App for a Smartphone or Ipad to Scan Barcodes and Enter Into MyOps...?

[Luis R. Ramos]

I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

[RogueLeader]

No.  OpsQuals and WIMRS are closed systems, and do not allow for outside aps to access the system.

There was one for the olde WIMRS 1.0, proflight or some such, but not workable for the system as it stands. 

As you need to verify which Facility, Gear, duty assignment, emergency contact info, etc, just scanning the barcode into WIMRS isn't going to save you much time at all.

[Check Pilot/Tow Pilot]

No.  OpsQuals and WIMRS are closed systems, and do not allow for outside aps to access the system.

There was one for the olde WIMRS 1.0, proflight or some such, but not workable for the system as it stands. 

As you need to verify which Facility, Gear, duty assignment, emergency contact info, etc, just scanning the barcode into WIMRS isn't going to save you much time at all.

While you are correct that WMIRS is a closed system all you are doing here is scanning a Barcode or QRcode and inputting that into a Form.

Standby for solution without a lot of documentation

[Check Pilot/Tow Pilot]

I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon" and scan your first CAPID.
8. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.

[Holding Pattern]

I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon" and scan your first CAPID.
8. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.

9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

[Check Pilot/Tow Pilot]

I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon"
8. Scan your first CAPID using the iOS devices camera.
9. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.

[Check Pilot/Tow Pilot]

I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon" and scan your first CAPID.
8. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.

9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Use it or not, I don't care.

[Phil Hirons, Jr.]

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

AKA Drag e-services into the 2000's.

With a proper API members would create apps like this.

[Angus]

Well if you're going to use the scanner app for entering purposes to ensure no typos, you can by a barcode scanner online.  I use one at work, granted all you'll get is the Member's ID number but it's a start.

[JeffDG]

9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

[Holding Pattern]

9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.

[JeffDG]

9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.

That's what an API permits.

Once you publish an API, then anyone, vetted or not, can send and retrieve data via that API.  It's simply a matter of the user authenticating.  You cannot both publish an API and vet programs.

[Brad]

9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.

I agree it would be awesome, although I'm just trying to figure out what the difference is between using an app on a phone to scan in a barcode vs typing it in manually via the same phone on the same eservcies web page. I just scanned both barcodes on my CAP ID card and all it gives me is my CAP ID, nothing to associate that with my name. So unless the concern is that the app is secretly data-mining the returned information AFTER the CAP ID is submitted on eservices/WMIRS....well aside from it being an understandable concern, that tells me that it is a security issue that needs to be addressed on the eservices/WMIRS side as much as on the side of the developer whose app is piping processed HTML data into their app, which is the same as an end-user simply right-clicking and choosing "View Source" after a record is pulled.

[RogueLeader]

The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

You do realize that there are only about 80ish paid members at NHQ, don't you?  The rest of the staff are the same unpaid professionals that both you and I am.

[kwe1009]

9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.

I agree it would be awesome, although I'm just trying to figure out what the difference is between using an app on a phone to scan in a barcode vs typing it in manually via the same phone on the same eservcies web page. I just scanned both barcodes on my CAP ID card and all it gives me is my CAP ID, nothing to associate that with my name. So unless the concern is that the app is secretly data-mining the returned information AFTER the CAP ID is submitted on eservices/WMIRS....well aside from it being an understandable concern, that tells me that it is a security issue that needs to be addressed on the eservices/WMIRS side as much as on the side of the developer whose app is piping processed HTML data into their app, which is the same as an end-user simply right-clicking and choosing "View Source" after a record is pulled.

Agreed.  A barcode scanner is just an input device like a mouse or keyboard.  There is zero PII that can be pulled off of the CAPID barcode. 

[Holding Pattern]

9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.

