(Videos) How can the TowsonGlobal Business Plan Competition Change your Life?

January 24, 2012

Clay

With the deadline for TowsonGlobal’s second business plan competition just around the corner, I sat down with several people to talk about the competition.  In the first video, I talked with Towson University’s Outreach and Partnerships Coordinator Kelsey Beckett about the competition’s purpose, how it impacts the region’s entrepreneurial community, the many ways it provides entrepreneurs with resources that will be beneficial over the long run, and what participants can expect if they win.

Additionally, I talked with the two winners of the 2011 competition, Ben Walsh, owner of PureBang Games and Lisa Drouillard, founder of My Hopeful Journey, to gain insights on how participating in and winning the competition impacted their business plans and helped move their businesses forward.   Both Lisa and Ben believe that part of what made them successful, was the mentoring and support from experts and guidance throughout the various stages of the competition.  Both also found that access to the broad range of resources and connections at the incubator were truly helpful.

Submissions already have started coming in for this year’s competition, so be sure to get those executive summaries in by February 6, 2012.  We are excited to see which innovative business ideas will advance to the final round, and we will announce the five finalists on February 20.

To ensure that each finalist has the best possible chance, they all will attend a presentation boot camp in March and each will be assigned an individual coach from SCORE, which will help prepare them for the final presentations to the judges on May 2.

For more information visit the Business Plan Competition page on our website or email us at info@towsonglobal.com

Leave a Comment » | Entrepreneurship, Events, IT | Tagged: | Permalink
Posted by Clay Hickson

ArcGIS Server 10 Migration and WFS Services

December 20, 2011
Jeremy

Jeremy Monn

As readers of Ashley Buzzeo’s latest blog post already know, Towson University’s Center for GIS (CGIS) has migrated its hosted ArcGIS Servers from ArcGIS Server 9.3 to ArcGIS Server 10.  As the migration took place all GIS services were reviewed to make sure they were functioning properly.  While most services were converted without issue a handful would not start post-migration.  After several hours of troubleshooting, the problem was identified as being related to a unique subset of WFS-enabled map services.

What was interesting about this problem was that several WFS-enabled map services worked properly after the migration while a few did not.  Knowing this, I knew that the problem’s solution existed in understanding how the functioning and malfunctioning WFS-enabled map services differed.   By comparing the information contained in the REST endpoints for a functioning and malfunctioning WFS-enabled map service I noticed one difference: the functioning WFS-enabled map service had unique field aliases while the malfunctioning WFS-enabled map service had two fields that had the same alias.  Making the malfunctioning map service’s field aliases unique solved the problem as I was able to start the service and confirm it worked properly.   All the other malfunctioning WFS-enabled map services were also explained by duplicate field aliases.

While this blog touched on only one issue related to ArcGIS Server 10 migration, there are many other issues that one may experience.  Visit ESRI’s Migration to ArcGIS Server 10 page as a starting point for answers to other migration-related questions you may have.

Leave a Comment » | IT, Mapping, Web Services | Tagged: , , , | Permalink
Posted by Jeremy Monn

Guest Blog: A Time to Give – ArcGIS Online Research Leads to Volunteerism Mapping Application

December 13, 2011

Michael Bentivegna

Doesn’t it seem like the pace of life is getting faster and faster, and that technology is at least supporting this change, if not causing it? With every time-saving productivity gain that technology provides, the expectations for the speed and the amount of work to be completed in any time frame seem to just increase.  Within the field of GIS (Geographic Information Systems), this expectation is being driven by consumers that want to search for and view information in a spatial context (a map). In the world of media mashups, the publishing of new GIS data and applications is expected in a few weeks, if not days, and updates are expected to be nearly instantaneous.

For GIS professionals, Esri’s ArcGIS Online comes to the rescue or further enables this trend (depending upon your perspective). This platform enables the discovery, sharing, and display of GIS data in a free cloud-based software-as-a-service, social GIS ecosystem. In plain speak, it allows you to create map data mashups with great Esri hosted/developed basemaps and lots of national and global scale GIS data. In the past few months, Esri has added the capability to upload basic spreadsheets with address information and other data in GIS formats that are processed and made available through the site. They even offer templates to provide simple applications with functions like search, measure, identify, and social media integration. All of this can be shared within a group of your choosing or out to the greater public, embedded in your website. Exciting stuff!

