Tag Archive for 'edi'

Latest News / Articles
 
03
Sep

penny wise, pound foolish…

By Craig Dunham Comments
Categories: Articles, EDI General, EDI News, EDI Software and Other Blogs Tags:

The old saying used as a title for this blog relates back to an earlier and simpler time – before EDI, that’s for sure – and relates to British currency.  They have the Pound and the Penny and even a Half-Penny, too.  But this was all brought about by topic in the Inovis Trusted Link group (over on Yahoo!) that got Me to thinking about AS2 and costs and related things – again.  Not that I think about AS2 a lot, but…

Anyway, the original poster over there was wondering on where he could receive some “AS2 training” – and everybody then kind of went off into the “oh, we use ______ for our AS2 connection and love it!” kind of comments – but very few seemed to offer an answer to the poster about his question – AS2 TRAINING.

Like there is such a thing!

“But, wait!” You say.  “What does this have to do with being ‘Penny wise and pound foolish?”  I’m getting there, I’m getting there.

Seriously, though, let’s take a look at what AS2 really IS.  It’s a method of communications.  It’s a way to connect.  In a nutshell, AS2 is (from Wikipedia):

“Applicability Statement 2 (AS2) is a specification about how to transport data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.”

I kind of liken AS2 to DSL/broadband connectivity for surfing the net vs. the “old” dial up that is BSC.  It’s connecting to our trading partners via the same protocol that governs the Internet – the place we surf, download and blog – Hyper Text Transfer Protocol (HTTP).

And did you really need any kind of “training” when you started using your DSL – or your wireless broadband or your cable modem or your ____ connection to the internet…?  Nope.

But back to AS2 and what it’s all about.  AS2 is just a way for us to send data over the internet connection (HTTP) from one system to another.  No muss, no fuss, no bother.  And in some cases – or as many would lead you to believe – at no cost.

But, wait a minute!  Hold on there!  There ARE some costs involved in AS2 communications…!

When it comes to communications – sending our EDI information back and forth – so many people seem to focus solely on the concepts of the “per KC charge” or fee structure for trading data.  Inovis, GEIS, AT&T, Sterling, ICC, and all the rest, charge us (generally) a flat fee for each KC we send or receive.  Depending on how you’ve set up your contract, you may get a flat fee – say, $4000.00 a month – for a flat amount – say 50,000 KCs – of data you send or receive.  Then, after that, they charge you an “over-limit” fee of 5 cents a KC – or more or less – depending upon your contract.

With AS2, those KC charges all go far, far away…  But, what so many seem to forget – or if they’re selling – want you to forget – are the OTHER charges that can be and are associated with AS2.  Depending on what system(s) you may use to translate and transmit your data, there could be some licensing fees associated with setting up AS2.  Maybe, just maybe, your software provider allows one AS2 connection for “free” but charges a license fee for each and every AS2 connection over and above that “freebie”.  Some may not even have AS2 built into their system and you need to “add” programs or modules to your EDI application to get AS2 connectivity.

Then you get to think about the wondrous wonder of the Internet and connectivity – BANDWIDTH.  If you have a narrow “band” for your Internet connection, then this additional data may clog that tunnel.  Just think of the scenes from “Independence Day” and how Will Smith’s girlfriend (fiancé?) was caught in the tunnel as Los Angeles was being blown to bits by the invading alien horde and her and her kid and the dog were trapped in the tunnel as the fireball of alien laser energy was blowing LA apart.

Now, while your bandwidth may not be as limiting as a 2 lane tunnel in LA, it can still have some limits.  And congestion in your tunnel may not be as dire and deadly as it was in “Independence Day” – lives may not be wiped out in seconds.  But it can cause you problems with your ISP if they only give you a limited bandwidth per month.  Now you’re over and you’re getting charged for that overage.

Then there’s the concept of labor…  And right after Labor Day, too.  But there is the cost of the man-hours (or woman-hours!) it takes to set up those connections and maintain those connections.  It may only take a few minutes to set up those AS2 connections and maybe a few more to test that connection, but there are still some costs involved.  And then what if Jane AS2 Master quits and you hire Joe EDI Master who knows NOTHING of AS2 and has to learn by the seat of his pants, on the fly, as he goes along?