I agree it would be awesome, although I'm just trying to figure out what the difference is between using an app on a phone to scan in a barcode vs typing it in manually via the same phone on the same eservcies web page. I just scanned both barcodes on my CAP ID card and all it gives me is my CAP ID, nothing to associate that with my name. So unless the concern is that the app is secretly data-mining the returned information AFTER the CAP ID is submitted on eservices/WMIRS....well aside from it being an understandable concern, that tells me that it is a security issue that needs to be addressed on the eservices/WMIRS side as much as on the side of the developer whose app is piping processed HTML data into their app, which is the same as an end-user simply right-clicking and choosing "View Source" after a record is pulled.

The app in question has access to the webpage.

[Check Pilot/Tow Pilot]

I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon" and scan your first CAPID.
8. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.

9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Show me the regulation the prohibits this.

[Holding Pattern]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

[Check Pilot/Tow Pilot]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

CAPR 110-1 read and nothing mentioned addressing this.

Article 1 and associated study was relating to third party code and the inherent risks with integrating it into company applications, not related to this.

Article 2 related to downloading apps from third party app sites, not related to this.

Again you stated that CAP would lose their ATO for .gov for an application that scans a CAPID and fills one search field. Again, show me where in the regulations that you can't do that.

If you can't then it's just your opinion and you should just state that instead of coming across as an "authority".

P.S. Just being an IT Officer at a SQ/GP, working in IT is not enough, because there are plenty of us that have that experience.

[Holding Pattern]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

CAPR 110-1 read and nothing mentioned addressing this.

Article 1 and associated study was relating to third party code and the inherent risks with integrating it into company applications, not related to this.

Article 2 related to downloading apps from third party app sites, not related to this.

Again you stated that CAP would lose their ATO for .gov for an application that scans a CAPID and fills one search field. Again, show me where in the regulations that you can't do that.

If you can't then it's just you opinion and you should just state it instead of coming across as an "authority".

P.S. Just being an IT Officer at a SQ/GP, working in IT is not enough, because there are plenty of us that have that experience.

If you want to continue espousing unsafe practices, I'll call you out on it regardless of regulation. Both of those articles explain the risks involved. Un-audited applications accessing our systems expose our systems to risk. This is information security 101.

Knowing this doesn't require being an IT officer or working in IT. Just watching the recent hacks in action should be enough.

[Check Pilot/Tow Pilot]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

CAPR 110-1 read and nothing mentioned addressing this.

Article 1 and associated study was relating to third party code and the inherent risks with integrating it into company applications, not related to this.

Article 2 related to downloading apps from third party app sites, not related to this.

Again you stated that CAP would lose their ATO for .gov for an application that scans a CAPID and fills one search field. Again, show me where in the regulations that you can't do that.

No iOS phone compromised from App Store installs. Android is another story, I don't use Android because it's a security nightmare.

If you can't then it's just your opinion and you should just state that instead of coming across as an "authority".

P.S. Just being an IT Officer at a SQ/GP, working in IT is not enough, because there are plenty of us that have that experience.

[Check Pilot/Tow Pilot]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

CAPR 110-1 read and nothing mentioned addressing this.

Article 1 and associated study was relating to third party code and the inherent risks with integrating it into company applications, not related to this.

Article 2 related to downloading apps from third party app sites, not related to this.

Again you stated that CAP would lose their ATO for .gov for an application that scans a CAPID and fills one search field. Again, show me where in the regulations that you can't do that.

If you can't then it's just you opinion and you should just state it instead of coming across as an "authority".

P.S. Just being an IT Officer at a SQ/GP, working in IT is not enough, because there are plenty of us that have that experience.

If you want to continue espousing unsafe practices, I'll call you out on it regardless of regulation. Both of those articles explain the risks involved. Un-audited applications accessing our systems expose our systems to risk. This is information security 101.

Great you agree it's your opinion, nothing more.

Back to uniform issues 😬

[Holding Pattern]

Great you agree it's your opinion, nothing more.

Back to uniform issues 😬

It's opinion that third party applications steal information from companies? So you didn't read the articles.

You'll also find it under the principle of least privilege, which is covered in the comptia security+ certification, the most basic of the vendor neutral security courses.

[Check Pilot/Tow Pilot]

Great you agree it's your opinion, nothing more.