A few weeks ago I had the opportunity to dig into ArcGIS Online so I could share the new capabilities to CGIS’s staff in a brown bag lunch, and I am glad I did. Later the very same day, I was in a meeting with the Maryland State Geographic Information Officer (GIO), Barney Krucoff, where we were asked to assist with a hurry-up effort to push information about volunteer locations out to the public for the holidays. After listening to the requirements of rapid and ongoing development of volunteer location data by interns and the need for a simple application to find the sites, I mentioned that this was a perfect project for ArcGIS Online. With the go-ahead given to investigate, I took a draft cut of the volunteer locations that the interns had compiled in Google Docs and within a few hours had the data set up on ArcGIS Online for review. Within a week of data refinement by the interns, investigation of the data update workflow process, and tweaking of the template application, we had the end product mapping application ready to be embedded in Governor O’Malley’s Maryland Stronger Together website. With the site up and running, the interns were trained to edit and update the data using ArcGIS Online tools, and the site was released to the public a few days later. You can see the map under the locate charitable organizations near you link in the website above. This is a great example of success in meeting the new accelerated expectations, and in this case, with free hosting.

I happily followed an interoffice email thread a few weeks after the Maryland Stronger Together site was launched, wherein team members were looking for an organization for DECO to donate food to this year (as we have done for the past several years). Without any prompting on my part, the site was used to find the nearest location to donate. I hope that in this time of need and giving, this tool might make it that much easier for you to find a place to donate to or to volunteer for during this busy holiday season.

View the Maryland Stronger Together map in mobile device.

2 Comments | Community Outreach, IT, Mapping, Web Services | Tagged: , , , , | Permalink
Posted by Guest Blogger

DECO is “Going MO-BILE”

December 7, 2011

Dawn

At the risk of offending some of you our dear readers, I will confess I am not a big WHO fan.  However I do think they may have been a bit clairvoyant, because back in 1971 they sung about “Going Mobile”.   With smartphones and tablets in everyone’s hands (even my  64 year old mom has one) and Wi-Fi practically everywhere, mobile is the way we are all going.  DECO recently formed Mobile Task Force.  This cross-division group has been tasked with determining how to move DECO into the mobile arena, best practices for mobile and what tools and skills will help us make progress!

As we started down this mobile path the first thing we needed to do was to determine what mobile means.  There are mobile friendly website and mobile applications.  Both are for use on mobile devices (phone, tablet, etc.), but the similarities end there.

A mobile App runs on smartphones and other mobile devices. Mobile Apps help users by connecting them to Internet services more commonly accessed on desktop or notebook computers, or help them by making it easier to use the internet on their portable devices. However, it should be noted that the internet is not always required for an App to work. A mobile App may be a mobile Web site bookmarking utility, a mobile-based instant messaging client, Gmail for mobile, GIS or navigation applications and many others.

A mobile friendly website is a website that is easily accessible and viewable from a smart mobile phone or tablet via the mobile web.   It is easier to drive advertising traffic to a mobile landing page than it is to drive traffic to an App store to complete a download before visitors are able to interact with your content.  Additionally, mobile friendly websites are better for delivering maps or GIS capability as they do not require local device storage of data which would need to be updated frequently.

Mobile Apps and mobile friendly websites focus more on user experience rather than bells and whistles.  Apps are designed to fulfill a need and provide a valuable easy to

navigate function, while mobile friendly websites provide information in a quick, clean and organized fashion.  The design of both of these is of the utmost importance, while the technology exists and needs to be utilized correctly.

Image credit: Ambro

Both mobile Apps and mobile friendly websites are important and both have their niche.  For instance Apps are better for utilities and games, while mobile friendly websites are a better choice for delivering content, catalogs and shopping functions and mapping applications since that content is accessible by search engines.

This mobile endeavor is exciting and challenging for our entire team.   With a few mobile projects in the works (look for our DECO mobile site soon), DECO is gaining the knowledge and experience needed to help our old and new clients establish their own mobile presence.  As we bring more mobile projects to life, we will be sure to let know how well DECO is doing “Going Mobile”.

1 Comment | IT, News, Projects, Web Services | Tagged: , , , , | Permalink
Posted by Dawn Bott

SQL Injection: A Mid-Tech Explanation

November 21, 2011

Timothy

A lot has been written in the last few years about application security.  One of the most popular sub-topics in this arena has been a scheme called SQL injection.  SQL Injection is a scheme whereby a hacker uses knowledge of database technology combined with flaws in the program design to allow them a level of access to data that is beyond what was intended in the applications design.

A database is a program that manages a repository of information.
A database, more properly a relational database management system, is a process that runs on a computer.  It stores data in tables which are comprised of rows and columns, similar to a spreadsheet.  Each row is referred to as a “record” and each column is referred to as a “field”.
Modern database management systems provide many data functions for manipulating both the data and the table structure.