Plus, here’s another wrinkle in the smooth fabric of cost – wrong, bad, or error data…  Let’s say that ABC Company’s newest shipping clerk created a shipment (and, therefore, generated the ASN) for a shipment, but missed an entire pick-sheet of cartons in the truck or container.  Once he’s hit send (or whatever) and that shipment notification is generated, he can’t go and fix it – without RESENDING that ASN – corrected, of course.  So now you’ve got 2 documents – one is missing information that the other document contains.  Sure, if the EDI system at ABC Company is set up correctly, that new ASN is sent out as a replacement, but how does YOUR system handle it…?  Does it just delete the old record and rewrite the new record?  Or do you have 2 records in your system…?

So many people and companies seem to focus on the pennies of the situation those darn “per KC charges” and then lose track of the big bucks of the EDI process and programs and all of the other systems that EDI touches.

It’s the same when you get that sales call from some network or VAN claiming they can save you up to half of your VAN costs!  WOW!  Sign Me up!  But, wait a minute!  What about those other costs…?  Beyond those pesky KC charges?  Don’t they matter, too?

The sales folks at those other VANs and providers aren’t thinking about your total dollars – they’re just hitting you with the easiest cost to argue – the KC charge.  They know it’s a high-profile cost of EDI.  It’s one that you have to justify every time the contract comes up or the bill needs approval.  But what of those other costs…?  The costs of downtime – what happens when the network is down…?  What about the time you’ll have to spend on trading partner notifications?  What about the time you may have to spend on reconfiguring your communications systems – or even worse – the translation set up.

So, basically, the concepts of just saving a few cents here or there on KCs are very Penny Wise, Pound Foolish.

Author: Craig Dunham - EDI Coordinator @ Big 5
Read more about Craig here: http://editalk.com/contributors/
19
Aug

right hand, meet left hand… now… who’s doing what..?

By Craig Dunham Comments
Categories: Articles, EDI General, EDI News and Other Blogs Tags:

In some recent readings on other websites - geez, you’d wonder if I actually have a job with all the reading and blogging I do - there have been recent posts, blogs, commends, entries and more, about how it seems like the old adage about the right hand not knowing what the left hand was doing is still alive and well and with us today - no life support needed…

Over on the EDI-L board, one of our own forum members, Earl, was discussing - well - venting - about his current client and some issues with testing through one of those 3rd party EDI providers (won’t mention any names!)…  But if you read it, you know.  Anyway, part of this goes back to the trading partner of his client - we’ll call them ABC COMPANY, INC….  So, in good faith and in following with the concepts of implementation, Earl’s been working to complete the testing for his client to trade with ABC Company.  Now it turns out that the division at ABC Company that they’ve been testing for has been sold off to another company - XYZ, LLC.  And now testing is no longer needed.

Forget about the costs that the client has encountered in testing with the EDI provider.  Forget about the costs that have been incurred in paying for Earl and his services…  Forget about all the OTHER trading partners (like Earl’s client) that have also been testing…  And let’s not forget that mergers and acquisitions don’t happen overnight in the world of big business.

How does this relate?  Well, if the EDI department at ABC had KNOWN that this division was to be sold off, why where they so hot-n-heavy about testing and compliance…?  Why was ABC forcing all these possible trading partners - remember, the tale was from Earl - through this fairly expensive testing program…?  And, from what I’ve heard - this provider does have one of the most expensive testing programs out there.  But still, why was the EDI group forcing the testing when the division was in the process of being sold and testing would no longer be needed until XYZ, LLC, takes over and decides what THEY want to do…

It’s a case of the right hand not knowing what the left hand is doing.

On another site, a blogger was commenting on the differences between the “sides” of EDI - the Technical vs. the Business.  In other words, how, in days gone by, an EDI Coordinator - or manager or whatever - needed to grasp both the Technical side of EDI - how to format the data and make it get to the trading partner - and the Businessside of EDI - understanding how the different groups or departments would be using the data…  They had to attend business meetings with those departments to find out how the data was going to be used - in or outbound.

These days, our blogger contends, with the plethora of outsourcing of EDI functions, it seems that one side of the equation isn’t being met.  The technical aspect is being taken care of by the EDI outsourced provider, but the Business side of the equation is now being handled by … who?  Obviously, somebody at the company is handling it - but who?  An accounting clerk?  A buying clerk?  Some secretary..?  Or how about a shipping or warehouse manager or clerk?  There’s a point in there about the disconnect.

