Guest Blog: A Time to Give – ArcGIS Online Research Leads to Volunteerism Mapping Application

December 13, 2011

Michael Bentivegna

Doesn’t it seem like the pace of life is getting faster and faster, and that technology is at least supporting this change, if not causing it? With every time-saving productivity gain that technology provides, the expectations for the speed and the amount of work to be completed in any time frame seem to just increase.  Within the field of GIS (Geographic Information Systems), this expectation is being driven by consumers that want to search for and view information in a spatial context (a map). In the world of media mashups, the publishing of new GIS data and applications is expected in a few weeks, if not days, and updates are expected to be nearly instantaneous.

For GIS professionals, Esri’s ArcGIS Online comes to the rescue or further enables this trend (depending upon your perspective). This platform enables the discovery, sharing, and display of GIS data in a free cloud-based software-as-a-service, social GIS ecosystem. In plain speak, it allows you to create map data mashups with great Esri hosted/developed basemaps and lots of national and global scale GIS data. In the past few months, Esri has added the capability to upload basic spreadsheets with address information and other data in GIS formats that are processed and made available through the site. They even offer templates to provide simple applications with functions like search, measure, identify, and social media integration. All of this can be shared within a group of your choosing or out to the greater public, embedded in your website. Exciting stuff!

A few weeks ago I had the opportunity to dig into ArcGIS Online so I could share the new capabilities to CGIS’s staff in a brown bag lunch, and I am glad I did. Later the very same day, I was in a meeting with the Maryland State Geographic Information Officer (GIO), Barney Krucoff, where we were asked to assist with a hurry-up effort to push information about volunteer locations out to the public for the holidays. After listening to the requirements of rapid and ongoing development of volunteer location data by interns and the need for a simple application to find the sites, I mentioned that this was a perfect project for ArcGIS Online. With the go-ahead given to investigate, I took a draft cut of the volunteer locations that the interns had compiled in Google Docs and within a few hours had the data set up on ArcGIS Online for review. Within a week of data refinement by the interns, investigation of the data update workflow process, and tweaking of the template application, we had the end product mapping application ready to be embedded in Governor O’Malley’s Maryland Stronger Together website. With the site up and running, the interns were trained to edit and update the data using ArcGIS Online tools, and the site was released to the public a few days later. You can see the map under the locate charitable organizations near you link in the website above. This is a great example of success in meeting the new accelerated expectations, and in this case, with free hosting.

I happily followed an interoffice email thread a few weeks after the Maryland Stronger Together site was launched, wherein team members were looking for an organization for DECO to donate food to this year (as we have done for the past several years). Without any prompting on my part, the site was used to find the nearest location to donate. I hope that in this time of need and giving, this tool might make it that much easier for you to find a place to donate to or to volunteer for during this busy holiday season.

View the Maryland Stronger Together map in mobile device.

3 Comments | Community Outreach, IT, Mapping, Web Services | Tagged: , , , , | Permalink
Posted by Guest Blogger

DECO is “Going MO-BILE”

December 7, 2011

Dawn

At the risk of offending some of you our dear readers, I will confess I am not a big WHO fan.  However I do think they may have been a bit clairvoyant, because back in 1971 they sung about “Going Mobile”.   With smartphones and tablets in everyone’s hands (even my  64 year old mom has one) and Wi-Fi practically everywhere, mobile is the way we are all going.  DECO recently formed Mobile Task Force.  This cross-division group has been tasked with determining how to move DECO into the mobile arena, best practices for mobile and what tools and skills will help us make progress!

As we started down this mobile path the first thing we needed to do was to determine what mobile means.  There are mobile friendly website and mobile applications.  Both are for use on mobile devices (phone, tablet, etc.), but the similarities end there.

A mobile App runs on smartphones and other mobile devices. Mobile Apps help users by connecting them to Internet services more commonly accessed on desktop or notebook computers, or help them by making it easier to use the internet on their portable devices. However, it should be noted that the internet is not always required for an App to work. A mobile App may be a mobile Web site bookmarking utility, a mobile-based instant messaging client, Gmail for mobile, GIS or navigation applications and many others.