A database is a program that manages a repository of information.  The database can answer questions and requests for information.
The principal function that most users are involved with is the storing and retrieval of records.  In order to retrieve a record or records, a request command, known as a “query”, is sent to the database.  This request specifies what table the records is stored in, and what the identifying characteristics of the desired record are.  This is similar to asking someone to go to the kitchen, look in the pantry, and bring you the box which has rice in it.

Image credit: jscreationzs

A database is a program that manages a repository of information.  The database can answer questions and requests for information. Questions are asked using the Structured Query Language (SQL).
The SQL language was developed in the early 1970s by IBM but was not used commercially until Relational Systems (now Oracle) incorporated it in the initial release of the Oracle database system.  A query in the SQL language takes the form of several clauses, most commonly the SELECT clause the FROM clause and the filter, or WHERE clause.  Assume a table exists that is called “books” and contains fields named “title” (which stores the title of the book), “publication_date” (which stores the date the book was published), and “author” (which stores the name of the author of the book).  In this case a SQL query that was designed to return the title and author of all books written in the year 2003 would look something like this:

SELECT title, author
FROM books
WHERE publication_date = 2003;

There are other clauses which can be included in our query to do things such as sort the data.  In many programs and more importantly in the processing that occurs behind many interactive functions on web sites, there is a database that is doing some of the work.  A extremely simple example of this would be a web page that allows a user to enter a book title and returns the name of the author and the date of publication.  In order to do this the web page must provide the database with the information the user entered.  This is done by having the web page generate a SQL statement which, assuming the user entered “Ogden Nash” as the input, would look something like this:

SELECT title, publication_date
FROM books
WHERE author = ‘Ogden Nash’
ORDER BY publication_date;

A database is a program that manages a repository of information.  The database can answer questions and requests for information. Questions are asked using the Structured Query Language (SQL).   The database will answer any question asked of it.
It’s that last one that’s a problem.  Presuming that our user has a knowledge of the SQL language and a heart full of evil intentions, rather than an author’s name, they might enter something like “: SELECT * from users;: –“.  The web page will assume that the input is an authors name and place it in the SQL statement making a final SQL statement that looks like this:

SELECT title, publication_date
FROM books
WHERE author = ‘: SELECT * from users;: –‘
ORDER BY publication_date;

What has actually happened here is that the first character in the users input (the colon) is how individual requests in a SQL statement are separated from each other.  The SQL statement now contains three queries for the database to answer.  The first query:

SELECT title, publication_date
FROM books
WHERE author = ‘:

is an incomplete statement and can be anticipated to cause an error message to be returned from the database.  Just for an example let’s say that message is “SQL Syntax Error (#71421)”.  The third query:

–‘ ORDER BY publication_date;

will be ignored because the two dashes that begin the statement identify it as a comment that is not intended for execution.  It is the second query:

SELECT * from users;

that contains the threat.  In this example, assuming the existence of a table named users in the database and contains fields for the name and password of each user of the system the web page that was intending to display a list of books by a certain author would actually display something like:

SQL Syntax Error (#71421)
Joe                   MyPassword
Elizabeth         HerPassword
Dan                  TopSecret

If there is no table named users, “…well, maybe they called it ‘passwords’ instead”, thinks our hacker and tries again.  He will ultimately be able to access any data in the database that the application he is using as a conduit can access.

How can I prevent this stuff?
There are three rules of thumb to make your database more difficult to access through a SQL Injection type of attack.

First, minimize your exposure. The attack described here is deliberately simplified in order to clearly show the problem.  The technique of assembling a SQL statement from a combination of static text and user input is called “dynamic SQL”.  In many situations this dynamic SQL can be replaced with a database function called a stored procedure.  In a stored procedure user input is supplied in the form of parameters that are referenced by the function but are not included in the actual SQL statements that are executed.  Thus an attacker will not have a way to submit SQL queries of their own design to the database for processing.

Second, never, ever trust user input.  Include routines that examine the input looking for characters (such as colons) that are not expected.  Very few authors have colons in their name.  Other phrases and punctuation should also be looked at with a grain of salt.  Input that is anticipated to be numeric should be checked to verify that it doesn’t contain any text.  This will strengthen the application and prevent input errors caused by innocent typos on the part of the user.

Image credit: Salvatore Vuono

Third, don’t be too predictable.  Avoid table and field names such as “password” or “SocialSecurityNumber” or table names such as “CreditCards” in your database.  Such names simply shout “I contain sensitive information” to an attacker.

