Data Center Hub

Have you recently installed Google Analytics to your site and found CartIt is broken?

If you visit a site which uses the CartIt shopping cart and has the Google analytics code (urchin.js or ga.js) installed you will get several cookies. One called __utmz breaks the ability of CartIt to read it’s own cookies because years ago, when Urchin first started using JavaScript cookies, the coder (or pointy headed boss) did not follow the standards (well, they were only suggestions and still are such). Standard cookies use the equals (=) sign as a delimiter so if the cookie contains multiple equals the application attempting to read the cookie mail fail if it was never intended to read this non-standard cookie.

RFC 2109 (the original Netscape proposal) lists a name=value pairing with “The VALUE is opaque to the user agent and may be anything the origin server chooses to send, possibly in a server-selected printable ASCII encoding”

So when Google is using characters which are also delimiters in cookie text, they should escape them using URL encoding such as “%3d” but they did not. The cookie is broken and has been for years, apparently there is no intention of correcting this as the newer analytics code (ga.js) creates the same broken cookie.

Unfortunately, when this __utmz cookie is set, it is set for *.domain.com, which is the same as what cartit sets. When your browser sends your broken __utmz cookie to your server, your shopping cart, cartit.cgi, creates a new shopper cookie and because it cannot match up the shopper (you) with a cart cookie, it makes a new cart cookie with your one item. So the result is only one item in the cart period until you remove the Google code, or “fix” the cart and then CLEAR all the cookies for the domain.
I have “fix” in quotes because the CartIt shopping cart is not really broken, cartit is a victim of Urchin/Google poor code. If the designers of cartit could have anticipated someone would:

1. Intentionally create software to create a cookie which appears to not URL encode field delimiters e. g. (=)

2. Intentionally install this broken software to create a cookie with invalid characters, thereby shooting you in the foot and breaking your ecommerce site

Why doesn’t google fix this? Well, there are many more people using Urchin than CartIt- and all you need to do to fix cartit is modify the cookie reading code on line 927 of cartitlib.cgi so it is straight-forward if you know PERL. This is not simply a cartit problem as there are doubtless many other programs which could be affected- anything on your server which reads cookies could choke on the __utmz broken cookie.

Here is an example of what the __utmz cookie contains

__utmz=247895813.1206552801.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); path=/; expires=Thu, 25 Sep 2008 05:33:20 GMT; domain=domain.com;

So it is fixable- but it’s an unfortunate fact poor code never seems to fade once implemented. In the end, you’ll likely have to pay someone to fix your (not really broken) cartit code. After all, the Google code is free- and it is worth having on most ecommerce sites- but you don’t need to change your site shopping cart as a result.

CommerceBuddy Version 3.0 for CartIt 8.0 was released in 2003 and while not designed for Vista, you should be able to make it run with a few tweaks. CommerceBuddy was designed using Delphi tools, when it runs it creates a small file called PDOXUSRS.NET at c:\. Because the new way of running programs with Vista is a user mode with limited permissions, you’ll need to run the program with Administrator privileges. If you do not run it this way, you’ll get an error of “Permission Denied” on creating the PDOXUSRS.NET file.

It is easy to fix this by simply browsing to the CommerceBuddy program under StartàAll Programs. Right click the CommerceBuddy Program, point to and select Properties. When the CommerceBuddy Properties box appears select the Compatibility tab and under Privileges, tick the box labeled “Run this program as Administrator” in order to allow you to run it. You will likely get a nag screen at each invocation and the program will now run.

Another issue on Vista is the use of .hlp help files. CommerceBuddy has no printed manual and therefore without the help you will have trouble learning how to properly set up CommerceBuddy. Microsoft has a KB article on this- KB917607 but unfortunately at the time of this writing it appears they have removed the link to the file download and simply have a terse statement “the Windows Help program has not had a major update for many releases and no longer meets Microsoft standards. Therefore, starting with the Windows Vista operating system release, the Windows Help program will not ship as a component of the Windows operating system. Also, third-party programs that include .hlp files are prohibited from redistributing the Windows Help program together with their products”

I found the download of the Windows Help Program (Winhelp32.exe) for Windows Vista 32 bit version thanks to Google. Once you install this update you should be able to use the help files in CommerceBuddy as well as any other legacy applications.

