Archive for November, 2005

ezRETS 1.1.0 released

Published
by
Keith Garner
on November 30, 2005
in Announcements and Projects
. Comments

ezRETS is an ODBC driver that connects to RETS servers. It is licensed under an open-source license. It allows ODBC-aware applications, such as Microsoft Office (Excel, Word,) to easily load data from a RETS compliant server using those applications built-in wizards and other tools. Its cross platform and runs on Linux and Windows. OS X support is planned.

Right now, we only have a binary version for windows, but that seems to be the most useful to the most people. For those who would like to see/edit/compile the source, the source is available via subversion as well as at the download page.

You can download it by visiting http://www.crt.realtors.org/projects/rets/ezrets/

Continue reading ‘ezRETS 1.1.0 released’

Maps of Listings - Part 3

Published
by
Mark Lesswing
on November 28, 2005
in Articles, Internet and MLS
. Comment

Yahoo provides an alternative to the Google Maps approach covered in Parts 1 and 2. You must register with Yahoo before you can use their mapping engine though.

Step 1 - Obtain a Yahoo ID

A Yahoo ID is not the same as your the application ID that you are seeking. If you already have an ID you can skip this step. To register your Yahoo ID, you must choose an account name and supply a password.

Step 2 - Create an Application ID

Once you have a Yahoo ID, you can create multiple Application IDs (or appids) to keep track of the various applications you might want to offer. Yahoo has a tracking service for application ids that is convenient and free! The appid included in the demo code below is the one I created. There is no advantage to avoiding creating an appid of your own because it costs nothing. Also, only I will be able to track what you are doing. If that is what you want, feel free to use my appid:)

You should create an appid for your application now and use it in the code samples that follow.

Continue reading ‘Maps of Listings - Part 3′

Updated(?) retro handset

Published
by
Keith Garner
on November 23, 2005
in Gadgets
. Comments

Previously we told you about the retro handset. However, what if you want your retro handset without the retro cord?

Hulger brings us the Bluetooth Penelope Phone. Its got the old skool look of the retro handset, but you don’t need wires to use it!

CRT’s Infrastructure Part II: The mail server

Published
by
Keith Garner
on November 22, 2005
in Articles
. Comments

As mentioned in our previous installment, when I installed this machine in Jan 2003, I started with the RedHat Enterprise Linux 3 clone of White Box Enterprise Linux 3. It has since switched to CentOS 3.

Our departmental e-mail server handles a lot of chores for us. It is where the mail for Mark, Todd, and myself goes. It also handles all the CRT mailing lists, such as ezRETS-users and newsletter-broker. We also have it host some virtual mailboxes such as our help line of info@crt.realtors.org.

The hardware is a dual Pentium III 700 with 2GB of RAM. Its slightly overpowered for most our needs. There are two situations that call for the heavy amount of RAM, at least: 1) When the mailing lists are very active and 2) when we have heavy incoming mail. With the mailing lists, every one mail coming in turns into a large number of outbound mails. With the incoming mail, we spam and virus filter them which can take a good amount of CPU time and active memory.

One of my goals in building this mail system was “ubiquitous e-mail access.” By that I mean that if I can get on to the Internet, I can check my staff e-mail. We achieve that by allowing access on three fronts: IMAP over SSL, POP3 over SSL, and a web-based IMAP client.
Continue reading ‘CRT’s Infrastructure Part II: The mail server’

Who watches the Watchmen?

Published
by
Keith Garner
on November 18, 2005
in Security
. Comments

The mainstream media is finally picking up a story that’s had the geek press abuzz for a week or so; Since about mid-2004 Sony BMG Music Entertainment has been shipping CDs with a certain Digital Rights Management scheme on them. This DRM has been revealed this week to actually be a rootkit.

A rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user’s knowledge. (source: http://en.wikipedia.org/wiki/Rootkit)

As per the definition, this rootkit used spyware-like techniques to hide its presence, and didn’t provide any means to uninstall it. If you were smart enough to be able to detect it and remove the rootkit, it would end up breaking the functionality of your operating system. For example, after it was removed, you could find that your CD and DVD drives have gone missing.

It also had some other interesting attributes. Using its “cloaking abilities” a programmer found a way to use it to disable/evade anti-cheating mechanisms in the popular World or Warcraft on-line role playing game. Once people started going over the files with a fine-tooth comb, it was discovered that it appears to contain code from the open source projects LAME and VLC, violating the terms of their licenses.