It’s a case of the right hand not knowing what the left hand is doing.

Another blogger on that same site talks about the “800 lb gorilla” in EDI - generally, the “hub” or, in My case, the retailer, that’s calling the shots.  I’ve talked about that gorilla before.  But this blogger talked about how the company, a retailer, was requiring a specific EDI document - the 846 - and how they (the supplier - the company our blogger was working with/for) was getting hit with a ton of chargebacks because one data element was wrong.  We’re then told of the trials and tribulations - and 3 week timeframe - of trying to solve the issue and complete testing the fix.

What I don’t understand, however, was how the error was missed during the initial testing for the document to begin with.  But I’m digressing.

Turns out that our blogger finds a phone number (after hunting and searching through the wilderness of the hub) and gets in contact with an overseas (outsourcing!) “tech support” - and the 1st level support has no idea about what EDI is.  They finally get in contact with 2nd level support (which has some rudimentary EDI concepts and knowledge - and they’re given the contact information for the EDI testing coordinator.  They call this other person - only to find out that he/she is out of the office for “a few days”…  Now they are weeks into trying to get this resolved - and the supplier is STILL receiving and paying these chargebacks for a wrong format for a data element.

A case of the right hand and the left hand, not knowing what the other is doing.

Even in non-EDI concepts this can be true.  My own company is building some new offices… Or, rather, they’re tearing some out to build more.  But instead of - oh, I don’t know - scheduling the work for times when there would be a limited number of people around, it’s happening right now.  And a major connecting hallway is closed off for a few hours.  Which means that the employees need to go outside, through one door, come back in through another, only to bypass this hallway that has the work being done.

Or the issue of printers - taking them down for repairs or maintenance - or even changing printer servers - and not letting anybody know.  Instead, an employee prints out some important document - an e-mail, a 200 page report his boss needs, something - only to find that the printer he was printing too is no longer online and is now installed on a different server.  Now he’s got to go back and re-create that report or e-mail and print to the new printer - only after, of course, it’s been mapped to be used by his system…

More cases of the right hand not knowing what the left hand is doing.

We can see this concept in everyday living, too, just by reading/watching/hearing the news or driving down the road, or shopping in a store and more.  We can see many times when somebody doesn’t know what somebody else is doing…  Or how, through somebody’s in-action - lack of action - causes somebody else to have problems and negative impacts abound.  Somebody forgets to clean up a spilled soda and somebody else slips and falls…  Somebody is yakking on a cell phone and doesn’t realize the light is red and slams into somebody else… 

All cases of not knowing what’s being done by the other.

How can we help to solve these issues?  Maybe by communication?  Maybe by sending messages to each other - right hand to left hand - letting somebody know what somebody else is doing.   Maybe by paying attention to what’s going on, as well.  Taking some of that responsibility of knowing what that somebody is doing - or observing that situation - and not blindly walking (driving) into that situation…

Maybe, in Earl’s case, it could have helped if he’d been reading the news about ABC Company and read that they were selling that division to XYZ, LLC….  That might have helped him….    Maybe if our blogger’s companies were paying more attention to the concepts of Business and Technical sides of the argument, or were making sure that they were not using a wrong format - maybe that could have helped them?

Sometimes, in life, we have to think outside of the box - think outside the bubble we’re in - and realize that there are others out there and we may have to interact with them outside of the scope of our box or bubble…  We have to take off the blinders of a project and look at the broader impact of our actions - or reactions - and how they’re going to affect what’s going on.