Of course, if you’re doing a new install of CartIt CommerceBuddy, you have to apply your license (under HelpàAbout), set your options and configurations, and finally publish the setting to CartIt on your server. CommerceBuddy is starting to show its age but the CartIt application (server side) itself is written in Perl and is still one of the most flexible (and eminently customizable) carts I’ve ever used. CartIt has features no other cart has- such as the ability to have products at a zero price, unlimited products with unlimited options, and much more. Also, being forms based means you design ecommerce around the site rather than forcing you to design your site around the shopping cart.

William Laakkonen, AVATAVA

One of the most important things to avoid in creating a dynamic web site is the use of session IDs in your URLs or pages with an ending of ?parameter. Here’s an example:

http://www.yoursite.com/index.php?PHPSESSION_ID=123456

PHP Session IDs may be suppressed in your .htaccess file using: php_flag session.use_trans_sid off

The reason to avoid using PHP variables and session IDs as well as URLs ending in question marks is due to the fact the URLs may be ignored by some web bots and search engine spiders. It’s best to avoid anything that even resembles a session ID. Here is a direct quote from Matt Cutts also known as Googleguy: “sites shouldn’t use “&id=” as a parameter if they want maximal Googlebot crawlage, for example. So many sites use “&id=” with session IDs that Googlebot usually avoids URLs with that parameter,” See: http://www.webmasterworld.com/forum30/29720.htm for the full article.

Another thing to avoid is the use of variables in URLs. Here’s an example:

http://www.mysite.com/page.php?var1=a&var2=b&var3=somethingelse

Using even one variable in the URL can decrease your search engine results and multiple parameters likely make it even worse; per Googleguy: “The number of parameters in a URL might exclude a site from being crawled for inclusion in our MAIN index’ (IOW parameters = relegated to a supplemental listing)”.

Another thing to avoid is serving all your content from a single page or a set of pages. As far as a search engine is concerned it sees the same pages or sets of pages over and over again. This will likely relegate your web content to either the supplemental index or even out of the index altogether.

Example:

keys.php?SiteCounty=Lee

keys.php?SiteCounty=Martin

or

index.php?Category=Apples

index.php?Category=Pears

What should be used instead is a server side rewrite to create static page names and links such as:

Buy-Product-Name.html or Buy-Another-Product-Name.html

With the Apache web server you can use the Apache module mod_rewrite to do the rewrites. For Microsoft® Windows® IIS you must look for a third party module to do a rewrite of your URLs. On IIS there are several ISAPI modules for rewriting URLs, including one which requires no changing of your web pages at all. Most of the IIS modules are commercial but there is one free module available from Antonin Foller of Motobit.com.

Commercial ISAPI rewrite modules for IIS

• ISAPI_rewrite from Helicon (they also have a free “lite” version”)
• OpURL from Opcode
• IIS Rewrite from Qwerksoft
• IIS Mod-Rewrite from Micronovae

I’m sure you may find additional ISAPI rewrite modules for IIS, these are the ones I found available during June, 2007.

URL Rewriting schemes to avoid

You should avoid using underscores in file names or URLs. See: http://www.mattcutts.com/blog/dashes-vs-underscores/

The Google Supplemental Index

If you find your site is guilty of doing all the things listed here earlier as ‘not-to-do’, your site is likely already in the Google supplemental index. How do you know you if your site’s pages are in the supplemental index? Go to google.com and type in the search form: site:your_site followed by *** -sjpked Example: site:www.domain.com *** -sjpked

Here are some other reasons your pages may not show up in the indexes or end up in the supplemental index:

• You have little or no unique content on pages
• Your pages have no or identical titles and descriptions
• Your site still has dynamically generated pages without static URLs (use mod_rewrite or similar to solve)
• You have used the same header, side navigation bars, and footers on all your pages
• Your site has many unlinked (orphaned) pages
• All links to your site are reciprocal rather than natural one way incoming links.