Due to the outcry, Sony released an uninstaller which could be loaded via the web. However, the uninstaller caused an even bigger security problem than the original rootkit. Once you ran the uninstaller, it stayed around and any web site you visited after that point could download any code it wants down to your computer and execute it.

Renowned security technologist Bruce Schneier wrote Real Story of the Rogue Rootkit for Wired. Schneier starts with a nice summary of what has happened on the security side of things and anti-customer attitude that seems to be coming from Sony. Unlike everyone else who has been screaming just about the security, Schneier takes a look at a more interesting and scary aspect.

The story to pay attention to here is the collusion between big media companies who try to control what we do on our computers and computer-security companies who are supposed to be protecting us.

What do you think of your antivirus company, the one that didn’t notice Sony’s rootkit as it infected half a million computers? And this isn’t one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn’t notice? This is exactly the kind of thing we’re paying those companies to detect — especially because the rootkit was phoning home.

The only thing that makes this rootkit legitimate is that a multinational corporation put it on your computer, not a criminal organization.

I really suggest you read the whole article. Its a great primer of the disasters that can happen down this way. The think that is lucky for us as computer users (and Sony as a company) is nothing was compromised as a result of this. It could have been much much worse rather than just egg on Sony’s face, think about the infections at the Department of Defense (mentioned in the Schneier article.)

We often hear talk about using DRM in real estate, some of the suggestions are pretty draconian and anti-customer. As people in the real estate industry we need to look at nightmare scenarios like this as an example of what not to do. I’d rather sit back and let the people at the forefront of DRM take the lumps and figure out what works and doesn’t work. This is a single company taking a lump, but if the real estate industry as a whole makes a wrong DRM turn, it could be disastrous for the industry as a whole.

One last thing, in case you’re curious or are afraid you might be infected, a list of CDs that are infected can be found this on this page provided by the Electronic Frontier Foundation (EFF).

I’d like to also give a big word of thanks to BoingBoing for their insanely good coverage of this. I wouldn’t have half the information stated above if they hadn’t linked to it.

PolicyPage 0.9.5 beta Released

Published
by
Todd Costigan
on November 18, 2005
in Announcements, MLS and Projects
. Comments

PolicyPage is a new application from the Center for REALTOR® Technology. It is an MLS display policy compliance tool. PolicyPage is licensed under an open-source license.

PolicyPage reads MLS member websites and compares them to rules (defined in PolicyPage.) It notifies the MLS and optionally the member when tests are failed. PolicyPage’s initial focus will be to deliver rules that allow checking NAR’s IDX model display rules.

The 0.9.5 beta release supports reading of text based of statements on the member or subscriber web site(s). These rules can be used to test:

  • Terms of Use statements
  • Disclaimers
  • Copyright statements
  • If required links are present on the member site.

We look to those in the Association and MLS community to assist in the guidance of the project and to assist in setting future development priorities for PolicyPage. We invite and welcome your input.

PolicyPage comments (and bugs) can be posted to the project mail list.

You can download PolicyPage application by visiting the project site.

Providing Google Maps of listings - Part 2

Published
by
Mark Lesswing
on November 9, 2005
in Articles, Internet and MLS
. Comments

Before I begin, I want to recognize Chris McKeever for the support and inspiration behind this series. Chris’s website was widely recognized for its early Google Earth and Google API implementations in Real Estate.

I would also like to point out that the code I’m presenting is simply manipulation of the SAMPLE code provided by Google using information from the published API.

We will now look at the Google Map API in detail. Let’s modify the SAMPLE code you obtained from the registration process and plot a map of the showing the NAR Headquarter here in Chicago. The geocode for our building has a Longitude of -87.624223 and a Latitude of 41.889923.

