Archive for November, 2007

The 10 Minute Interview

My friend Jeff recently bought a tanning salon. He was talking to me about some outrageous things that his employees have done (we’ll leave this for another post) and we got to discussing how to avoid hiring bad employees. Recruiting doesn’t have to be a pain and there are several job simulation options to use in your hiring strategy.

Now, hiring is obviously much different in a technical position vs. somebody who’s going to work at a tanning salon. Luckily, I have some experience in both. Back in college I used to be a manager at a local fast food place (hey, they had tuition reimbursement and paid me about 23k/year – that’s great for a 19 year old right?)

Anyway, I told Jeff that I used to do interviews in about 10 minutes with only 4 questions. He asked how and I said, it’s simple. With the right 4 questions, you’ll be able weed out all the bad employees.

So, here’s my 4 non-technical interview questions for the service industry:

1. Tell me about the worst customer you’ve ever had to deal with. Some people may not have a worst customer, so in that case you could ask: Tell me about a time you went out of the way to help a customer.

You’re looking for an answer that shows dedication to the customer. You want an employee that turns bad customers into good customers by solving their problems.

2. Tell me about a rule you disagreed with at your last job. Why? Did you follow it anyway? Here, you’re looking for somebody who understands that rules have a purpose, and what that purpose is. You want to avoid people with the “me vs the company” attitude.

3. Tell me about the best employee you’ve ever worked with, and the worst employee you’ve ever worked with. How did you deal with the bad one? What made the best one so good? Again, you want somebody who helps coach the bad employee, and somebody who recognizes going the extra mile as being a good employee. You want to skip over the candidates who start off with things like “well, there was this one bitch at my last job…” Yes, that’s a true story.

4. You observe an employee stealing, what do you do? In the fast food industry, I substituted “eating a french fry” because many candidates didn’t equate that with stealing.

And that’s it. Using those 4 questions I was able to quickly and accurately assess how well an employee would do in the job. Of course, that doesn’t take into account the required questions like “can you lift 50lbs, can you work nights, are you over 18, can you make change in your head, etc.”

I never had a bad hire using that method. Visit https://www.qualtrics.com/experience-management/employee/employee-lifecycle/ to find out how you can help your employees grow and develop their careers at your organization.

November 28th, 2007

MyHeritage Face Recognition – FAIL.

I was just playing around with the new celebrity lookalike facial recognition tool from MyHeritage (sorry, no link love since your applet links back to you too. ps, I accidentally put a nofollow in it too.)

If you ask me, it needs a lot more work. Just see below. According to them, I look like Wayne Brady and J.K. Rowling. Funny, I don’t see the resemblance to either.

This is a classic example of FAIL – although I hardly doubt it will stop legions of people from posting it on their MySpace accounts.

Of course, it does look like it’s possible to have some fun with it as well:

I’m not sure about you, but I for one don’t consider Halle Berry or Angelina Jollie dogs.

November 20th, 2007

More Signs The Michigan Economy Sucks

If you don’t live in Michigan you might not be noticing how much the economy sucks lately, but here it’s getting worse every day.

Here’s an example:

I bought my house almost 2 years ago and I got it at a bargain price since I’m part of a High Return Real Estate investment property group. In fact, the previous owner (who only lived there one year) managed to pay off their mortgage and pocket only $50 after selling. I think I got it for about 80% of the asking price.

Last spring, my neighbor died. His grandkids moved in but couldn’t afford to pay the bills so they put the house up for sale. They originally listed it at its appraised value – 130% of what I paid for my house. Knowing that I had upgraded plumbing and electrical, put in a deck, and hired a Ware water drainage company to create custom drainage solution plans for the property, I was excited about the prospects of what my house might be worth.

Not so fast..

Here we are 6 months later, and the house next door hasn’t sold. Not only hasn’t it sold, but in the month I’ve been working from home I’ve only seen 1 person come to look at it. Clearly nobody’s buying.

When I noticed they put up a “make offer” sign today, I went over and grabbed a flyer. The new asking price is about $35k less than originally listed – which brings the new list price to about 80% of what I paid for my house.

After living here for one year, the house next door is selling for less than I owe on my current mortgage.