How do you check where you stand?

Checking where you stand and will depend on who you ask. The actual raw data of the number of visitors to your site is really not as relevant as is the quality of the visitors to your site. It really does not matter if you only have 100 visitors to your site each month if your goal is to have 10 sales and 10 out of the 100 visitors purchase your product. That would be much better than having one million visitors and no one purchasing your product. Use your web site statistics (log file analysis) as a guideline. People should be finding your site both as a result of a natural search, and additionally as a paid search result listing for you to have the highest conversion rates.

Some easy things to do for checking your site:

• Install and use the Google Toolbar to check your page rank.
• Visit http://www.Alexa.com/ to check your site rank and overview.
• Check your site listing at http://www.siteadvisor.com/ - you’re judged by the company you keep here.

What else to do?

Optimize the content on your pages once you have created static pages using mod_rewrite or a similar product. You can choose appropriate key words and key word phrases using wordtracker.com or goodkeywords.com. A handy tool for analyzing your existing web pages is WebPositionGold (you should note that the use of WebPositionGold on google.com in an automated fashion violates their terms of service).

One of the best ways to get a good idea of what the search engines see when they visit your web site is to view your web page in a text only web browser such as Lynx. You might be surprised how the semantic presentation differs from your visual layout. The search engines treat HTML semantically. As an example, a H1 tag takes precedence over a font-size tag. Keep this in mind when viewing your pages in the text browser and consider adjusting the HTML accordingly.

When designing a web site, you generally want to test your pages consistent appearance in any type of browser. In other words, your work of art should not look different depending on the color of eyeglass frames someone is viewing it through.

In general, designing using XHTML, CSS, and validating your design using the w3.org validator will get you very close to a consistent appearance among many browsers on various operating systems. Once you’ve done this part, the more difficult task is checking your site presentation on multiple platforms and web browsers.

In the past, the only way of checking your site for presentation in multiple browsers was to have workstations (or virtual machines) running each type of OS along with each web browser, at each screen resolution, with various plug-ins (such as Flash) which you desired to check against. As you can well imagine, this can be out of reach for the average small business or designer both on the basis of budget and time constraints.
One solution to this issue has been conceived and implemented thanks to Johann Rocholl. It is a free web service called BrowserShots and it allows you to submit your site for snapshots in many different browsers in only a few seconds. What happens then is the web site is visited via many computers running the selected OS, browser, screen resolution, and plug-ins which you selected. Depending on the length of the queue, you may have a wait of 30 minutes or so for the results, but it is worth the wait. Once you have your screen shots you will know what additional work you (or your web developer) need to complete. No technical aptitude is needed to use the site so I invite you to check the job your developer is doing by submitting the site for snapshots and looking at what the rest of the world sees when visiting your web site.

The entire service is volunteer and free so you may want to limit the frequency of submitting jobs to the queue to allow resources to be available for others. The service is in beta stage at the present so there may be issues form time to time. Hats off to Johann Rochall and his volunteers for a great and idea and service with BrowserShots.org

One of my favorite sites for quality free images is pixelio.de. I have posted some of my data center and other photos there under the profile AVATAVA. The photos are of the US Wireless Louisville, Kentucky and the Columbus Ohio Data centers. The Louisville Data Center is no longer in existence and the Ohio data center is no longer part of US Wireless.

The web site is in German only- even if you don’t speak German you should still be able to figure out the photos. Over the next few weeks I will upload more photos to the site under the key word rechenzentrum. All the photos are free for commercial and private use (copyright retained) as long as they are not used in association with illegal or immoral activities.