If our left hand is wildly wielding a hammer, it’s probably a good idea for the right hand to pay attention to the path of that hammer and stay out of the way - lest the right hand gets a smashed thumb…

Author: Craig Dunham - EDI Coordinator @ Big 5
Read more about Craig here: http://editalk.com/contributors/
13
Aug

I’ll gladly pay you Tuesday for a hamburger today…

By Craig Dunham Comment
Categories: Articles, EDI General, Industry News and Other Blogs Tags:

On another one of My readling places - the EDI-L group on Yahoo - and the topic came up about “who pays” for what…  The topic-starter was looking for some kind of “best practices” in the EDI world when it comes to new implementations.  I think a lot of the people are viewing this from the “dating” point of view - that the person who asks for the date is the one that pays for the date…  Basically, if I was to call you up and ask you to go out with Me to dinner and a movie - or drinks and dancing - or supper and se…  wait, keep that one quiet… anyway, if I’m doing the asking, I should be doing the paying…

But that’s not truly the case when you’re talking about EDI.  When it comes to EDI, I’m doing the asking - “Hey!  I’d like to send you our PO and get an ASN and an Invoice back, electronically.  Are you game?” - but you’re doing the paying…  At least in My world - the world of retail trade.  I’m requesting you to change the way that we do business and accept My orders for your products electronically - instead of via fax or mail or carrier pigeon or crazy, downtown bike messenger - which will, in turn, save us both money (money, money, money… it’s a rich man’s world!), because we’ll be able to get rid of some of those leased phone lines (for the fax) and cut down on postage (the mail), nearly eliminate our budgets for bird seed (the pigeons) and harrowing clean-up expenses from those sweaty Lycra clad bikers…  It will also save us money because we won’t have nearly the same kinds of expenses for error resulotion when an order is keyed in wrong by that pretty - but dense - eye-candy and boss’ kid data entry operator over in customer service…   

Now I’m not saying that all (or even most) data entry people in customer service are dense - or lack-luster kids of bosses - but you know what I mean…

All it can take is just one key-stroke to completely alter an order.  I’m ordering, for example, 1000 Widget A (style W-A1) in blue (color 001) and it gets keyed as 10000 Widget 1 (style W-1A) in black (color 010).  You can see how easy it is to muck up an order with just an extra ZERO (10,000 instead of 1,000) or transposed data (style A1 vs 1A - or color 001 vs 010)…  We NEVER sell your black Widget 1, as nobody orders that from us.  And even if we sold a few - just because they’re new and novel - we still have over 9000 of ‘em in stock and what-the-hell-are-we-gonna-do-with-’em…?  So we submit an RTV request and you pay for shipment of the goods back and you credit us the difference and so on and so forth….  It’s all on your side of things.

If the order had been sent via EDI, the order goes in as we sent it - 1000 qty W-A1 in 001 - no muss, no fuss, no errors… unless they’re on OUR end.

But I’ve gotten a bit far afield in the details again.  Back to “who pays” for EDI….

In the retail world, I’m a HUB.  I’m the guy sending the orders and receiving the product and selling the Widgets on to the wide and wildly waiting world of Widget wovers…  LOVERS…  I’m the guy in the driver’s seat.  I’m telling you (via My 850 PO spec) that I’m going to send you an order and it’s going to contain this information and this other information and, oh-yeah, that other information over there.  And I’m going to request - no, REQUIRE - that you send Me an 856 ASN when the order is ready to be shipped.  AND I’ll accept your 810 Invoice electronically - again, all in the name of ease and cost reductions and error management.

Basically, it’s a cost of doing business… for YOU.  My costs of doing business are having a chain or stores (ok, maybe just 1 - Wally’s World of Widgets for Widget Lovers - hey!  got it right!) and hiring employees and buying cash registers and store fixtures and paying for ads in the local paper and rent on a location and all the other things that go along with it…  Sure, you could justify that it’s a cost of doing business for Me, too, but you need to think of it differently… You need to put yourself into My shoes…

So you’re Willy’s Wacky Widgets - and you make and sell a wonderful array of widgets… different colors, sizes and shapes… and you sell those widgets to your customer base - Widget retailers.  You sell them to Wally, Wayne, Wanda, Wu, Wendy, Weaver and Bill…  That’s William.  Then it’s the job of Wayne, Wally, Wanda, Wendy, Wu, Weaver and William (Bill) to sell the widgets to the final customer - Wilma, the world’s most well known and renowned Widget owner, who lives in Walla-Walla, Washington. 

Now, in this, you’ll notice something - we’re both selling a product (widgets) to a consumer (you to Me and Me to Wilma).  Of course, you’re a wholesaler of widgets and I’m a retailer.   The only difference is the price.  But, see, I’m your customer.  Without Me, who would you sell your widgets to?  You don’t sell them directly to Wilma (although, of course, you could!), but without Me - you’ve got no customer base.  So you sell to Me - your CUSTOMER.