A mobile friendly website is a website that is easily accessible and viewable from a smart mobile phone or tablet via the mobile web.   It is easier to drive advertising traffic to a mobile landing page than it is to drive traffic to an App store to complete a download before visitors are able to interact with your content.  Additionally, mobile friendly websites are better for delivering maps or GIS capability as they do not require local device storage of data which would need to be updated frequently.

Mobile Apps and mobile friendly websites focus more on user experience rather than bells and whistles.  Apps are designed to fulfill a need and provide a valuable easy to

navigate function, while mobile friendly websites provide information in a quick, clean and organized fashion.  The design of both of these is of the utmost importance, while the technology exists and needs to be utilized correctly.

Image credit: Ambro

Both mobile Apps and mobile friendly websites are important and both have their niche.  For instance Apps are better for utilities and games, while mobile friendly websites are a better choice for delivering content, catalogs and shopping functions and mapping applications since that content is accessible by search engines.

This mobile endeavor is exciting and challenging for our entire team.   With a few mobile projects in the works (look for our DECO mobile site soon), DECO is gaining the knowledge and experience needed to help our old and new clients establish their own mobile presence.  As we bring more mobile projects to life, we will be sure to let know how well DECO is doing “Going Mobile”.

2 Comments | IT, News, Projects, Web Services | Tagged: , , , , | Permalink
Posted by Dawn Bott

SQL Injection: A Mid-Tech Explanation

November 21, 2011

Timothy

A lot has been written in the last few years about application security.  One of the most popular sub-topics in this arena has been a scheme called SQL injection.  SQL Injection is a scheme whereby a hacker uses knowledge of database technology combined with flaws in the program design to allow them a level of access to data that is beyond what was intended in the applications design.

A database is a program that manages a repository of information.
A database, more properly a relational database management system, is a process that runs on a computer.  It stores data in tables which are comprised of rows and columns, similar to a spreadsheet.  Each row is referred to as a “record” and each column is referred to as a “field”.
Modern database management systems provide many data functions for manipulating both the data and the table structure.

A database is a program that manages a repository of information.  The database can answer questions and requests for information.
The principal function that most users are involved with is the storing and retrieval of records.  In order to retrieve a record or records, a request command, known as a “query”, is sent to the database.  This request specifies what table the records is stored in, and what the identifying characteristics of the desired record are.  This is similar to asking someone to go to the kitchen, look in the pantry, and bring you the box which has rice in it.

Image credit: jscreationzs

A database is a program that manages a repository of information.  The database can answer questions and requests for information. Questions are asked using the Structured Query Language (SQL).
The SQL language was developed in the early 1970s by IBM but was not used commercially until Relational Systems (now Oracle) incorporated it in the initial release of the Oracle database system.  A query in the SQL language takes the form of several clauses, most commonly the SELECT clause the FROM clause and the filter, or WHERE clause.  Assume a table exists that is called “books” and contains fields named “title” (which stores the title of the book), “publication_date” (which stores the date the book was published), and “author” (which stores the name of the author of the book).  In this case a SQL query that was designed to return the title and author of all books written in the year 2003 would look something like this:

SELECT title, author
FROM books
WHERE publication_date = 2003;

There are other clauses which can be included in our query to do things such as sort the data.  In many programs and more importantly in the processing that occurs behind many interactive functions on web sites, there is a database that is doing some of the work.  A extremely simple example of this would be a web page that allows a user to enter a book title and returns the name of the author and the date of publication.  In order to do this the web page must provide the database with the information the user entered.  This is done by having the web page generate a SQL statement which, assuming the user entered “Ogden Nash” as the input, would look something like this:

SELECT title, publication_date
FROM books
WHERE author = ‘Ogden Nash’
ORDER BY publication_date;

A database is a program that manages a repository of information.  The database can answer questions and requests for information. Questions are asked using the Structured Query Language (SQL).   The database will answer any question asked of it.
It’s that last one that’s a problem.  Presuming that our user has a knowledge of the SQL language and a heart full of evil intentions, rather than an author’s name, they might enter something like “: SELECT * from users;: –“.  The web page will assume that the input is an authors name and place it in the SQL statement making a final SQL statement that looks like this:

SELECT title, publication_date
FROM books
WHERE author = ‘: SELECT * from users;: –‘
ORDER BY publication_date;

What has actually happened here is that the first character in the users input (the colon) is how individual requests in a SQL statement are separated from each other.  The SQL statement now contains three queries for the database to answer.  The first query:

SELECT title, publication_date
FROM books
WHERE author = ‘:

is an incomplete statement and can be anticipated to cause an error message to be returned from the database.  Just for an example let’s say that message is “SQL Syntax Error (#71421)”.  The third query:

–‘ ORDER BY publication_date;

will be ignored because the two dashes that begin the statement identify it as a comment that is not intended for execution.  It is the second query:

SELECT * from users;

that contains the threat.  In this example, assuming the existence of a table named users in the database and contains fields for the name and password of each user of the system the web page that was intending to display a list of books by a certain author would actually display something like:

SQL Syntax Error (#71421)
Joe                   MyPassword
Elizabeth         HerPassword
Dan                  TopSecret

If there is no table named users, “…well, maybe they called it ‘passwords’ instead”, thinks our hacker and tries again.  He will ultimately be able to access any data in the database that the application he is using as a conduit can access.

How can I prevent this stuff?
There are three rules of thumb to make your database more difficult to access through a SQL Injection type of attack.

First, minimize your exposure. The attack described here is deliberately simplified in order to clearly show the problem.  The technique of assembling a SQL statement from a combination of static text and user input is called “dynamic SQL”.  In many situations this dynamic SQL can be replaced with a database function called a stored procedure.  In a stored procedure user input is supplied in the form of parameters that are referenced by the function but are not included in the actual SQL statements that are executed.  Thus an attacker will not have a way to submit SQL queries of their own design to the database for processing.

Second, never, ever trust user input.  Include routines that examine the input looking for characters (such as colons) that are not expected.  Very few authors have colons in their name.  Other phrases and punctuation should also be looked at with a grain of salt.  Input that is anticipated to be numeric should be checked to verify that it doesn’t contain any text.  This will strengthen the application and prevent input errors caused by innocent typos on the part of the user.

Image credit: Salvatore Vuono

Third, don’t be too predictable.  Avoid table and field names such as “password” or “SocialSecurityNumber” or table names such as “CreditCards” in your database.  Such names simply shout “I contain sensitive information” to an attacker.

SQL Injection, and secure application design are large subjects.  My next blog will take a more in-depth look at each of these techniques and discuss where and how to use them to protect your applications in production.

1 Comment | IT | Tagged: , , , , | Permalink
Posted by Timothy Brooks

Towson Students Win Maryland Cyber Challenge and Scholarships

October 27, 2011

Kelsey

Cyber attacks continue to be a serious and growing threat to our nation’s governments and businesses. In turn, it has become a growing workforce need, especially in the Maryland-D.C. region.  The Maryland Cyber Challenge and Conference hopes to mitigate these threats and develop high school and college students with an interest in computers into cyber security experts. This year’s Conference was held October 21 and 22 at the Baltimore Convention Center. Eight college teams competed in the Cyber Challenge, held on Saturday October 22, but in the end it was TOWSON UNIVERSITY that took home First Place!

However, the road to victory was not an easy one. As Professor Michael O’Leary, team advisor, explains, “the competition between UMCP, UMBC and Towson was extremely close – when the scoreboard was turned off, each of the three teams had roughly 35,000 points, with Towson first and UMCP and UMBC tied and just 300 points behind.”

After two online qualifying competitions and the all-day event on Saturday, Towson University came out ahead. The members of TU’s team are Andrea Mobley (Captain), Brian Cather, Jonathan Fragale, Dustin Hanks, Dennis Hayden, and Roberto Melendez.

In addition to the pride of winning, each student received a $5,000 scholarship from the National Security Administration and will be offered a summer internship with SAIC, a science and engineering firm. These two fantastic prizes will help expand the student’s knowledge and experience in the growing Cyber Security field.

