Church IT Help

Until recently I had not heard of Backscatter and even more recently I found out the full impact. We have found ourselves listed on http://www.backscatterer.org So far it has only affected one company we deal with but I expect it would get worse without correction.

The problem:  The attacks we are experiencing are using spoof email addresses to send email to us. These emails are invalid address so our server responds as it is designed by replying with a message saying the email cannot be delivered. So the address that was faked will now send a non-delivery report to the address. So the person’s address that was spoofed no gets hit with a message that contains the original SPAM and in a sense they get it from our server. So the bad guys get the SPAM delivered in a sense and used our server to do it. The real problem comes from services out there that will now see our server as being part of the problem. Whoever subscribes to these services will now block any email from us. This is called “backscatter” and I am just now becoming fully aware of the issue. It is essentially a new tool for the bad guys to use. We have only so far seen one case where someone is now blocking emails from us, but it will get worse unless we fix it. We are on a list of backscatter servers now and we will be removed after a time if the problem is fixed. They have a way to pay extra to move us off the list quicker, but that does not seem right to me. 

The Solution: The fix to this is to turn off the Non-Delivery Report on our Exchange server. This would tell the server not to respond when an email is sent to a non-existing address on our domain. It will simply drop it. The problem as you might imagine is that if someone sending us a legitimate email misspells an email address here they will never get a message saying the email could not be delivered. So they may not realize the address they used is wrong. I realize this may cause problems but this is the best fix that is recommended by much smarter people than me. I’m be making the change right away. We will just have to be more mindful when expecting an email as users would normally expect an error message if they use an incorrect address. Keep in mind this will not affect any emails you send out. If you send an email to a misspelled address you will get an error message as usual.

To turn it off on Exchange go to /Global settings/internet message format/default/properties and uncheck “allow non-delivery reports”. I know there are ways to use message filtering but from my research that was not the best route for us.

  Luke Gilkerson from Covenant Eyes asked me last week to write a guest post sharing my experience with their accountability product. They published it today and included a photo my wife took of me at lunch on Friday outside our favorite sushi place. You can tell I was looking into the sun. Check out the post at http://www.covenanteyes.com/blog/2008/08/25/a-higher-standard/

Thanks Luke for giving me the opportunity! 

  I wrote a very similar post over a year ago here, it has greater detail on what we use for Internet accountability. Some of the folks from Covenant Eyes  came by for a visit this week and that always gets me thinking about accountability. Internet accountability is what CE does after all.

   As I see it, if you want to limit the access of your users you can either filter sites or make everyone accountable for where they go. I see clearly that some day I will in fact integrate some sort of content filter appliance or software and have an easy way to block certain sites. Until then I’m happy about letting accountability be our watch dog.   

   The way we are setup here is that all PCs have Covenant Eyes software installed on them. There is no way to reach the Internet without a user-name and password. Once logged in all of the sites a user visits are logged and sent in a report to an accountability partner of their choosing. I personally prefer a peer to peer situation rather than a boss to employee, but that is up to the individual. So the long and short of how we control where users can go is, we don’t. The CE software does not stop you from going to any site. However, users know every visit is logged and weighted by content, and sent to their accountability partner. It is a system that works well. If a user goes to a site by accident they only need to tell their partner about it. As far as I know we have never had an issue with users going to bad sites. It is possible that issues have existed and the accountability partners are working together to solve the issues. The report lists all sites visited, but the most questionable visits are at the top. It really is very quick to check someone’s report. I just look at the top of the list and if I have a question I just forward the report and ask them to explain.

  CE has added some great features for administrating large amount of users, but really for the way we use it these tools are not that useful for us. It is good for cases where someone may ask us to run a report on a user, but that is rare. What I like is that we put the system into place and user accountability keeps people behaving. It is not only porn sites we may keep them away from but even other sites that may be time wasters. Users know where ever they go at least one person will know about it. The funny thing is that some of our users think that CE even monitors their email and they are very careful even about email. In actuality CE does not scan email, but who am I to point that out?

    For our standard users accountability works because I can control the PCs. For our wireless hot-spot I use a DIY hot-spot and we use DansGuardian to filter sites. Otherwise we would have zero control over our guests and we never would know what someone may be up to.