And the fact that I’m your customer means a lot.  In the retail trade, there’s an old axiom:

1 - the customer is always right.

2 - when in doubt, see rule #1 (above).

Basically, it means that the customer - Wilma to Me and Me to you - is the one that is truly driving the transaction.  Wilma has the cash to buy the widgets from Me and I’ve got the cash to buy them from you.  You, on the other hand, have the knowledge, equipment and supplies to create and provide those widgets to Me so that I, in turn, can provide them to Wilma in Walla-Walla and make her wonderfully happy.

The cost of the EDI - the testing, compliance, implementation - are yours.  At least for your side of things.  I wouldn’t expect you to pay for My set-up fees and implementation costs - as they’re a cost of doing business for Me.

Let’s spin this off in a slightly different direction - you package the widgets 50 to a carton.  That carton is a cost of doing business for you.  Are you going to charge Me for that carton?  Don’t think so.  Instead, you’ve figured a way to build that cost of the carton into your overhead - into your manufacturing costs - so that you’re covered for those costs. 

But you say “Hey!  Hold on now!  Wait a minute!” and you tell Me how I’m still paying for those cartons - in that I pay 1/10th of a cent for each widget to cover your costs of the cardboard cartons.  And, sure, you have a point - but it’s not truly a cost of doing business for Me.  It’s just part of the cost of the goods I’m buying - just like My overhead for the chain of widget stores is figured into the price I’m selling that widget to Wilma for in Walla-Walla.

So in the “who pays for what” equation, YOU pay for the costs of implementing and doing EDI with Me - just as I pay My side of those same costs of doing EDI with all of My suppliers and vendors.  I’m the 800lb gorilla in the room - I’m the one that has the control- or at least more of it - in this deal.  I’m the hub, I call the shots, I’m the driver.

At least that’s how it is in the world of widget retail.  But, as I’d posted over on the EDI-L group, it’s probably more of an “industry specific” kind of thing - that healthcare has different practices (best or not!) than retail has and they’re different from banking/finance which is different from universities and eduction which is different from … well, you get the idea, right?

So, on to your side - who pays for what…?  And where are we going to dinner…?

Author: Craig Dunham - EDI Coordinator @ Big 5
Read more about Craig here: http://editalk.com/contributors/
08
Aug

It’s all for nothing if you don’t have freedom.

By Craig Dunham Comments
Categories: Articles, EDI General and training Tags:

One of the things you may have noticed about Me when I blog, is that I tend to find a quote or a saying or a song lyric or a … something … that makes sense and drives My thinking.  The title of this blog comes from the 1995 film by (and starring) Mel Gibson called “BRAVEHEART“.  For those that don’t know, it’s the story about fighting for freedom in Scotland in the … 1500s?  One of the more “famous” quotes is when Mel Gibson yells out something about how they may kill them (the Scots) but they’ll never take their freedom!

Freedom, however, in something as strict and regimented as EDI may seem like a far fetched notion, but it’s there.  Sure, we’ve got those lovely guides - those HUGE books - of standards and “rules” for the data we’re sending - depending on the document - that tell us what we can send and how it should be formatted and all the rest.  Those standards tell us we should send this information in this loop in this segment in this element and it should be between 2 and 30 characters in length.

But in that rigidity - in that structure - there’s still some freedom.  Just look at the last sentence in the above paragraph - we’re given some freedom in the data - that it can be between 2 and 30 characters.  So there’s some freedom right there.  Then there’s is such a plethora of data and information we can include - information and data that just may not seem like it belongs in the document we’re using.  But we can include it.

We can even have some freedom in what we use to separate our data - whether an element seperator, a segment terminator or whatever.  We have a choice of characters we can use and put into the data flow to show where this piece of data ends and the next begins.

Then, of course, we have a wonderful MSG segment - in which we can include all sorts of “free form” data that can be anything we want to include.  Again, more freedom.  More abilities and places to put information that doesn’t “fit” any one of the stricter and defined elements and segments of the document.  We can send anything - and I mean ANYTHING - in an MSG segment that may be of use to us (as the sender) or to them (our trading partner - the receiver)…  It could be a “please pack in pretty pink boxes” or “have a happy Friday” or “this information is solely for the use of the receiver” or … well, you get the idea. 