Back to uniform issues 😬

It's opinion that third party applications steal information from companies? So you didn't read the articles.

You'll also find it under the principle of least privilege, which is covered in the comptia security+ certification, the most basic of the vendor neutral security courses.

It's your opinion that using this app to scan a CAPID and paste it into a search field will "Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure"

And that it's your opinion that "If/When CAP gets an API for WMIRS, that will be acceptable..."

You want to come across as an authority then cite regulations, if not then say it's in your opinion.

[Holding Pattern]

Great you agree it's your opinion, nothing more.

Back to uniform issues 😬

It's opinion that third party applications steal information from companies? So you didn't read the articles.

You'll also find it under the principle of least privilege, which is covered in the comptia security+ certification, the most basic of the vendor neutral security courses.

It's your opinion that using this app to scan a CAPID and paste it into a search field will "Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure"

And that it's your opinion that "If/When CAP gets an API for WMIRS, that will be acceptable..."

You want to come across as an authority then cite regulations, if not then say it's in your opinion.

No, it is my opinion that accessing government systems with unaudited software will do that. I'm fairly certain that you've not done a code review of the software or a packet analysis to make sure that the app in question is only doing what it says it does.

Put it differently, you've given this software permission to interact with a website that has my PII in it. I'm not ok with that.

[etodd]

At last month's SAREX I attended, a Cadet used a bar code scanner to check everyone in. But looking at the laptop it looked like it was just going into a spreadsheet. I 'don't think" it was straight into WMIRS. My assumption is that later that Cadet would then manually enter it into WMIRS.

Double work and inefficient. Its the government way. Always has been and always will be.  If you want to be ahead of the curve, efficient and using top of the line gear .... you're in the wrong place.

As the newbie in my Squadron, the old timers keep telling me to slow down and 'get accustomed to CAP's pace'.  As a business owner and entrepreneur who is accustomed to seeing a problem or need and jumping feet first into quickly solving the issue .... its frustrating trying to get accustomed to CAP's pace.  But I will.  LOL

[Luis R. Ramos]

Agree with you.

If it went directly into a spreadsheet to be entered later, it is inefficient.

[Check Pilot/Tow Pilot]

No, it is my opinion that accessing government systems with unaudited software will do that. I'm fairly certain that you've not done a code review of the software or a packet analysis to make sure that the app in question is only doing what it says it does.

Put it differently, you've given this software permission to interact with a website that has my PII in it. I'm not ok with that.

Great thank you for clarifying that it is your opinion I believe that it's important that when making authoritative statements in CAPTalk that we be honest and state it's our opinion unless backing it up with specific regulations or indicating that we are in a position of authority and will be making a written and disseminated policy that has been approved by the National Commander.

Since you brought it up, what PII does WMIRS have of yours?

[Holding Pattern]

Great thank you for clarifying that it is your opinion I believe that it's important that when making authoritative statements in CAPTalk that we be honest and state it's our opinion unless backing it up with specific regulations or indicating that we are in a position of authority and will be making a written and disseminated policy that has been approved by the National Commander.

Since you brought it up, what PII does WMIRS have of yours?

Those same credentials for WMIRS get you into eServices. Usually WMIRS is launched from eServices.

[Check Pilot/Tow Pilot]

At last month's SAREX I attended, a Cadet used a bar code scanner to check everyone in. But looking at the laptop it looked like it was just going into a spreadsheet. I 'don't think" it was straight into WMIRS. My assumption is that later that Cadet would then manually enter it into WMIRS.

Double work and inefficient. Its the government way. Always has been and always will be.  If you want to be ahead of the curve, efficient and using top of the line gear .... you're in the wrong place.

As the newbie in my Squadron, the old timers keep telling me to slow down and 'get accustomed to CAP's pace'.  As a business owner and entrepreneur who is accustomed to seeing a problem or need and jumping feet first into quickly solving the issue .... its frustrating trying to get accustomed to CAP's pace.  But I will.  LOL

etodd, just FYI I've never gone at a slow pace in CAP and I've never listened to old timers that told me to slow down.