It’s no fluke either. The neighbor on the other side of me is also selling his house for the same price, and a few doors down has resorted to trying to rent the house out after nobody put in a bid over the last 6 months.

It looks like I’m going to be stuck in this house for a long time – at least until the economy takes an upswing.

November 20th, 2007

Cleaning Up My DVD Mess With DiscSox

Anybody who’s been to my house knows that my spare bedroom is basically a small storage unit. It’s got a twin bed that I haven’t used in years, a very expensive wood desk that I haven’t used since I put a cubicle in my home office, about 1500 CDs and a couple hundred DVDs.

I’ve been slowly taking steps to eliminate this clutter – starting with the CDs and DVDs. As I’m still ripping all my CDs onto a hard drive, I started with the DVDs (which didn’t make sense to digitize.)

That’s when I discovered DiscSox. DiscSox are a DVD / CD / Video game storage system that works like a card catalog.

It allowed me to go from this:
DVD cases

To a much more space saving system like this:
DiscSox

It’s about the size of 5 or 6 DVD cases and sits nicely on top of my Bose subwoofer (as shown.)

Each “sock” holds the wraparound jacket, the inside liner notes, and up to 2 DVDs in a nice space saving design.

Here’s a picture of the sock up close, as well as the inside.

I’ve ordered 3 sets. That set pictured above is about 70 DVDs, I’ve got another 70 to go. Each tray is supposed to hold 50 (and comes with 50 sleeves) but I managed to fit 70 of them in there. I think I’m gonna do my Xbox and Wii games with this system too.

The only question that remains is what am I going to do with this extra room once I get rid of all the CDs, DVDs, and the spare bed.

November 19th, 2007

Installing gOS on a Mac Using Parallels

I know what you’re thinking: “What the hell is gOS?” gOS is a free operating system that’s now being sold on some low end Walmart PCs. At $200 the PCs are actually a decent deal for those who plan on installing a pirated copy of Windows XP. Just for fun though, I thought I’d check out gOS what it does.

The official gOS website does very little to show screenshots or explain what it does. It also does a poor job of explaining that gOS (despite the name) isn’t a Google product. Maybe they’re hoping to capitalize on the similiarity the way Michael Robertson did with Lindows. (either way, it looks like gOS is destined for a similar fate.)

Remember how Lindows Linspire used the tagline of “the world’s easiest desktop linux?” When it comes to ease of use gOS might just win here due to it’s total lack of well, everything.

Basically, gOS offers openoffice, firefox, xine, thunderbird, gimp, pidgin, and skype. It also includes “applications” like youtube, google docs, gmail, meebo, blogger, and facebook – causing some to call it a web based operating system.

Unfortunately, when it comes to the install procedure, gOS fails miserably – especially on parallels for the Mac. If you try to do it normally, the video doesn’t work and it dies.

So, here’s how to install gOS on parallels. Most of this information comes from a forum post on the parallels forum, but that post doesn’t seem to be around anymore so I’m providing it here too.

1.) Download the .iso file from thinkgos.com

2.) Create a new virtual machine in parallels. You can use the ubuntu settings since gOS is really just a stripped down ubuntu. I’m going to assume you’re already familiar with setting up a virtual machine on parallels.

3.) After booting the CD, hit F6 to go into the install options. At the bottom you’ll see a long string that ends with “splash –” You’ll want to delete that and then hit enter to install. This removes the gOS splash screen during install and lets you see what’s happening.

4.) The video problems I talked about earlier will now cause the screen to go back and forth between an ugly mess and the terminal. While it’s in the terminal, hit ctrl-c to kill that script and take you back to the shell prompt. If you wait long enough, you’ll get a warning that says the display has crashed 6 times and it will ask you to hit ok. Hit OK, and then you’ll have about 2 minutes to do the next steps. (otherwise, you have to do them between the flashing)

5.) Now you need to edit your xorg.conf file as root. Something like: sudo pico /etc/X11/xorg.conf will work fine if you know how to use pico. If you know how to use vi, the “open your xorg.conf” instruction should be enough for you.