Here is the part of the SAMPLE that we will be modifying:

var map = new GMap(document.getElementById("map"));
map.addControl(new GSmallMapControl());
map.centerAndZoom(new GPoint(-122.1419, 37.4419), 4);

The first function to change is centerAndZoom. It contains the geocoding and the “zoom� level and should be located with the NAR building at the center of the map. Change the code to look like this:

var map = new GMap(document.getElementById("map"));
map.addControl(new GSmallMapControl());
map.centerAndZoom(new GPoint(-87.624223, 41.889923), 6);

You will notice that the page now shows a map of Downtown Chicago that is centered on our building. Next, let’s add a “pinâ€? showing the address exactly and use the fancier “zoom and pan” control. A pin is called a marker. I also will use a different control on the map. Change the code to look like this:

var map = new GMap(document.getElementById("map"));
map.addControl(new GLargeMapControl());
map.centerAndZoom(new GPoint(-87.624223, 41.889923), 6);
var point = new GPoint(-87.624223, 41.889923);
var marker = new GMarker(point);
map.addOverlay(marker);

Next, we will put a “pop-up” area on the pin that appears when you click on the pin. This is called an overlay. This is accomplished by creating a function (in this case createMarker) to create the marker. Notice that the new function has a listener for the key click.Change the code to look like this:

var map = new GMap(document.getElementById("map"));
map.addControl(new GLargeMapControl());
map.centerAndZoom(new GPoint(-87.624223, 41.889923), 6);

function createMarker(point, name, address)
{
var marker = new GMarker(point);

var html = "<b>" + name + "</b><br />" + address;
GEvent.addListener(marker, "click", function()
{
marker.openInfoWindowHtml(html);
});

return marker;
}

var point = new GPoint(-87.624223, 41.889923);
var marker = createMarker(point, "NAR", "430 N. Michigan");
map.addOverlay(marker);

Consumers really like to look at either maps or satellite images of the property, so let’s add those. This is done with the GMapTypeControl. Change you code to look like this:

var map = new GMap(document.getElementById("map"));
map.addControl(new GLargeMapControl());
map.addControl(new GMapTypeControl());
map.centerAndZoom(new GPoint(-87.624223, 41.889923), 6);

function createMarker(point, name, address)
{
var marker = new GMarker(point);

var html = "<b>" + name + "</b><br />" + address;
GEvent.addListener(marker, "click", function()
{
marker.openInfoWindowHtml(html);
});

return marker;
}

var point = new GPoint(-87.624223, 41.889923);
var marker = createMarker(point, "NAR", "430 N. Michigan");
map.addOverlay(marker);

Well, that is enough for this part of the series. I hope you are having fun so far.

Providing Google Maps of listings

Published
by
Mark Lesswing
on November 8, 2005
in Articles, Internet and MLS
. Comments

Maps are very intuitive to consumers and an excellent way render information. This is the first installment in a series dedicated to the Google Map API, one of many approaches to generating a map that shows where properties are located.

At the recent NAR Convention, members asked he how maps worked and if CRT could publish some information on the topic. This is a tall order given the variety of approaches that can be used. I have chosen to start with the Google Map API. If you like this kind of information or would like us to publish approaches using other APIs, please let me know.

Google allows you to plot property locations on a map using functions called the Google Map API. The following steps present the basics of generating your first map.

STEP 1

Register your website. You need to register with Google to use the API. To do this, go to their website to register. At this page, you should enter the URL of your website after reading and agreeing to the Terms of Use. I would like to emphasis the last point because many people click on the “agree” button without reading.

STEP 2

Create a Google account. If you don’t already have an account, follow the link on the right side of the page to “Create an account nowâ€?. You will be prompted for your email address and a password to use for your new account. As a side note, I think the Google folks did a nice job explaining why you should pick a good password.

At the bottom of this page you will also be asked to enter the word that appears on the screen (this is an example of CAPTCHA technology). Your account information will be mailed to you. You should save this information for future reference.

STEP 3

The page you should now see contains your KEY, the DOMAIN some SAMPLE CODE. We will use this information in Step 5 below.

STEP 4

Using the API is simple, but you must addresses that are “geocoded�. A geocode has latitude and longitude components. Many MLS operators have geocode information available for listings.

If your MLS does not geocode information for listings, you will need to find a way to do that to use the API. There are a number of ways to do this. Some good places to start are commercial products such as the following:

Of course, there are services that do not cost money such as:

If you are a large organization, you could also download freely available TIGER data from the U.S. Census Bureau, but why would you “reinventâ€? the wheel when if you don’t have to?

STEP 5

Put the sample code obtained in STEP 3 on your website as geocodeTest.html. If you enter the following in your browser:

http://{YOUR_WEBSITE}/geocodeTest.html

You should see a map.

The next installment will start from the SAMPLE CODE and begin to tailor it for displaying listings.