This organization needs hard chargers just like any organization.

I was the DC in my first year and CC in my third.  I've only been in for seven years and you can see what I've done below.

[PHall]

At last month's SAREX I attended, a Cadet used a bar code scanner to check everyone in. But looking at the laptop it looked like it was just going into a spreadsheet. I 'don't think" it was straight into WMIRS. My assumption is that later that Cadet would then manually enter it into WMIRS.

Double work and inefficient. Its the government way. Always has been and always will be.  If you want to be ahead of the curve, efficient and using top of the line gear .... you're in the wrong place.

As the newbie in my Squadron, the old timers keep telling me to slow down and 'get accustomed to CAP's pace'.  As a business owner and entrepreneur who is accustomed to seeing a problem or need and jumping feet first into quickly solving the issue .... its frustrating trying to get accustomed to CAP's pace.  But I will.  LOL

etodd, just FYI I've never gone at a slow pace in CAP and I've never listened to old timers that told me to slow down.

This organization needs hard chargers just like any organization.

I was the DC in my first year and CC in my third.  I've only been in for seven years and you can see what I've done below.

And I predict burnout by 10 years and non-renewal by 12 years.   
Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

[etodd]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And thats a shame. In most other organizations, they are usually the one's with the most spark, imagination and have the best 'lets get it done' attitudes. And the ones that usually, because of their enthusiasm, can bring in the most new members.

But, its not the CAP way. I'll get accustomed.

[etodd]

Very few last longer then 10 - 12 years.

Yet probably accomplish and contribute more in those 10 years than most who stay 30-40 years.

Longevity only counts when measuring seniority in a union job. LOL

[Eclipse]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And that's not enough?  Is dying in office the only way to "win" CAP?

How long is the average military career?  Civilian employment?

A - significantly less on both counts these days then 10-12 years.

Putting in a decade of "hard charging" and then moving on to "other" or "couch" shouldn't be viewed
as "quitting".

If CAP had more folks in for a 10-spot who could leave with a smile, instead of the small number
who hang on just to keep the doors open, CAP would be a lot better off and have a much better reputation
among alumni.

[Check Pilot/Tow Pilot]

At last month's SAREX I attended, a Cadet used a bar code scanner to check everyone in. But looking at the laptop it looked like it was just going into a spreadsheet. I 'don't think" it was straight into WMIRS. My assumption is that later that Cadet would then manually enter it into WMIRS.

Double work and inefficient. Its the government way. Always has been and always will be.  If you want to be ahead of the curve, efficient and using top of the line gear .... you're in the wrong place.

As the newbie in my Squadron, the old timers keep telling me to slow down and 'get accustomed to CAP's pace'.  As a business owner and entrepreneur who is accustomed to seeing a problem or need and jumping feet first into quickly solving the issue .... its frustrating trying to get accustomed to CAP's pace.  But I will.  LOL

etodd, just FYI I've never gone at a slow pace in CAP and I've never listened to old timers that told me to slow down.

This organization needs hard chargers just like any organization.

I was the DC in my first year and CC in my third.  I've only been in for seven years and you can see what I've done below.

And I predict burnout by 10 years and non-renewal by 12 years.   
Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

Not this cat. I did 23 years in the Royal Canadian Air Cadets, concurrent 15 years in the Royal Canadian Air Force all as a hard charger. I've done all I can in CAP ES now it's over to DOV.

I love CAP, besides where else can I fly over 100 hours of meaningful flying for my community and country.

[Check Pilot/Tow Pilot]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And thats a shame. In most other organizations, they are usually the one's with the most spark, imagination and have the best 'lets get it done' attitudes. And the ones that usually, because of their enthusiasm, can bring in the most new members.

But, its not the CAP way. I'll get accustomed.

I disagree, be enthusiastic when recruiting new members, and you will attract members like yourself. Soon you will be surrounded by a core of like members. Long in the CAP tooth members will get excited by the enthusiasm. This is what we did in our Squadron. We work hard and we play hard.