Image credit: jscreationzs

Team captain Andrea Mobley said of the win, “I think our win over two graduate teams (one of which is a University of Maryland team) and the rest of our competitors (Capitol College, University of Maryland Graduate students, University of Maryland Undergraduate students, Goucher, University of Maryland Baltimore County, University of Maryland University College, and a group of collective students) keeps Towson University on the radar for the national competition in February and for employers looking to hire security professionals.”

Be sure to read the Baltimore Sun article to learn more about the event!

Leave a Comment » | Events, Homeland Security, IT, News, Students, TU Faculty & Staff | Tagged: , , | Permalink
Posted by Kelsey Beckett

Adventures in Surveying

October 20, 2011

Dawn

Adventurous is not a word people would use to describe me.  Solid, dependable, typical, predictable… they would work.  I usually like to do things the same way. If I know how to do something, why try something different.  Not a good mantra when you work in a tech industry. So when a client approached us this summer about trying to get a lot of information, from a lot of different people, who are not close by, in a short amount of time, the Center for Applied IT (CAIT) decided that our standard interview method may not be the best approach.  Here was an opportunity to try something different, and we decided to take a leap of faith using a survey tool.

For this project, CAIT needed to quickly identify IT resources overseen by one of the counties. Time was of the essence so we thought how could we get the information, eliminate or greatly reduce data entry and be able to manipulate the data easily. After looking at some of the commercially available tools, we found that a simple survey tool would do the trick. Aaron Guy at the Center for Professional Studies (CPS), another Division of Economic and Community Outreach (DECO) unit, came to our rescue since they were currently using a survey tool that would easily meet our needs.

After obtaining the client’s approval, Lisa Walker, Bill Hansman and I set to work. The tool allowed us to ask questions that could be answered using text boxes, radio buttons (for a single entry) or check boxes (for multiple entries). We developed questions, organized our survey and launched it in only a few weeks.

Launching the survey was simple too. We provided our client with the URL and some basic instructions.   Our immediate feedback was minimal. A few questions, but for the most part the users found it easy to use and the questions to be straightforward. Next, we downloaded the information into an Excel spread sheet and now we are working to discover all the information our survey results hold.

No new adventure is complete without discovering some pitfalls. Here is what we have learned so far:

  1. Fewer more targeted questions would have been better, making the survey more concise
  2. Make every question mandatory would have been helpful
  3. Limit free form text box use, because some participants became a bit wordy, making it hard to discern facts.

Overall, we really enjoyed developing the survey. It was fun to create the questions and to then reap the rewards of our efforts through the data we retrieved, data that we did not have to manually enter!

Since our first survey experience, we have upgraded the tool we are using and are looking for more opportunities to leverage this new skill.   I can’t wait to share this tool with another client and to survey again!

1 Comment | Business Analysis, IT, Project Management, Projects | Tagged: , , , , | Permalink
Posted by Dawn Bott

VIDEO: Education Meets the Workforce – Student Interns Get Hands-on GIS Experience

October 11, 2011

Jenn

Our newest Education Meets the Workforce video features student interns from Towson University’s Center for GIS. The interns, Justin Mannion, James Parmeter, and Alex Stapleton, work closely together on data collection processes in connection with the Maryland Broadband Map project. The Maryland Broadband Map allows residential and business consumers to discover the high-speed Internet services and providers in their neighborhood, anywhere in Maryland.

Watch the video to learn more about how the interns are contributing to the Maryland Broadband Map Project and to other projects at CGIS.

1 Comment | Community Outreach, Economic Analysis, Education, IT, Mapping, Marketing, News, Students, Training, TU Faculty & Staff | Tagged: , , , , , | Permalink
Posted by Jenn Lake

Timothy Brooks: What I Like Most About My Job

September 12, 2011

Timothy

In the process of establishing myself as a new contributor to the DECO blog, I was asked to give answers to some questions that the blog managers will use to put together a profile.  There were a page full of questions, a number of which pertained to personal trivia, but there was also a question that caused me to ponder something that I hadn’t given much thought to for a while.

The question was “What do you like most about your job?”  The anticipated answer on the questionnaire was a sentence or two, which was what I wrote there.  But I would like to take this first writing opportunity to answer the question more fully, because I think it will provide a perspective for further articles.