    Again, maybe someday we will limit sites but that makes my head hurt thinking about all the potential management that may take. I think it probably would be easier to block all sites and whitlelist sites as they were approved. The really nice thing is with accountability is our work ends when we set up accounts. We in IT have our own accountability partners and keep up with each other. As I discussed with the guys from CE, I think you need a relationship with your partner to know their heart and their struggles. I think there could be cases where a website may be fine for one person it may be a problem for another. So having that knowledge about someone would help you discern what may not be a good environment for that person.

     So what is the best answer, accountability or filtering? Or a combination?

   Click picture for full image.

OK, IT folks out there, how many times a week do you have to ask someone “have you rebooted yet”? Seriously, how many times do you have to tell people to reboot? Especially considering that many times a reboot will fix it! It has actually entered comical proportions these days. When someone comes to our office or opens a ticket, we smile and ask if they would please reboot first and see if the problems is there. It seems 75% of the time we don’t hear back at all, meaning it did indeed fix it.

   Gotta love those users! We’ll always be employed because of them! 

   Over a year ago we launched the latest version of our web site, www.stonebriar.org . I say we, but in fact I mean Jason Reynolds and Andrea Bagwell. They along with a few vendors really created a far above average site. Jason has moved on and is the CIO of a large church in Florida and is doing some mighty work down there. Andrea remains here and continues to make fresh changes and updates that keeps our site well ahead of the crowd, IMHO.

    A few weeks ago Andrea pointed out to me a church website in the mid-west. I looked at it and I thought it looked great, well I would as it was essentially our site. They did change the colors around but it was clearly our site remade. They even had a pull-down in the exact spot of our unique Ministry Index, except theirs didn’t work. Maybe the worst part, in my opinion is under the section ‘Get Connected’ they used our page word for word. They even used they same photos we paid to use. If you looked at the source of the ‘Get Connected’ page you can even see the Stonebriar.org name throughout. Some of “their” photos actually were even  being pulled from our page! Andrea attempted to contact them and no one responded until just a few days ago. They seemed to be cooperative and we will see what they will do. They still have not changed anything yet.

   A few days after we found the other church website, another website was brought to our attention. This time it was a technology company in the south. Their version of our site even had the exact same colors and exact layout. Every page still had Stonebriar.org references in the source on every page. When Andrea contacted them the responded very quickly and within a day they even took their page completely down. Right now they they have a simple apology up and zero content. They say the company they hired to do their page is now out of business.

   In both case they lay the blame at the developers feet. In the case of the church their vendor says the church signed off on the content and they are not to blame. Andrea’s and my boss wisely said to inform our developers and the offending sites and we would not pursue anything on the legal side. All in all is it really a bad thing to copy a good site? It does show a lack of integrity I’d say. I think the people who have gotten hurt the most is the developers and designers. Essentially they did a lot of work and were paid for it by us, and someone else just came along and cut and pasted their work.

    We use the TYPO3 content management system. At it’s core it is open-source and a community so by default ideas are readily shared. However just to cut and paste what someone else has done seems wrong to me. I think Andrea has been awesome with all of this. Many times in the past some group will call up asking us to share some element of our code for a page. She is always generous and will share any and everything we have. She only asks they not just duplicate our page.

    The nice thing is that with the level of exposure our church here has, it is very unlikely a copy of our site will go unnoticed. I know web developers face this issue every day and it is nearly impossible to combat it. The old saying comes to mind, “Imitation is the sincerest form or flattery”. In these cases I think sincere is the wrong word. I purposely left off the actual websites as I would like to take everyone at their word that these were just mistakes. I have a feeling we could drive ourselves nuts finding more of these pages out there. I think it is very possible to see elements of your page that you may have “inspired” on other pages. But when they don’t even bother taking your name out of the copied code…..

  Less than 2 years ago we bought a very nice Samsung DLP HD TV.  Once we upgraded our satellite service to HD we really saw what we have been missing. It really has been a great TV and we have enjoyed it. However, starting a few weeks ago it started turning off randomly after it warmed up. We could turn it back on after a few seconds and sometimes it would stay on for hours and sometimes it would turn off every few minutes. So we experimented by removing several of the devices connected to the TV one by one. Regardless of what was plugged in it continued to be a problem. The nice thing is that we bought the extended service, but we would have to be without the TV during that time.