[Check Pilot/Tow Pilot]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And that's not enough?  Is dying in office the only way to "win" CAP?

How long is the average military career?  Civilian employment?

A - significantly less on both counts these days then 10-12 years.

Putting in a decade of "hard charging" and then moving on to "other" or "couch" shouldn't be viewed
as "quitting".

If CAP had more folks in for a 10-spot who could leave with a smile, instead of the small number
who hang on just to keep the doors open, CAP would be a lot better off and have a much better reputation
among alumni.

Since that fun day at NESA you have always been the voice of reason 😄

[Storm Chaser]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And that's not enough?  Is dying in office the only way to "win" CAP?

How long is the average military career?  Civilian employment?

A - significantly less on both counts these days then 10-12 years.

Putting in a decade of "hard charging" and then moving on to "other" or "couch" shouldn't be viewed
as "quitting".

If CAP had more folks in for a 10-spot who could leave with a smile, instead of the small number
who hang on just to keep the doors open, CAP would be a lot better off and have a much better reputation
among alumni.

I agree. I was a "hard charger" for many years. When my participation and interest started dwindling, I let my membership lapse. I then got involved with other things. I came back a few years ago and became a "hard charger" again. But I realize now that I can't keep this pace forever without burning out. At some point in the future either I'll slow down or move to other things. Were my years of service and contributions any less significant if I decide to take a break and try other things? I hope not. CAP is a great organization, but it doesn't need to become our lives and biggest/only priority.

[JeffDG]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

Like any web browser available right now?  They now have "unaudited" access to CAP systems.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.

OK, so we're killing access to Firefox, IE, Chrome, Chromium, Opera, etc. then?

[JeffDG]

No, it is my opinion that accessing government systems with unaudited software will do that. I'm fairly certain that you've not done a code review of the software or a packet analysis to make sure that the app in question is only doing what it says it does.

Put it differently, you've given this software permission to interact with a website that has my PII in it. I'm not ok with that.

You've done a code-review and packet audit of IE and Chrome then?

Because those are just as much "third party applications" as IMS or anything else.

[Check Pilot/Tow Pilot]

No, it is my opinion that accessing government systems with unaudited software will do that. I'm fairly certain that you've not done a code review of the software or a packet analysis to make sure that the app in question is only doing what it says it does.

Put it differently, you've given this software permission to interact with a website that has my PII in it. I'm not ok with that.

You've done a code-review and packet audit of IE and Chrome then?

Because those are just as much "third party applications" as IMS or anything else.

And all of the Add-in's and Extensions for Chrome and Firefox. Humm, for me that would be all the extensions that I use for my Managed Service Provider business, Web Development and SEO: So Firebug, Lastpass, ChromeDev, MozBar, WooRank, PageLoadTime, Wappalyzer, TeamViewer oh and my GMT clock

[JeffDG]

No, it is my opinion that accessing government systems with unaudited software will do that. I'm fairly certain that you've not done a code review of the software or a packet analysis to make sure that the app in question is only doing what it says it does.

Put it differently, you've given this software permission to interact with a website that has my PII in it. I'm not ok with that.

You've done a code-review and packet audit of IE and Chrome then?

Because those are just as much "third party applications" as IMS or anything else.

And all of the Add-in's and Extensions for Chrome and Firefox. Humm, for me that would be all the extensions that I use for my Managed Service Provider business, Web Development and SEO: So Firebug, Lastpass, ChromeDev, MozBar, WooRank, PageLoadTime, Wappalyzer, TeamViewer oh and my GMT clock

Not to mention you can download the source code for the Chromium project, make whatever changes you want and create your own build.  I'd bet good money that WMIRS will let you browse anything you like with such a build.

Lastpass feeds my CAPID and password into WMIRS all the time!

[Check Pilot/Tow Pilot]

No, it is my opinion that accessing government systems with unaudited software will do that. I'm fairly certain that you've not done a code review of the software or a packet analysis to make sure that the app in question is only doing what it says it does.

Put it differently, you've given this software permission to interact with a website that has my PII in it. I'm not ok with that.