Every one of us is at risk for extended power outages after storms, tornadoes, or hurricanes. In the event you do experience the power outage, how long your power outage will last will depend on the severity of the storm as well as where you are in relationship to the grid itself. When your local area is experiencing widespread power outages, there are certain steps that are taking to restore power beginning with facilities which provide critical services.

As a general rule power plants and power lines from the plants are going to be restored first. It should be obvious that without power to the main power lines power cannot be restored elsewhere.

The second groups which will have power restored are those which provide services such as hospitals, fire stations, and public safety such as police. Next after this group is grocery stores and gas stations as well as traffic control systems.

Next in the list are the major power lines that serve large amounts customers followed by smaller power lines that provide power to individual streets, and last among the groups to be restored are individual homes and businesses with out power.

So where does your home or business fit in relationship to the grid? If your business is located in a residential area, you can expect that your business will be a low priority for restoration. If however, your business is located directly next to your local hospital, it is very likely your business will be among the first to have power restored.

How do you begin to assess the risk? The first thing you should do is take a look at how power is fed to your building. If you have an above ground wiring you can simply follow the wiring with your eye up to your power pole. What kind of power pole do you have? Is it wood or steel? If the poll is wooden, you should take a look at it to see what its physical condition is, is it rotted or damaged? If the pole is made of steel, you should check it for rust and for proper fastening at the ground. Take a look around the wires on your pole, are there any tree limbs resting on the wiring? If so, you should inform your power company to have the trees trimmed back before they cause an issue.

It’s important to note, even if you are located directly next to a hospital, you can still have a situation where the last mile to your home or business is filled via one of these old wooden power poles-in which case power would be restored very quickly to the grid but should the line into your home be damaged you can still be without power for an extended period of time. Homes and businesses with power feeds which are underground are obviously going to be at the least risk for extended power outages.

Keep all these factors in mind when assessing your risk for extended power outages along with the need for your home or business to have power during these times. The size of generator system you purchase, the capacity for fuel storage, the type of fuel your system is powered by, along with such aspects of automatic power switching will all affect your choice of emergency power and UPS systems.

One way to assess risk of being without power is to simply take your annual revenues and divide it by the number of HRS in the year to come up with an average value per hour that you may be without power. For example should your business have annual revenues of $1.5 million, you can divide that by 8760-the number of hours in the year. This would give you a value for each hour you are without service of roughly $171 in revenue. Of course, this assumes your working 24 hours a day which you’re not-so the real figure of lost revenue would likely be much higher. It’s more likely a correct figure would be closer to three times your revenue divided by the number of hours in the year.

Given the above figures, one can estimate the average revenue to be in the neighborhood of $4000 for each 8 hour day so a five day power outage could cost you $20,000 in revenues. These rule of thumb figures should help you put your budgeting in perspective.

Other items to consider:

1. Take steps to minimize impact if suppliers upon which you depend for products or services are disrupted during weather related events.
2. Plan for alternate communication, transportation, and courier services.
3. Create a plan for your employees to follow in the event of sever weather, tornado, or hurricane.
4. Create a plan to restore your business operation after the storm has cleared
5. Take a look at your current insurance policies and assess the sufficiency of coverage.
6. Determine in advance methods for assessing and reporting storm damages.

Even if you are not located in an area likely to be affected by severe weather it is still possible for your business to be impacted by it. In our office we waited one year to get a new door. Why? The factory which made all the doors in our building is located in New Orleans; well, they were in New Orleans.

I got a call from one of my customers last Friday; the customer told me that they were without power. There was no storm; in fact the weather was bright and sunny in Florida. It wasn’t even a particularly hot day so there wasn’t a tremendous heat or power load in their office either. Unfortunately however, the power transformer that feeds their building was over 40 years old and it had failed.