   So with nothing left to loose I decided to Google the issue. I put in the search parameters of “Samsung DLP TV turns off”. This search brought up over 38,000 results. I right away found many people having the same issue. Many of them had taken them in for service and the problem would be fixed with a replacement part. Unfortunately, it seems many of these people would have the problem come back after a few weeks or months. The techs would come out and “fix” it again and often the problem would come back. After searching the various forums I finally found a possible solution. One guy found that the source of the problem was an access panel for the DLP lamp. It seems over time the switch that determines if the panel is closed “moves” a bit. He went on to say that the fix could be as simple as taking the panel off and putting it back on.

   So late on Saturday night I decided to try this panel fix. It had a single Philip’s head screw and the panel comes off. Obviously I did this with the TV unplugged. I put the panel back on, making sure the switch end went in first. I put the screw back in and turned the TV on. That was 3 weeks ago and the TV has not turned off once on it’s own. It now makes sense why the other folks TV would be fixed only temporarily be fixed. The techs were actually fixing it by re-seating the back panel and not by replacing the lamp. The switch would move and seem to be another lamp going out. I think some of these extreme cases a slight bending of the switch may be the ultimate fix.

   So now I feel like I will be the hero once I tell my household that I fixed this ongoing headache of a problem. My wife and oldest where pleased. My youngest, 7 year old Grace, kind of shrugged her shoulders. She said. “well, all you did was do what they said to do online”. So I guess maybe it wasn’t a big deal after all and leave t to the youngest to put me in my place, once again. Gosh, I’m looking forward to her being a teenager……..NOT!

    At least the TV is now working and I know how to fix it going forward. It would brighten my day if someone finds this post someday and is able to fix their own TV with this information. Of course it will not be a big deal, after all they will have only done what I said to do online.

I just had to do a toon about this:                      (Click on the cartoon to see full size.)

  Last Friday a group of church IT guys here in the DFW area got together for lunch. Other than the recent Large church forum this is the first time in a long time we have met. The lunch was organised by that geek-about-town Scott Miller. He is also responsible for the forum we are starting to use www.Texasministrytech.com

   Most of us used to meet fairly regularly a few years back. I’m not sure what happened but it just fell apart. It is sad too because every time I meet with these guys, I have a great time of fellowship. If there was ever any group that understands my daily struggles it is this group. If there was any downside to Friday’s lunch it would be the noise level of the restaurant. I really could not hear anyone at the end of the table. On the bright side I was able to have a more focused conversation with the guys at the end of my table. While most of us were full time church IT guys, Travis Phipps is a volunteer at his church. Travis is in a special situation, he has all the responsibility without any of the pay. Plus, he gets to spend his spare time working. I’m sure he will end up in ministry someday soon though, as that is where he heart seems to be.

    Scott and I agree that our group really should include more than just the church IT professional. We should reach out to other ministries, with and without their own IT departments. While at lunch I had visions of a techy pastor sitting in on one of our sessions feverishly taking notes. What an opportunity it would be for such a pastor or staff member to take advantage of such a brain-trust of IT knowledge. And really what an opportunity it would be for us to help another ministry.

   I always enjoyed the old “IT round-table” days, but always had the feeling we were missing something. It seemed more of a chance for fellowship more than anything else, which is important, but no real substance. Scott asked us all that we can each bring at least one person to our next meeting sometime in September, so maybe we will do more for the Kingdom. My heart is really with the church plants and will be looking around for someone to bring.  I hope we all can find someone like that. Whether it is the church admin that helps the pastor get on line or a volunteer out there like Travis.

     If you are in the our area or near enough to drive let me know if you are interested in coming and I’ll make sure you have the details as I get them. Or you can contact Scott through either IT@watermark.org or www.Texasministrytech.com 

    A special thanks to Scott Miller for all his work on the forum, his blog, and on organizing this group. Without him we would all still be talking about what a great idea it is and never meet. All of this makes my heart go out to people like Stuart Dyckhoff who volunteers at his church in Wales. The only way he would have the resouces of such a group is to create one. I wish he could make it to one of our group meeting or the national Church IT Roundtables here in the good old USA. Stuart is doing fine, but I’m sure he could use the fellowship with others whom also have a heart for Jesus, minsitry, and technology (in that order). If you have not done so, check out Stuart’s blog www.churchtechy.com He post with a funny accent :), so I’m sure you will enjoy his very great blog.