What do I like most about my job?  Since I am approaching a decade with the organization there must be an answer to the question.  It was obvious to me that there had been many projects which I had truly enjoyed because of some challenging technical aspects.  I’m a computer geek, that’s what we like.  But the challenges that I have found inspiring and that have brought out my best contributions were the ones that focused our organizations unique potential to fill a true need.

During my time with the software development group of DECO our name has changed several times, but the focus has remained the same, applied information technology.  Applied IT means using existing and emerging technologies to solve defined problems and meet established needs.

The first project that I worked on when I was starting with the group was aimed at providing interactive website technology to several Maryland state agencies.  Access to this technology allowed the agencies to make information and transactions from their existing data systems available on an intranet.

Image credit: jscreationzs of FreeDigitalPhotos

The same purpose driven use of technology has been the core of one of the most recent projects I have been involved with as our group has worked with Dr. Jonathan Lazar from Towson University’s Computer and Information Sciences department in his efforts to develop and test a CAPTCHA challenge that is accessible and achievable for blind computer users.

There have been many other projects but the pattern remains the same, technology to solve problems and enable people to do more things, more easily.  I like my job because I find that rewarding.

Leave a Comment » | IT, Projects, TU Faculty & Staff | Tagged: , , , , , , | Permalink
Posted by Timothy Brooks

Lessons Learned III: Creating a KML-Enabled ArcGIS Server Map Service

September 6, 2011
Jeremy

Jeremy Monn

Apparently my favorite topic to blog about is creating a KML-enabled ArcGIS Server (AGS) map service, because I find myself writing about the same topic even though I have written about this topic in two previous blog posts.  The impetus for writing about this topic a third (and hopefully final) time is that I found myself troubleshooting a KML-related issue that I am sure other GIS practitioners have or will come across.   Provided below is a description of each issue and its solution.

ISSUE ONE

When panning to a new location in Google Earth, the data that the KML-enabled AGS map service references disappears.

Explanation

The problem here likely stems from how the KML file was configured when it was created from an AGS map service.   There are specific configuration settings that deal with when or how a refresh of the KML file occurs.  In this case, one should configure the KML file so that it refreshes once the user stops panning.

Solution

Open the KML file with a text editor and search for the <viewRefreshMode> tag.  Make sure the value inside this tag is set to “onStop”.  Additionally, if any <refreshMode> and <refreshInterval> tags exist remove them if you want the refresh to be solely triggered by a user panning.

ISSUE TWO

The KML-enabled AGS map service used returns a URL when a feature is identified in Google Earth, but the URL does not work.

Explanation

An obvious reason why this might occur is because the URL provided in the dataset’s attribute  table was entered incorrectly.  Another less obvious reason is that special characters in the URL are being replaced by other characters.  For example, the “&” character may be replaced by the “&amp” string.

Solution

Obviously if the data was entered incorrectly in the source data’s attribute table then one has to correct the mistake.  However, when one has an issue where the “&” character is being replaced    by the “&amp” string then one should find out what MXD is being used for the AGS service,      save it as a MSD file, and re-point the AGS service to the newly created MSD file.  Once the AGS service is refreshed, the URLs should be correct in the service’s KML file.

Leave a Comment » | IT, Mapping | Tagged: , , , , , | Permalink
Posted by Jeremy Monn

How to Manually Mount a USB Flash Thumb Drive on Linux

August 30, 2011

Jimmy

If you are like me, it is quite common to work with various operating systems and platforms on a daily basis.  For the most part, these operating systems manage the things that we come to expect like making a USB thumb drive visible to you (i.e. with a drive letter or mount point) as soon as you plug it into your computer’s USB port.  Well, I have an important news flash…this doesn’t always work!