Two factor authentication

Published
by
Todd Costigan
on November 7, 2005
in Articles, MLS, Reviews and Security
. Comments

In the past year, we at CRT have been involved in many discussions about the use of two factor authentication in the real estate industry. Two factor authentication is a more secure method for user to access systems then the traditional user ID and password combination. Two factor authentication reduces the risks associated with passwords like hacking, guessing and sharing. Two factor authentication combines something you have with something you know to provide access authorization to a system - like ATMs or in real estate’s case to an MLS system. Two factor authentication also requires the use of a one time code (OTC) as the required password or part of the password when combined with a user PIN.

Within real estate there have been several implementations of two factor authentication for user access to MLS systems. Recently there have been case studies published reviewing a couple of these implementations. These studies can assist you if your investigating these alternative.

In its October issue SC Magazine reviewed an implementation at the Consolidated Multiple Listing Service in Columbia, S.C. This implementation featured the use of the Secure Computing strong authentication solution and was headed by Clareity Consulting.

Another review takes a look at the implementation of a strong authentication solution at the Mid Florida Regional MLS. The Mid Florida implementation used the RSA SecurID token and was supported by the Secure Content Group.

CRT believes that two factor authentication can play a significant role in protecting real estate information if implemented properly and for the right reasons. However, we’ve been approached by organizations who seem to be putting the cart ahead of the horse, when considering two factor authentication. In one instance, a large MLS wanted to implement a two factor solution, but would not support a policy that required members to change their password on a regular interval. They were willing to throw tens of thousands of dollars at the perceived issue, but were not willing to take a stand that required members to change their passwords because of the politics involved and push back they might receive. This does not seem like the right reason to implement strong authentication. We at CRT are in favor of standards that requires users to change MLS access passwords on a regular interval. In our experience we’ve seen the implementation of a password ‘change’ policy eliminate many ‘rogue use’ issues.

In addition to the companies mentioned above, those considering two factor authentication may want to consider companies like PortWise and Swivel. These two factor companies employ ‘token less’ solutions (utilizing a members cell phone or other mobile device) that can offer a significant saving when compared to the cost of deploying a hardware based solution like RSA and Secure Computing. A token less solution eliminates much of the expense of the hardware token and its distribution administration.

Avoid being blog bashed

Published
by
Keith Garner
on November 3, 2005
in Internet
. Comments

It seems to me that we’ve been talking about blogs a lot lately, and that blogs have been a major topic of conversation at many of the events around the annual convention last week. Most of the talk was around why you should be running a blog and how to go about it. However, there are aspects of blogging I haven’t heard many people talking about.

As we know, everyone who can set up and post to a blog has the power to speak their mind in a fairly public venue. While you may be using it to promote your business, others who have had a (perceived?) bad experience with you also can use their blog to speak against you. Since I’m not a lawyer, I won’t even pretend to go into any legal actions you could take, assuming you even have the grounds for it. I think in almost all cases its better to focus on not getting into such a situation in the first place.

An obvious question is “How do I avoid raising the ire of those bloggers I may do business with?” Jim Maule, a law professor at Villanova University, recently posted to the politech mailing list his thoughts on how to avoid being blog bashed. This was generated out of discussion about the recent Forbes anti-blog article Brouhaha.

I would do an injustice trying to summarize it, so I quote it here in its entirety:

How to Avoid Being BlogBashed:

1. Create quality products and services.

2. Sell what you advertise.

3. Make certain your products and services do what they claim to do.

4. Fully test and study your products and services before offering them for sale.

5. Disclose all risks posed to purchasers of your products and services.

6. Tell the truth.

7. Fulfill your warranty promises.

8. Don’t cut corners.

9. Comply with all applicable laws and regulations.

10. Don’t try to buy influence.

Follow those principles and the bloggers won’t have any reason to bash nor will they have anything or anyone to bash. They might even begin singing your praises without having to be paid to do so. As for the idiot bloggers who in turn lie, take the high road. Sue them. Don’t get down into their gutter. You’ll get just as dirty.

Thanks to Boing Boing where I first saw this link as one of their posts.

Also, FYI, “Politech is the oldest Internet resource devoted exclusively to politics and technology. Launched in 1994, the Politech mailing list has chronicled the growing intersection of law, culture, technology, politics, and law.”