This customer happens to be one of my few customers who plan ahead for contingencies. They have a beautiful office on the Caloosahatchee in Fort Myers, Florida. In 1998 their office flooded, as a result of this event, the business owner had their building elevated roughly 8 feet above its previous height. It’s not likely now that it will flood again. In 2004 Fort Myers was affected by hurricane Wilma, and the office was without power for several days. To mitigate this happening in the future, the customer installed a propane powered generation system complete with an automatic switch, to provide power in the event that mains power fails. Even though many businesses were down after hurricane Wilma hit Florida in 2006, this customer did not skip a beat. Planning and implementing ahead of time does pay off. Inside their office all the equipment is housed in a rack mount case and utilizes HP/Compaq UPS Systems. While the customer has a server maintenance subscription for their servers and workstations as well as Network Equipment in the office, they have no such service maintenance on the generator system itself. The generator system was initially installed and configured to test itself each Tuesday. At some point in the last few months the testing was occurring yet it was failing each time. Apparently nobody noticed in the office and of course the generator has no way to inform anyone of its other than the total lack of power.

It’s important to be prepared, it’s also important to plan in advance how an event may be handled and include scenarios for unlikely situations. You see in this case I received a call from the customer after the power went out, after the generator had failed, and after the UPS System exhausted its batteries. It is important to shut down complex systems in an orderly fashion rather than simply allowing the power to drain down. Shutting the server down in an orderly fashion allows the cache to be flushed properly and allows the system to be shut down in a known state. Failure to do so may result in data corruption and even hardware failure. Even though the UPS had the ability to shut down the server, it was not connected properly and in this particular situation the shutdown resulted in a hardware failure bringing down the customer’s entire domain requiring several hours of onsite repair. In the future the UPS should be able to shut down the server BEFORE the UPS fails (now that the pesky serial cable is reattached). As bad as it sounds there was no permanent damage, only the inconvenience and expensive weekend service calls. It brings to light the requirement to plan better and the need to have a document on hand which highlights the contacts who may be involved and a course of action corresponding with it.

An incident response plan is more general in nature and broader in scope than a Business Continuation Plan or Disaster Recovery Plan. The plan should cover things such as a network meltdown, lightning strikes, and things such as the broad steps to recover from a security breach.

So here are six steps to take in developing an incident response plan.

1. Plan for events- security breaches, lack of power, data connection failures, toll free line failures. Try to identify as much as possible what could happen and plan around that possibility
2. Identify Responders and Roles. You should choose people for your incident responses before the events occur including backup people (even if they exist outside your employee pool). Look beyond the IT department and include HR and vendors as well.
3. Create a backup communications plan- perhaps an off-site SharePoint based web site, conference bridge lines, and VOIP systems in case your staff need to work from alternate locations. Don’t forget to create a contact list that includes mobile and home numbers as well as alternate email addresses.
4. Decide who is in charge of what in advance. Plan ahead to delegate authority for things such as emergency Purchase Orders or Press Releases.
5. Plan for an alternate work site. Choose a location in advance so that if your regular work location is not available, you and you staff will have a place to work. Make sure you have connectivity, power, and adequate cooling or heating as needed. Consider partnering with a vendor of roughly equal size and setting up a reciprocal arrangement with them. For example you could make a reciprocal agreement with a supplier located 200 miles from your office so that in a time of disaster you can temporarily route calls through or relocate there until normalcy is restored at your regular office.
6. Test your plan ahead of time; there is nothing worse than finding out you missed an important detail while the incident is occurring. Start you evaluation as a quick discussion of events and scenarios first and later work your way up to a simulation. You also should make sure your plan is kept safe (for example- encrypted) and accessible; keep copies in multiple physical locations where it is ready as needed.

There is always the temptation to ignore planning while everything is running smoothly but don’t do it- a flick of a switch can set you scrambling in ways that might cause you to loose sleep at night. Plan ahead and sleep soundly. Don’t forget as well that over time you will still need to revisit your plans and revise them as needed.
 