And that freedom is an important part of EDI.  Just as freedom is an important part of nearly every aspect of our lives - from where we live, what we do for a living, who we love, what we drive, what we wear and so on.  However, there are times that those freedoms can be curtailed.

Maybe your employer enforces a dress code - you can only wear dark colored slacks, white shirts and simple, mono-chromatic ties.  You can’t have facial hair.  You have to wear black shoes.  You can’t have any personal stuff on your desktop.  Shades of “9 To 5” - an 80’s-era gem of a movie with Jane Fonda, Lily Tomlin and Dolly Parton…  Where the workers rebel against their boss and take control of the division and suddenly life is good and it’s a better place to work!  Ties back into that freedom that William Wallace (Gibson’s character in “Braveheart“) wanted so desperately for his fellow Scots.

These attempts at conformity can truly alter - and not always for the best - the way that the job can function.  If, for example, that MSG segment wasn’t allowed in EDI - and if it was confining and restrictive - we wouldn’t be able to send some of the information to our trading partners that ARE important.  For example - we request that many of our vendors apply pricing stickers to our products.  And we request a certain format and that they include certain information - such as our internal CLASS of the item - on that price tag.  And we use a MSG segment to get that information across to them.  We send, in the PO Item loop a MSG segment with that class number as the data - and we even use another MSG segment to let them (our trading partners) what that MSG segment contains - the data needed for “TICKET ID”.

Sure, I could probably find something in the PO1 line item that I could use to get that data transmitted from My side to theirs, but it’s just … easier … to use the MSG segments, instead.  Maybe there’s not a perfect fit in the existing standards that will “match” up to our CLASS code.  There may be similar things - but maybe I’d rather have the freedom to use that element or data code later on.  Maybe I’ll suddenly have to start sending some other piece of data that the “similar” element was originally intended for.  Where’s the freedom in that?

By putting forward too many restrictions - too many rules - too many standards - you limit what you’re able to do.  You limit what can be done with the data or what you’re sending.  You limit your ability to effectively communicate - and to effectively work - and to effectively get your ideas and points across.  What if I wasn’t able to use movie quotes and song lyrics in My thought process?  You’d not be reading this blog - or - worse yet - it would be boring, dry and as exciting as a textbook on “Analyzing Algorithms about Data Trends in Modern Day Accounting” or something just as … exciting.

Some people have claimed that XML is the “NEW FUTURE” for EDI and that we don’t need standards and we don’t need rules and governing … committees … to tell us what we can and can’t send and how to format it.  They see EDI standards as … constricting … and they can’t see the freedom that is allowed them.

There is freedom all around us in EDI.  The trick is to find it and take it.

“It’s all for nothing if you don’t have freedom!”

Author: Craig Dunham - EDI Coordinator @ Big 5
Read more about Craig here: http://editalk.com/contributors/
17
Jul

Doctor, doctor, give Me the news…

By Craig Dunham Comments
Categories: Articles, EDI General, EDI News, EDI Software and Other Blogs Tags:

I’ve got a bad case of … EDI VIRUS BLUES?

The other day - on, yes, the EDI-L Yahoo Group - I read a post about how an Information Security department of a company was worried about the concepts of viruses and hackers gaining access through the EDI system and the documents we trade via EDI.  Most of the replies were, as you would suspect, “is your infosec group smoking crack..?!?” or something to the same thought..

But it does beg the question - how susceptible to a virus attack, a trojan horse, a hack or some other kind of attack are we through our EDI processes?  There are no virus scanners and other system tools to scan the data as it’s coming into the system via our AS2 or bisync communications sessions.  There’s not much to stop the virus or hack or trojan from getting into the system, now is there…?

Sure, you may have a firewall set-up and the data must pass through the firewall, but you’ve basically given it permission to travel through that wall, anyway, simply by virtue of the face that you’ve given permission to the connection that the data (virus laden or otherwise!) is traveling along.

But that’s about the place when their concept of the attack falls flat…

Look at the way the data is transmitted - more or less as text - viewable as either the hex format or the text format.  And then your translator will go and take those characters and put them, based upon your mapping specs, into your system and populate the various files and data fields that you’ve mapped them to.  That traffic cop of EDI translation is directing the data flow into your system(s) to create orders, receive orders, and so on.