    I wanted to make everyone aware of a new and unique church IT blog from Stuart Dyckhoff . www.churchtechy.com Some of you may have heard from Stuart  through comments he may have placed on your blog. His blog is new and has a fresh approach to church IT. He is a long time IT guy who serves as a volunteer at his church. So basically he has all the issues and responsibilities of being in charge of his church’s IT without any of the pay.

  Stuart has a great start and let’s support him by visiting and reading his blog. You may find it hard not to comment on all of his posts as he makes some great points along the way. I don’t recall seeing any church IT blogs from the UK so his perspective is certainly something you will want to read. We here in the US are spoiled, not only from the endless resources we seem to have but from the support we find through multiple organizations. There does not seem to be an equivalent to the Church IT Roundtable or even a group he can participate with unless he creates it himself. I would imagine he would be difficult for Stuart to start such a group working full time at various shift hours and helping his church in his spare time.

    I’m not going to tell you anything else about Stuart as you will need to visit his blog to find out more. I think he has grabbed a perfect URL though. www.churchtechy.com So go visit his site and support our brother in church IT across the pond. I really think he could use our encouragement and he does have a lot to offer. Heck, you may learn something as well.

  OK, first I must say I am not a fan of Apple and I really don’t love I-Tunes. Nothing really wrong with Apple as such, I just still prefer Microsoft and Linux to Apple. Mostly I have my opinion because of the price point. Yes on the high-end of the spectrum the prices get closer, but still the Apples are higher. On the lower end there is nothing Apple has that can compete in that price range, that is decent. If you have ever used a Mac-mini you will agree, unless you have had too much Mac Kool-aid. After all I work at a church for goodness sake, how could I afford one, even though it would be nice for my creative projects? I work with a guy who is a huge Apple fan yet still has not purchased one for himself because he can’t afford it. I’m sure he will buy one eventually, but for now he can’t put his money where is mouth is.

  I had not had much experience with I-Tunes except for the occasional user here losing their files or using up way too much network drive space. In truth it actually violates our policy to be running it here, but I’m OK as long as they don’t abuse it. Recently my best buddy bought an I-Pod. I went to his house to help him a bit, but he had it mostly figured out when I got there. He told me there was something wrong with his PC all of the sudden. After a short investigation I found out his system was slow when I-Tunes was running. Looking at the system resources I could see why. OK, I can over look that. I’m one for using one application at a time when you can. If you are ripping music or anything resource intensive it is best to minimize what is running. This is regardless of systems PC or Mac. Even with just I-Tunes running it was very slow and seemed  to lock up, but it would eventually respond. So let the CD ripping begin.

   So now we are ripping CDs. In the past my buddy Sam Adams, yes that is his real name, had learned to rip CDs using Windows Media Player. Maybe WMP is not the greatest program, but for basic ripping and playing music it is simple and ready to go. The album covers always came up while ripping and all the songs titles were found. Windows pops up a dialog when you insert a CD and and you can select to have it burn automatically. Simple and easy. So after a bit of a struggle getting everything registered and setup for the I-Pod to work with I-tunes we were ready. I can’t say it was a slower rip but it sure felt that way. We also were alarmed that some of the CDs we were ripping not only did the album cover not come up but it would not populate the song title information! We eventually found out how to tell it to manually find the song titles but why should we have to? Some of the albums were classics and huge sellers but I-Tunes never found the album art. In some cases when it did show the album cover it was not the right image. Say what you want about WMP but I have never had that happen with it.

    I’m not going to list out all the issues we came across, some were just getting used to the “my way or the highway” settings with Apple. Choices, options, and custom settings? Not so much. Sam was not thrilled he had to use his credit card to get to the I-Tunes store or even download the album art. I have to say once the I-Pod has the music on it it, it sounds and looks great! Just holding the I-Pod it feels so solid, it just gives you confidence it is a good device.