6.) At the very end of the file, you’re going to need to enable the Xinerama option. Type this:
Section “ServerFlags”
Option “Xinerama” “True”
EndSection

Now save and exit the file. (ctrl x, y, enter if you used pico)

7.) Back at the command line, type “startx” to start up the display server. It may warn you about resolution, but it will work this time.

8.) Install the operating system by following the on screen directions.

9.) When it reboots, press ESC to get to the boot menu, and select “recovery mode” to get a shell prompt.

10.) Lastly, we need to remove gdm from the startup. Do that by typing update-rc.d -f gdm remove

Now you’re all set. type “startx” again and you should boot into gOS.

Congratulations, you’ve just installed a big pile of suck on your Mac!

here’s some screenshots:
   

2 comments November 14th, 2007

Is Your Site Sending Spam? Thousands of Volusion Sites Might Be.

If you’ve ever designed a website for a client, one of the first things they always ask for is a “contact us” form. Unfortunately, the contact form is one of the places most web developers fail on. I’m not talking about how to optimize your forms, or various sendmail programs either. I’m talking about putting an open email sender out there on the web for anybody to use.

Let’s look at a major example:

Volusion is a major player in the online shopping cart industry. According to their client gallery they host some big name sites like Crutchfield Canada and the Barack Obama Store. It’s also this client gallery that’s going to be your best tool in finding vulnerable sites.

Admirably, Volusion tries to take care of everything a webmaster could need – including a contact form. In fact, the standard installation seems to come with its own contact form. It can be found on any volusion site by going to http://www.SITENAME.com/articles.asp?ID=83 (yes, I know ID= is terrible SEO, but hey we’re not talking about SEO here)

If you want to see what I’m talking about, here’s an example on Crutchfield Canada.

If we view the source here, there’s 2 major items that stick out.

First, we see the form action:

<form name="eMail" method="post" action="emailform.asp">

And more importantly, we see the following lines of code:


<input type="submit" name="submit" value="submit">
<input type="hidden" name="email_From" value="[email protected]">
<input type="hidden" name="email_To" value="[email protected]">
<input type="hidden" name="email_Subject" value="Contact Form Submission">
<input type="hidden" name="email_ThankYou" value="Thank you for submitting your request.">
<input type="hidden" name="email_Redirect" value="">

What they’re doing here is using hidden inputs to determine the from email, to email, subject, and even the page the user sees after the email is sent. This essentially allows anybody to send any email they like.

Try it for yourself. Enter

javascript: void(document.forms[2].email_To.value="[email protected]");

‘in your address bar and hit enter, then fill out a form field and submit. You just sent email to yourself from the form.

Of course, doing this all with javascript is very inefficient. It’d be much better if I could automate a form to do this. Well, you can!

Remember that form action? It turns out, if you write your own form with the above inputs, and post it to that form – it sends the email as if it came from you.

I’m not sure if somebody’s found this vulnerability yet, but there are literally thousands of sites on the web that share it right now.

If you’re a volusion customer and don’t have access to the source code (most versions don’t come with that) the best way to fix this is to simply remove your emailform.asp file (of course, this will break your email form) Heh, I guess you could always set your form action to that of another Volusion site and send email through them too 🙂

The key lesson here is to never trust the user. Anything done on the client side (like html forms or javascript) is always vulnerable. At the very minimum here, the to email address should have been a server side variable (or hard coded into the emailform.asp.) This doesn’t protect against HTML header injection, but it’s a start. (since this form just emails the contents of the form fields, it’s also vulnerable to header injection.) You should always do some sort of server side validation against your input.

If you’re using PHP, you can learn about email form validation here. Unfortunately, I was unable to find a secure email form example in ASP using Google.

2 comments November 12th, 2007

5 day shipping MEANS 5 day shipping

I recently ordered something online. Seeing as how I don’t need it until next month, I selected the basic shipping methods (yes, it’s a Christmas present, so no rush right?)

Anyway, I was going through email backlog and got the alert that it had shipped (about 2 days ago). Out of curiousity I clicked the helpful gmail “track this package” link and was taken to Fedex tracking.

I was first shocked that my package came from Tennesee to Detroit, then went to Indianapolis for a day before coming back to Detroit. Why that was required I’m not sure, but at least it got to travel for a while.