Mikko Hyppönen of F-secure has suggested that a new top level domain such as .bank or similar would help alleviate problems of phishing attacks against financial institutions.

Unfortunately the suggestion is a solution which does not cure the actual problem: DNS is insecure. This new top level domain has been the subject of much heated debate, and of course much criticism. I believe I have to count myself in on the criticisms side of the debate at the moment. After reviewing some of F-Secure’s rebuttals of the criticisms, here are some issues I have with the suggestion which F-Secure have not yet addressed. Some of the following are quoted from the F-Secure web log and followed with my own comments.

A new top-level domain will not solve the phishing problem once and for all, so it’s not even worth considering.

This is not a silver bullet. A new top-level-domain (TLD) would not be the end of the phishing problem. But it would be a helpful top-level domain and it would stop a particular subset of phishing completely.

    While it is true that some domains are more trustworthy than others (for example.info domains appear to have the highest level of phishing sites on them ), creating a new top-level domain does not actually solve the problem of phishing-it merely creates yet another domain and as such it is dependent upon a weak DNS system. In fact DNS shows up in the list of top 20 Internet Security attack targets for 2006.

This initiative won’t move further until we find a sponsoring organization that starts to push it and proposes it officially to ICANN. This sponsoring organization is what we are trying to find at the moment.

    Of course the sponsoring organization could officially propose this to ICANN; however, ICANN is not a regulatory agency or governing body. Even know there is presently a .pro domain for doctors and other professionals, creating a .bank domain or another authenticated top level domain does not correct the problem of phishing any more of than a new coat of paint will make a house hurricane resistant.

I do believe the suggestion for a new .bank domain is well intentioned and I don’t question the motives of that- however any new solution which doesn’t correct the actual problem it attempts to solve is not a move in the right direction in my opinion. I believe the move of requesting ICANN to expand its authority is one of the main reasons not to ask ICANN to create a .bank TLD. Given the present state of the domain registration business, there’s no way that a data bank top level domain could be sufficiently authenticated given that there will be likely registrars issuing the domain and not ICANN itself. It is not possible for a TLD such as .bank to be run in the same manner as the .gov domain. There’s not a governing body for domain registration yet. Perhaps the banks themselves can create a group and petition for the TLD but this involves investing money on speculation- something most banks are loathe to do.

Someone recently asked the staff at F-Secure® why there is an uncanny resemblance between their official logo and the logo used for Evil, Inc. in the Austin Powers movies. F-Secure officially denies any association with Evil, Inc. The resemblance is apparently coincidental.

F-Secure had the same situation with the original name for the company, which was Data Fellows, Inc. Once they opened an office in California however, they were mystified as to why they kept getting phone calls intended for Date-A-Fellow Of course this was also coincidental. The staff at F-Secure have a sense of humor about it though. For what it’s worth, I liked their original name better than their present name.

It should seem obvious to most Americans that the cost of low skilled immigrant workers is greater than the benefits offered by having an inexpensive head of lettuce in the grocery store. Having cheap tomatoes for your taco bell burrito is also a falsehood. The fact is that having the cheap immigrant labor in the USA is exactly the same as corporate America BORROWING money from your children. As Americans we should simply not tolerate such bad behavior as hiring undocumented workers as it is against the law.

The folks over at heritage.org have written a paper regarding the true costs to American taxpayers of the benefits received by low skilled immigrant workers versus the taxes paid, the long term cost in the form of automatic citizenship for children born to illegal immigrant parents, and the policy of granting automatic citizenship to parents of Instant Americans. You may ask, what is an instant American? In my dictionary an instant American is any child born in the USA whose parents are illegal immigrants. It is a longstanding policy of the USA to automatically grant citizenship to any child born on American soil regardless of the parents’ citizenship. As a consequence of this policy many immigrants are encouraged to enter the United States illegally so they may create an instant American as a path to citizenship. Once they have created their own instant American, this child, at the age of 21, currently has the right to petition for automatic citizenship for his parents thus creating new liabilities to welfare and Social Security. According to the heritage.org report the true cost for each low skilled worker entering America is a net loss of roughly $20,000 each year. Here’s a chart. The figures increase exponentially once the child’s parents reach retirement age. Those cheap tomatoes will cost the average US taxpayer about $40,000 in the future. We need to stop this now.