Recently, I was working with a Linux distribution and needed to copy over data to a USB thumb drive.  I connected my thumb drive, and like a disappointing magic trick, nothing happened!  So what did I do?  I had to put on my troubleshooting hat and enter the dreaded (or lovely, depending on how your perceive it) command line terminal.  At the command line, I followed this procedure to get to my USB flash drive:

  1. Elevate to root (su –) or use sudo if you are using an Ubuntu distribution then enter the appropriate password when prompted.
  2. Enter the command lsusb at the command line.  Thankfully for Plug-N-Play, your computer should recognize your USB drive.  If it does not, try plugging into another USB drive and re-issuing the lsusb command.  Since I am on Ubuntu, I have to issue the sudo command and sudo password first as seen below:


3. Look for the device assignment.  Generally, this is done by ‘searching’ using the dmseg command.  After issuing the dmseg | grep ‘disk’ command, I found my device assignment as shown in the output below:


4. Now, let’s create a folder in the Linux file directory to act as a mount point for our USB flash drive.  I am going to create a folder in the /mnt directory called /usbflash’ by issuing the mkdir /mnt/usbflash command.  Since I am on Ubuntu, I have to issue the sudo command as seen below:

5. Now, let us mount our USB drive labeled sdb to the /usbflash directory so that we can use it by issuing the  mount –t vfat /dev/sdb /mnt/usbflash command.  Since I am on Ubuntu, I have to issue the sudo command as seen below:

(Note: vfat specifies the USB flash drive file system.)

And that’s it!  After the drive is mounted, browse to the /mnt/usbflash folder using the command line or graphical file utility to access your files and folders on the USB flash drive.

2 Comments | IT | Tagged: , , , | Permalink
Posted by Past Bloggers

Three Firefox Add-Ons a Designer Can’t Live Without

August 22, 2011

Jenn

Over the past 4 years I have completed web designs for various courses and professional projects. Additionally, one of my many tasks as Multimedia Coordinator here at DECO is web design.  As with any trade, web design has “tools of the trade” which simplify its processes. In my opinion, some of the most useful web design tools are Firefox Extensions/Add-Ons.

If you go to the Firefox Extensions/Add-Ons page you will find add-ons that you can use to save time and personalize your online experience. There are add-ons for shopping, games and entertainment, bookmarks, web development, and more. Out of all of the Firefox Add-Ons, the design-oriented ones are most useful to me. I regularly use the following:

1.    ColorZilla – Adds an eyedropper/color picker tool that can be used within the Firefox browser window.

Benefit to using this Add-On: It allows you to hover over various website elements (e.g. images or website backgrounds) with your cursor and then see the RGB or hexadecimal color code for the color for that element.

Alternative to using this Add-On: Take a screen shot of the website (Print Screen on Windows, Command + Shift + 3 on Mac), then open the screen shot in Photoshop. Use the Eyedropper tool to select the color, and then click the foreground color swatch in the color palette at the bottom of the toolbar which will bring up a window that displays RGB, CMYK, and hexadecimal color codes.

2.    Measure It- Adds a re-sizable ruler box that can be used within the Firefox browser window.

Benefit to using this Add-On: Space is precious in web design. In order to optimize space and create desired alignment, you must be able to design properly sized graphics. The MeasureIt tool allows you to drag a ruler box across the screen and tells you the size of the page area that you select in pixels.

Alternative to using this Add-On: Take a screen shot of the website (Print Screen on Windows, Command + Shift + 3 on Mac), then open the screen shot in Photoshop. Select “Window” in the toolbar at the top and click on the “Info” option. Then use the Rectangular Marquee tool to select the area that you’d like to measure. The dimensions of the selected area will appear in the “Info” window.

3.    Firebug – Displays the code used for various web elements.

Benefit to using this Add-On: It allows you to right click a web element and view the code for that particular element. This means that you no longer have to sift through thousands of lines of code just to find the code for one particular desired element.

Alternative to using this Add-On: Right click the web page, click “View Source Code” and then try to search for the element that you’d like to see the code for.

As you can see, Firefox Add-Ons allow you to save time, and can transform your Firefox browser into a comprehensive tool. With Firefox Add-Ons, you can do so much within your browser without having to open additional windows and programs.


Leave a Comment » | IT, Web Services | Tagged: , , , , , , , , , , , , | Permalink
Posted by Jenn Lake

« Previous Entries
Next Entries »
Follow

Get every new post delivered to your Inbox.