysauth table (if the port was configured for PAM):
    INSERT INTO sysauth ( username, groupname, servers, hosts) VALUES ('fnunes', NULL, 'local_ids_instance', 'ServerA');
Additional notes about sysauth:
  • Although the field names "servers" and "hosts" suggest you could use a list of servers or hosts the documentation says we should create one entry per user/server/host
  • The field "groupname" is not used currently as expected from the check constraint




Additional notes

There are a few less none configuration details about connections in Informix. Let's check them.
  • There are some options that we can specify in the sqlhosts file that control the way IDS deals with trusted connection attempts (for the specific ALIAS of the sqlhosts line).The options I'm referring to are "s=X". "s" stands for security on the server side. The following values are supported:
    • s=0
      Disables both hosts.equiv and rhosts lookup from the database server side (only incoming connections with passwords are accepted).
    • s=1
      Enables only the hosts.equiv lookup from the database server side.
    • s=2
      Enables only the rhosts lookup from the database server side.
    • s=3
      Enables both hosts.equiv and rhosts lookup on the database server side (default setting for the database server side).
    • s = 6
      Marks the port/ALIAS as a replication only (HDR or ER) port
      If you use the option s=6 on sqlhosts options field, than you can create a file called hosts.equiv in $INFORMIXDIR/etc, owned by informix:informix and only modifiable by user informix. This makes the informix user independent of the system administrator for configuring the trusts, and additionally doesn't interfere with "r" services if they're in use
  • There is another security option that defines if the client uses or not the .netrc file. I haven't yet mentioned the .netrc file... You can use this file so specify a user and password, per host that you want to connect. If you setup the file and try to make a trusted connection you'll instead make a non-trusted connection. An example of this file content would be:

    ids1150srvr login fnunes password mysecret

    This would connect you as user "fnunes" using password "mysecret" if you attempt to make a trusted connection to an Informix instance running on host "ids1150srvr". You can have several lines, one for each host you connect to.
    There are obvious security issues derived from having a password in a file...
    The option that specifies if the client libraries will look and use this file is the "r=X" settings on the sqlhosts options (client side):
    • r=0 it ignores the .netrc file
    • r=1 it looks at the .netrc file when a client program tries to make a connection without using username and password

Windows specific information

In MS Windows, the network security files are used in a similar way, but they're in different locations. /etc/hosts.equiv becomes %SYSTEMROOT%\system32\drivers\etc\hosts.equiv.
The .rhosts and .netrc should exist in the users HOME

Common error messages

The following is not an exhaustive list of connection errors, but a small list of the more common ones with a very brief comment. For more information about each one consult the documentation or use "finderr errorcode":
  • -908 Attempt to connect to database server (servername) failed.
    Usually means some problem on the TCP level. Either your server is not running or you have your client SQLHOSTS points to the wrong server or port
  • -930 Cannot connect to database server servername.
    Typically the client cannot obtain the server IP address. Check your DNS configuration.
  • -951 Incorrect password or user user@host is not known on the database
    You can get this error on the server side (online.log) and on the client side.
    On the server side it means the user does not exist.
    On the client side you'll see these error in three situations.. The same error is sent to the client side on different situations in case someone is trying to guess a user or password. The database system administrator can see the real problem. The situations where the error is sent to the client are:
    • The user does not exists on the database server
    • The user's password cannot be validated, although the user exists
    • The user exists, but you're trying to make a trusted connection and the trust is not setup correctly
  • -952 User ()'s password is not correct for the database server.
    This is the error given on the server side when the user password did not validate successfully
  • -956 Client client-name or user is not trusted by the database server.
    Server side error when a trusted connection fails because it's not properly setup
  • -1809 Server rejected the connection.
    This is the only error you'll see when a connection to a PAM configured server happens. In order to understand what went wrong you have to check the PAM stack modules messages
  • -25596 The INFORMIXSERVER value is not listed in the sqlhosts file or the Reg
    The INFORMIXSERVER you're trying to connect is not properly defined in you configured SQLHOSTS
Summary

I really hope this article covers most practical aspects of connection establishment in Informix. There are several aspects I left out for simplicity. These include:

  • Single sign-on (introduced in IDS 11.50)
  • Password encryption
  • SSL connections
These topics may be covered in future articles. You can find more information about Informix connection setup in the Administrator Guide and the Security Guide.

Computer Business Ideas for Getting More Steady, High-Paying Clients

Are you trying to come up with computer business ideas that will get you the stable revenue you need to survive, even in challenging economic times?

Many new and inexperienced computer business owners spend most of their time and energy chasing down one-shot-deal customers and keeping their fingers crossed that these clients will call them again in a few months or a few years. If you are relying on this same business model (or lack thereof!), you are headed down a dead-end street.

You can’t build a successful computer business around the needs and wants of one-shot deal customers. First of all, it is just not financially viable to spend all that time and money acquiring customers for one-shot deal transactions. But secondly, you are going to drive yourself crazy waiting for the phone to ring and constantly find yourself scrambling to make ends meet. The answer to your problems is to get steady, high-paying clients on lucrative annual service agreements.

Consider the following 3 computer business ideas about why service agreements are the way to go if you want a more stable, predictable, profitable client base and business.

1. Annual Service Agreements Give Your Business Stability. When you scrap the one-shot deal, short-sighted computer business ideas and pursue more lucrative annual service agreement clients, you give your business the recurring revenue, stability and predictability that it so desperately needs. Annual service agreements are also vital prerequisites to have in place when contemplating major expansion, such as hiring new staff or opening up a new office.

2. Service Agreements Help You Plan an Exit Strategy. You might think the beginning of the life of your new business is not the time to plan its end. But there is no more perfect time! If you ever want to be able to sell your computer business -- for example, if you move, get bored, get burnt out, or get disabled -- the list of your clients on annual service agreements become one of your company’s few tangible assets. Of course, the overall valuation of your company is best left to an expert, such as your trusted accountant. So make sure you do this as you start to set up your service agreement program and business plans.

3. Understand the Math Behind Service Agreement Clients. As an example, if your company has been averaging $200,000 in pure consulting revenue over the last three years and ¾ of that ($150,000) is locked in on annual service agreements, this is a pretty nice asset for someone looking to acquire at a multiple of your overall gross service revenue. As you consider other computer business ideas besides those based on on-going service agreements, think of the flip side of this concept: how much will a competitor pay to purchase a list of one-shot deal customers that only call once in a while? Even if your company has some decent revenue track record, without annual service agreements, you don’t have that $12,500 head-start on revenue each month ($150,000/year divided by 12 months). When you don’t have annual service agreements, you will be literally starting from scratch every single month.

At the end of the day, or the end of your interest in owning your own business, your list of service agreement clients becomes a very valuable, tangible asset and one that should be continually cultivated and strengthened.

With all the compelling evidence in support of service agreements, why would you possibly consider computer business ideas rooted in other concepts?

In this short article, we talked about 3 reasons why you should build your computer business around the needs of your clients on service agreements. Learn more proven computer business ideas that can help you get great, steady, high-paying clients now at the attached link.

Copyright (C) ComputerBusinessIdea.com All Rights Reserved

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Sweet Tomatoes Printable Coupons