SQL Injection, and secure application design are large subjects.  My next blog will take a more in-depth look at each of these techniques and discuss where and how to use them to protect your applications in production.

Leave a Comment » | IT | Tagged: , , , , | Permalink
Posted by Timothy Brooks

Towson Students Win Maryland Cyber Challenge and Scholarships

October 27, 2011

Kelsey

Cyber attacks continue to be a serious and growing threat to our nation’s governments and businesses. In turn, it has become a growing workforce need, especially in the Maryland-D.C. region.  The Maryland Cyber Challenge and Conference hopes to mitigate these threats and develop high school and college students with an interest in computers into cyber security experts. This year’s Conference was held October 21 and 22 at the Baltimore Convention Center. Eight college teams competed in the Cyber Challenge, held on Saturday October 22, but in the end it was TOWSON UNIVERSITY that took home First Place!

However, the road to victory was not an easy one. As Professor Michael O’Leary, team advisor, explains, “the competition between UMCP, UMBC and Towson was extremely close – when the scoreboard was turned off, each of the three teams had roughly 35,000 points, with Towson first and UMCP and UMBC tied and just 300 points behind.”

After two online qualifying competitions and the all-day event on Saturday, Towson University came out ahead. The members of TU’s team are Andrea Mobley (Captain), Brian Cather, Jonathan Fragale, Dustin Hanks, Dennis Hayden, and Roberto Melendez.

In addition to the pride of winning, each student received a $5,000 scholarship from the National Security Administration and will be offered a summer internship with SAIC, a science and engineering firm. These two fantastic prizes will help expand the student’s knowledge and experience in the growing Cyber Security field.

Image credit: jscreationzs

Team captain Andrea Mobley said of the win, “I think our win over two graduate teams (one of which is a University of Maryland team) and the rest of our competitors (Capitol College, University of Maryland Graduate students, University of Maryland Undergraduate students, Goucher, University of Maryland Baltimore County, University of Maryland University College, and a group of collective students) keeps Towson University on the radar for the national competition in February and for employers looking to hire security professionals.”

Be sure to read the Baltimore Sun article to learn more about the event!

Leave a Comment » | Events, Homeland Security, IT, News, Students, TU Faculty & Staff | Tagged: , , | Permalink
Posted by Kelsey Beckett

Adventures in Surveying

October 20, 2011

Dawn

Adventurous is not a word people would use to describe me.  Solid, dependable, typical, predictable… they would work.  I usually like to do things the same way. If I know how to do something, why try something different.  Not a good mantra when you work in a tech industry. So when a client approached us this summer about trying to get a lot of information, from a lot of different people, who are not close by, in a short amount of time, the Center for Applied IT (CAIT) decided that our standard interview method may not be the best approach.  Here was an opportunity to try something different, and we decided to take a leap of faith using a survey tool.

For this project, CAIT needed to quickly identify IT resources overseen by one of the counties. Time was of the essence so we thought how could we get the information, eliminate or greatly reduce data entry and be able to manipulate the data easily. After looking at some of the commercially available tools, we found that a simple survey tool would do the trick. Aaron Guy at the Center for Professional Studies (CPS), another Division of Economic and Community Outreach (DECO) unit, came to our rescue since they were currently using a survey tool that would easily meet our needs.

After obtaining the client’s approval, Lisa Walker, Bill Hansman and I set to work. The tool allowed us to ask questions that could be answered using text boxes, radio buttons (for a single entry) or check boxes (for multiple entries). We developed questions, organized our survey and launched it in only a few weeks.

Launching the survey was simple too. We provided our client with the URL and some basic instructions.   Our immediate feedback was minimal. A few questions, but for the most part the users found it easy to use and the questions to be straightforward. Next, we downloaded the information into an Excel spread sheet and now we are working to discover all the information our survey results hold.

No new adventure is complete without discovering some pitfalls. Here is what we have learned so far:

  1. Fewer more targeted questions would have been better, making the survey more concise
  2. Make every question mandatory would have been helpful
  3. Limit free form text box use, because some participants became a bit wordy, making it hard to discern facts.

Overall, we really enjoyed developing the survey. It was fun to create the questions and to then reap the rewards of our efforts through the data we retrieved, data that we did not have to manually enter!

Since our first survey experience, we have upgraded the tool we are using and are looking for more opportunities to leverage this new skill.   I can’t wait to share this tool with another client and to survey again!