It said that it arrived back in Detroit again at 6:00 am and at 7:30am it was “out for delivery.” Cool that was fast (especially since it got here, left, and came back)

Only problem is, I didn’t get the package. I fired up gmail again and headed over to Fedex. At 12:48 pm it had a status of “at local facility” again. The details said “package not due for delivery” and the estimated date changed to the 12th.

So let me get this straight. It was on the truck headed to my house at noon when the driver got here and said “oh he doesn’t need it yet” and drove it back to the Fedex office to be delivered on Monday.

Why on earth would that happen? I guess when your shipping estimate is 5 days, they really mean 5 days!

November 9th, 2007

demoxi beta launched

Just a quick note: we launched the public beta of demoxi. Go check it out at www.demoxi.com

November 9th, 2007

Improving Local Elections

I’d like to start out this post by reminding readers that the views expressed herein are my own, and not that of my employer – demoxi.

We’ve all heard about the voting “scandals” in the past. Places like Florida and Ohio still scare some of us. We’ve heard the calls for e-voting, and we’ve seen the current problems with it. Some of you may not be familiar with the recent phone jamming scams and what not – but all of these are problems with our current electoral system and all of this stuff is better written somewhere else on the web. I encourage you to go find and read it (after finishing this post of course!)

What we don’t often talk about though, is local elections. To be quite honest, I never cared much about the workings of local elections until recently. That reason, is that my Aunt was running for office.

I’m going to get it out of the way right now and simply say that she lost, and lost fairly. I say that now because I don’t want people to think I’m implying a scandal or something in what follows.

What I saw in the election though, was tons of room for scandal and corruption if anybody wanted to do so.

The first thing I noticed on election day was the sudden disappearance of election signs. I don’t mean that people removed them from their lawn though, many were simply uprooted and laid flat on the lawns where they once were. Most of these weren’t my aunt’s signs, but the fact that somebody was going around doing it is very unsettling.

The 2nd thing I noticed is that the person in charge of issuing absentee ballots had his name on the ballot! In his defense it was in his current job description to manage absentee ballots, but I still think somebody else should have done this. Imagine how easy it is to sway an older person into voting for you if she has no idea who either candidate is but you’re the one who handed her the ballot.

The last thing that totally shocked me is that multiple people whose names were on the ballot were also involved in counting the votes! Can you imagine a presidential election in which Bush put himself in charge of counting votes? There would be public outrage – but from what I hear it appears to be the norm in city elections.

Again, I’m not saying there was any fraud going on in the vote counting – but there was certainly room for it if somebody wanted to play dirty. I’m sure in some cities across Michigan who used these same procedures that there actually was corruption.

This is a major problem for America. I stated yesterday that your city officials vote really matters since city officials end up turning into state officials and then on to Washington. The same is true for voting procedures.

If we want to clean up and regulate the voting system, we need to start at the bottom and work our way up – nip the corruption in the bud.

November 7th, 2007

Make Sure You Vote Today

If you live in Michigan, make sure you get out and vote today! (and I’m not just saying that because my Aunt is running for clerk)

Today’s not the big presidential race you’ve been hearing so much about – which is why it’s important you vote today.

If you think your vote doesn’t count, today’s the day it does. Today’s the day you get to vote on local city policies that affect your daily life (and taxes!)

Today’s also the day that many new people get their start in politics – if you let them. So instead of complaining about not liking any of the candidates next election, do something about it by electing local officials you like today.

November 6th, 2007

Previous Posts


About Ryan Jones

Name: Ryan Jones
Alias: HockeyGod
Location: Michigan
Company: Team Detroit
Title: Sr. Search Strategist
AIM: TheHockeyGod
Pets: Who Dey

Twitter & Klout



My Websites

Internet Slang Dictionary
Fail Pictures
FeedButton
Translate British
TextSendr
URL Shortener
Bad Words
WoW Slang
Free Softball Stats

Buy My Book

Recent dotCULT Posts

Calendar

November 2007
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  

Posts by Month

Posts by Category

Subscribe To RSS Feed

Link Me





ypblogs.com