Many people believe the United States is a democracy. We’re really a democratic Republic. What this means is in a democratic fashion we elect representatives who in theory know better what we need than we do as average citizens. The new immigration bill before Congress at the present time is one of those situations where the representatives believe they know better than we do as average Americans. What they are really doing is simply telling us what we would like to hear while catering to the needs of corporate America at the expense of the American citizenry.

America is a nation of laws, if a person does not follow the rule of law there are consequences in the form of punishment. For example if you attempt to navigate the interstate at speeds in excess of the posted speed limit, you can expect that the law will be enforced and you will be detained and issued a ticket for your violation. Unfortunately, at the Federal level, we seem to have a rather spotty record of enforcing laws in a consistent manner.

It should seem obvious that we have enough laws in place for immigration and that the issue is not actually immigration itself. The issue at hand is the obligation of the Federal government to protect our borders and enforce existing immigration laws. It should also seem obvious that if we cannot keep three million illegal immigrants from entering our country we certainly cannot keep terrorists from entering our country. So what should we do? As Americans we should insist that no new legislation be passed until the existing legislation is enforced in a consistent manner and enforcement of our borders is realized. It is a fundamental function of the Federal government to protect and enforce our borders as this is a job that individual states would not be able to do except within the bounds of their own borders. The failure of the U.S. government to protect our borders in an effective manner clearly indicates our lack of sovereignty. The United States appears to be the welfare agency of the majority of central and South American countries. While America has always desired to have good relations with our southern neighbors it has reached a point of abuse. This abuse is a condition which the average elected representative does not see on a daily basis. It is certain there are no senators who, upon entering a burger king and attempting to order a number two meal, have had the person at the register fail to recognize and understand what was said. It’s also certain that no senator has ever asked to speak to the manager of a burger king restaurant and been told “everybody speaks Spanish, you better get used to it”. I can certainly order a number two meal in Spanish- however I do not live in a Spanish speaking nation. I do not believe that people who are here as guest workers or people who are here to become Americans should force their values and their language upon their host. The very fact that the many of the newest wave of immigrants to the United States are not assimilating is in fact changing the USA into the very third world nation which they seek to escape. The subjugation of English as language of the United States may seem to be merely an annoyance as many of us do speak more than one language-the reason for this illustration is not simply the matter of the annoyance itself, but rather to illustrate the indignant right and expectation of entitlement that are southern neighbors are currently expressing. At some point there may be more Mexicans in America than in Mexico-so perhaps America should consider a course of annexation for the Mexican nation as they fail to enforce their borders as well. One forgets in the course of this discussion that there are two sides to each border. Our neighbors to the north in Canada do not seem to have the same border enforcement issues that are neighbors to the south have.

What can Americans do?

1. Contact your senator and express your opinion very loudly regarding enforcement of existing laws and protecting our sovereignty -a nation at war which cannot control its borders has lost any conflict whether the conflict exists directly at the borders or not.
2. Wait for your elected representatives to do the right thing. For example, the annexation of Mexico solves the problem permanently and ultimately gives the USA a much smaller border to the south. We are already at war so expanding the scope to include those who are actively supporting an invasion of our nation does not seem unreasonable.
3. Move to the European Union and forget about being American; skip that idea, due to immigration quotas you probably will not be allowed to move to most EU countries, although I hear Sweden is accepting many of the casualties of our war on terror. Forget about migrating to Canada too unless you have lots of education and money.

One thing is clear to me; Canadians and EU residents get more respect than Americans. I wonder why? Is it because they enforce their borders better than the USA or is it because they enforce their laws?