And it’s truly your translator and your map that will end up acting as the virus defense line - by virtue of the fact that the data that they could be sending (that virus code!)  will fail in the translation and never make it into your back-end system.  Even if they use one of the simplest hacks - a buffer overflow - you’re still pretty much safe - simply by virtue of the fact that they can send all the characters and data that they want in the element, but you’re only looking at 10 characters.  Or 12 characters.  Or however long that data field is.

The other thing to remember about these files that we trade back and forth, however, is that they’re treated and send (basically) as a text document.  Nearly all virus programs and worms and trojan horses are programs… They’re EXECUTABLE files.  They’re sent as screen-savers or zip files or whatever - but, at their root - they’re an executable file - a program.  This concept was brought up in the thread on the group, too.  And of course, the doomsday nay-sayers kept on about how you could get the malicious code into your system.

The best counter example to this, however, was the concept that I could create a wonderfully wicked virus - something that would truly erase all of your files on the hard-drive, recreate your “Favorites” (for Internet Explorer) with porn sites all about farm animals, recreate the Unabomber’s manifesto (as written by you, of course) and change all of your image files to naked images of the gender you least want to see naked…  And they’ll all be over 400 lbs of fleshy beauty.  Oh, yes, and your computer will blast - not just play - show tunes and 20s-flapper jazz at full volume…  Yeah, now that’s a VIRUS!!!

But the truth is, I could create this showstopper virus and send you the code - as a .txt file that you could open and view in Notepad or Word (or whatever writing program you use).  But will it cause any harm to your system..?  Nope…  Will those aforementioned show tunes and nudie shots render your system a disaster area..?  Nope.  All because it’s a set of instructions, but they’re not presented in a way that the computer will actually process them and follow them.  They’re nothing more than words - letters, numbers, symbols - characters - that you can view.

EDI documents are the same thing - they’re just characters that you (or your system) reads and populates into those certain fields and files.  They don’t do anything other than that.  It won’t open your ports, start the modem in a receive mode or anything else that could compromise your system.  It won’t go digging into your financial data and give access to any of the credit card data you’ve got stored or give the hacker the keys to your checking account.  They’re just text - readable collections of characters. 

So, go ahead.  I dare you.  I double dare you.  I triple-ripple, double-dog dare you.  Create a virus to be sent via EDI.  And see how many systems you infect.

One of the other things to consider - even if it WAS possible to create a virus and send it via EDI - would it be truly worth it..?  One of the bombs that often shows up on the battlegrounds of the Apple Mac vs. Windows PC wars is how safe the Macs are from viruses and attacks.  And it’s not that they’re truly safer or more secure.  Instead, it’s the law of “supply & demand”.  You’ve got hundreds of thousands of Windows PCs out there in the world.  Millions.  But only a few thousand Macs (by comparison).  So, where are you likely to get the most “bang for your buck” when creating a virus, hack or trojan horse?  By infecting 10% of the population?  Or is it by doing the 90% of the population?  That’s right - it’s the 90% group you’re going after…  You’ve got the most chances for your seeds of evil to dig in and root and create the mayhem and carnage you’re hoping for.

EDI provides that same kind of safety, as well.  There has to be so much forethought and planning on the part of the hacker - he’d have to create a document format in a document you trade AND he’d have to create the map with the specific communications parameters (qualifer, ID, network, etc.) and all of it in a format that your system would allow to translate AND move into your production fields and files. 

Sorry - ain’t never gonna happen….

But, what’s YOUR take on the chances of virus attacks in EDI..?

Author: Craig Dunham - EDI Coordinator @ Big 5
Read more about Craig here: http://editalk.com/contributors/
« Previous Entries

Forums / Discussions

Join us on the forums / discussions to talk things all EDI and Vendor Compliance! Click Here

Contribute to the Community

EDITalk.com is run by EDI guys for EDI guys. Want to write a article or blog post? Just let us know on the fourms and become a contributor today! All credits given to any article posted on the web site.

Categories

 

September 2008
S M T W T F S
« Aug    
 123456
78910111213
14151617181920
21222324252627
282930