   I have talked to several people and have read online about sometimes I-Pods losing all of their songs when attempting to synchronize. The sync process seems kind of awkward and klugey, it just does not feel right and it takes forever. Our next challenge is coming because a few days ago Sam’s hard drive crashed. After a bit of research I found that you can not sync back to a PC from the I-Pod natively. If you reload I-Tunes the I-Pod must be blanked out and a re-sync must be done after you re-rip all of your CDs.

   I can’t say I am a fan of I-tunes or I-Pods. I don’t understand why they  can’t simply snyc with my songs without using I-Tunes. I have a cheap mp3 player and when I plug it into my PC it allows me to sync any songs I have since ripped on to my PC. My daughter’s Creative Labs Zen does the same thing. My daughter is 10 and rips and snycs without ever needing my help AND she does it with a very old laptop. Now just so you don’t think I’m just against Apple, I must say the Microsoft Zune is not any better than the I-Pod. With the Zune you must use Microsoft’s interface program. My wife has a Zune and I’m appalled that you can’t do a simple snyc like I would expect. Again WMP is not the greatest but it is so easy to use. Plus there are many other great softwares for music, ie Win-amp. Frankly the process should be much easier. You should be able to plug in your mp3 player and any music you have ripped on your PC that is not on the player will now sync. It works great for my little 4GB mp3 player and it works for my Daughter’s Zen.

   So why does my title say “Why I “love I-Tunes”? Because after all the hype over the years about how awesome Apple is from its fan-boy base, it is nice to see them produce such a crappy program. It also re-enforces what I suspected, that some Apple fan-boys will defend all things Apple regardless of the facts. I’d wager that I get responses about how great I-Tunes really is. Not all Apple people have blinders on, in fact I found several Apple devotees out there on the web that feel the same way about I-Tunes. There is no doubt that the I-Pod is a great device once you get it set, just make sure you do backups often. I-Pods may be the best and safest bet on that new mp3 player you want. If nothing else because of the massive amounts of accessories available for them. Given my choice I’ll stick with my cheap mp3 player until it breaks, which it will. When I replace it I will look for one that will not force me to use some memory/system hog just to put new songs on it. If I ever get an I-Pod I’ll be using some hack or 3rd party program out there. I’ve heard Media Monkey  is good, but have not tried it yet.

   This has been something that has been on my mind recently. Not that I’m planning on leaving the staff anytime soon. This thought process came up because our Director of Communications has given his notice. We will survive his departure but it is apparent we will scramble and stumble a bit because he is such a key employee and does so much. Don’t take this post as me criticizing this church’s Communication Director in any way. It is a different type of role than mine. It is just his leaving got me to thinking.

    So this got me thinking……. If I left how much of an impact would it be on my department and the church staff as a whole? The sad conclusion I came to was that indeed the church would survive and not have to close their doors if I left. Part of the reason I could leave without a lot of impact is years of preparation and doing IT right. So over the years I have made sure we have documented everything we could. We have procedures and 3 years of tickets for reference back to. I have also built up an great team. I do think there would certainly be some impact but my right hand man James could easily step into my role and the users would have little impact. Now meetings here would not be nearly as funny or fun, particularly the Directors meeting I attend weekly.

   This is not to say that I do not add value and I am important here but I feel if I left or was run over by a bus that this place would operate fine. In the corporate world this would not be a good thing. You want your company to be dependant on you and you would never “hand over the keys” to someone that could easily step into your place. I did the corporate world for years but I always shared information, which was not probably always a good career move. I sure appreciate the church environment and I surely feel this is ministry. It is easy to get caught up in the daily business grind and forget that.

   My challenge to you is to look objectively at your position and determine if you have built and empire or if you have done things right. If you leave would the impact be devastating? What have you done to make sure the next person could find what they need? Did you keep track of your licensing, purchasing, inventory, and everything else? I challenge all of you to look at a succession plan, because if you haven’t you could leave your church in a bad way after a sudden departure. Heck, can you even take a vacation without causing chaos? Perhaps you are not as lucky to have the management support to do IT right like I have, but this is all worth thinking about.