You've done a code-review and packet audit of IE and Chrome then?

Because those are just as much "third party applications" as IMS or anything else.

And all of the Add-in's and Extensions for Chrome and Firefox. Humm, for me that would be all the extensions that I use for my Managed Service Provider business, Web Development and SEO: So Firebug, Lastpass, ChromeDev, MozBar, WooRank, PageLoadTime, Wappalyzer, TeamViewer oh and my GMT clock

Not to mention you can download the source code for the Chromium project, make whatever changes you want and create your own build.  I'd bet good money that WMIRS will let you browse anything you like with such a build.

Lastpass feeds my CAPID and password into WMIRS all the time!

Or you can download any of the myriad browsers on multiple platforms to access WMIRS or eServices.

Love Lastpass!

[JeffDG]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

So, is that a "No, I can't cite a rule that would result in CAP losing their .gov access"

Hell, I interfaced my TurboTax with the IRS this year to file my taxes.  That's a "third-party, unaudited" system that has a helluva lot more PII than a volunteer created app to make WMIRS actually functional.

[Check Pilot/Tow Pilot]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

So, is that a "No, I can't cite a rule that would result in CAP losing their .gov access"

Hell, I interfaced my TurboTax with the IRS this year to file my taxes.  That's a "third-party, unaudited" system that has a helluva lot more PII than a volunteer created app to make WMIRS actually functional.

I just realized that I use CAPFlightPro to enter W&B and e104 info in WMIRS and it has not gone through a code review either 😔

[Holding Pattern]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

So, is that a "No, I can't cite a rule that would result in CAP losing their .gov access"

Hell, I interfaced my TurboTax with the IRS this year to file my taxes.  That's a "third-party, unaudited" system that has a helluva lot more PII than a volunteer created app to make WMIRS actually functional.

I just realized that I use CAPFlightPro to enter W&B and e104 info in WMIRS and it has not gone through a code review either 😔

Excellent. I'll use all of these examples as methods to follow in building CAP technology and discard my previous comments.

[Spaceman3750]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

So, is that a "No, I can't cite a rule that would result in CAP losing their .gov access"

Hell, I interfaced my TurboTax with the IRS this year to file my taxes.  That's a "third-party, unaudited" system that has a helluva lot more PII than a volunteer created app to make WMIRS actually functional.

I just realized that I use CAPFlightPro to enter W&B and e104 info in WMIRS and it has not gone through a code review either [emoji17]

Excellent. I'll use all of these examples as methods to follow in building CAP technology and discard my previous comments.

If you're in a position to build CAP technology I have some suggestions...

[Check Pilot/Tow Pilot]

Excellent. I'll use all of these examples as methods to follow in building CAP technology and discard my previous comments.

Great we are going to only allow IE with .NET and ActiveX with 2-Factor authentication while using the Cone of Silence 

Just remember to assess what is the risk of a data breach and note that Higher Security usually means Lower Usability.

Is there anything more than Names and Phone numbers as PII in WMIRS and eServices? Oh yes my date of promotion to Lt Col

[Holding Pattern]

Excellent. I'll use all of these examples as methods to follow in building CAP technology and discard my previous comments.

Great we are going to only allow IE with .NET and ActiveX with 2-Factor authentication while using the Cone of Silence 

Just remember to assess what is the risk of a data breach and note that Higher Security usually means Lower Usability.

Is there anything more than Names and Phone numbers as PII in WMIRS and eServices? Oh yes my date of promotion to Lt Col

As I've said, I'm using your guidance now. Thank you, and have a nice holiday.

[etodd]

If you're in a position to build CAP technology I have some suggestions...

Building the technology is the easy part. Getting an agency run like the gov't does to adopt it means you'll be dead and gone first. LOL

[kwe1009]

If you're in a position to build CAP technology I have some suggestions...

Building the technology is the easy part. Getting an agency run like the gov't does to adopt it means you'll be dead and gone first. LOL

Or whatever technology that you developed has become obsolete by the time it is "govt approved."