1 Comment | Business Analysis, IT, Project Management, Projects | Tagged: , , , , | Permalink
Posted by Dawn Bott

VIDEO: Education Meets the Workforce – Student Interns Get Hands-on GIS Experience

October 11, 2011

Jenn

Our newest Education Meets the Workforce video features student interns from Towson University’s Center for GIS. The interns, Justin Mannion, James Parmeter, and Alex Stapleton, work closely together on data collection processes in connection with the Maryland Broadband Map project. The Maryland Broadband Map allows residential and business consumers to discover the high-speed Internet services and providers in their neighborhood, anywhere in Maryland.

Watch the video to learn more about how the interns are contributing to the Maryland Broadband Map Project and to other projects at CGIS.

1 Comment | Community Outreach, Economic Analysis, Education, IT, Mapping, Marketing, News, Students, Training, TU Faculty & Staff | Tagged: , , , , , | Permalink
Posted by Jenn Lake

Timothy Brooks: What I Like Most About My Job

September 12, 2011

Timothy

In the process of establishing myself as a new contributor to the DECO blog, I was asked to give answers to some questions that the blog managers will use to put together a profile.  There were a page full of questions, a number of which pertained to personal trivia, but there was also a question that caused me to ponder something that I hadn’t given much thought to for a while.

The question was “What do you like most about your job?”  The anticipated answer on the questionnaire was a sentence or two, which was what I wrote there.  But I would like to take this first writing opportunity to answer the question more fully, because I think it will provide a perspective for further articles.

What do I like most about my job?  Since I am approaching a decade with the organization there must be an answer to the question.  It was obvious to me that there had been many projects which I had truly enjoyed because of some challenging technical aspects.  I’m a computer geek, that’s what we like.  But the challenges that I have found inspiring and that have brought out my best contributions were the ones that focused our organizations unique potential to fill a true need.

During my time with the software development group of DECO our name has changed several times, but the focus has remained the same, applied information technology.  Applied IT means using existing and emerging technologies to solve defined problems and meet established needs.

The first project that I worked on when I was starting with the group was aimed at providing interactive website technology to several Maryland state agencies.  Access to this technology allowed the agencies to make information and transactions from their existing data systems available on an intranet.

Image credit: jscreationzs of FreeDigitalPhotos

The same purpose driven use of technology has been the core of one of the most recent projects I have been involved with as our group has worked with Dr. Jonathan Lazar from Towson University’s Computer and Information Sciences department in his efforts to develop and test a CAPTCHA challenge that is accessible and achievable for blind computer users.

There have been many other projects but the pattern remains the same, technology to solve problems and enable people to do more things, more easily.  I like my job because I find that rewarding.

Leave a Comment » | IT, Projects, TU Faculty & Staff | Tagged: , , , , , , | Permalink
Posted by Timothy Brooks

Lessons Learned III: Creating a KML-Enabled ArcGIS Server Map Service

September 6, 2011
Jeremy

Jeremy Monn

Apparently my favorite topic to blog about is creating a KML-enabled ArcGIS Server (AGS) map service, because I find myself writing about the same topic even though I have written about this topic in two previous blog posts.  The impetus for writing about this topic a third (and hopefully final) time is that I found myself troubleshooting a KML-related issue that I am sure other GIS practitioners have or will come across.   Provided below is a description of each issue and its solution.

ISSUE ONE

When panning to a new location in Google Earth, the data that the KML-enabled AGS map service references disappears.

Explanation

The problem here likely stems from how the KML file was configured when it was created from an AGS map service.   There are specific configuration settings that deal with when or how a refresh of the KML file occurs.  In this case, one should configure the KML file so that it refreshes once the user stops panning.

Solution

Open the KML file with a text editor and search for the <viewRefreshMode> tag.  Make sure the value inside this tag is set to “onStop”.  Additionally, if any <refreshMode> and <refreshInterval> tags exist remove them if you want the refresh to be solely triggered by a user panning.

ISSUE TWO

The KML-enabled AGS map service used returns a URL when a feature is identified in Google Earth, but the URL does not work.

Explanation

An obvious reason why this might occur is because the URL provided in the dataset’s attribute  table was entered incorrectly.  Another less obvious reason is that special characters in the URL are being replaced by other characters.  For example, the “&” character may be replaced by the “&amp” string.

Solution

Obviously if the data was entered incorrectly in the source data’s attribute table then one has to correct the mistake.  However, when one has an issue where the “&” character is being replaced    by the “&amp” string then one should find out what MXD is being used for the AGS service,      save it as a MSD file, and re-point the AGS service to the newly created MSD file.  Once the AGS service is refreshed, the URLs should be correct in the service’s KML file.

Leave a Comment » | IT, Mapping | Tagged: | Permalink
Posted by Jeremy Monn

« Previous Entries
Follow

Get every new post delivered to your Inbox.