Tag: API (page 1 of 11)

Developers Needed: Cannabis Software Company MJ Freeway Goes Down, Leaving Over 1000 Dispensaries in the Dark

MJ Freeway is a cannabis software company widely used for POS, inventory tracking, and data reporting by thousands of American dispensaries. On January 8th, service was disrupted nationwide in what the company is claiming to be a maliciously-designed attack.

Thousands of dispensaries lost access to their POS systems and all transaction histories. Service is slowly being restored on an individual client basis, though retailers do have access to a temporary POS terminal.

MJ_Freeway_12756532

The incident has caused quite a stir in the nascent cannabis industry, as technology services once again reveal just how vulnerable they can be. Without their indispensable POS systems running, many retailers closed shop, affecting cannabis patients and purchasers in twenty-three states, according to MJ Freeway’s FaceBook page.

Cannabis sales plummet when transactions are taken down by hand

Cannabis sales plummet when transactions are taken down by hand

MJ Freeway’s disruption occurred on the heels of the state-run database in Nevada accidentally exposing thousands of business applications, including detailed personal information. Clearly, cannabis needs more professional developers if this industry wants to catch up to the standards set by other technological communities.

MJ Freeway claims that no personal information was at risk during the incident, although some data security experts are not convinced. Still, the very thought of exposing information about cannabis patients, whether its personal or generalized consumer trends, should be a reminder that technology is fragile, and we need to be very serious about security.

hacker

If the allegations of an attack are confirmed, MJ Freeway has stated they will pursue criminal charges.

Why Cannabis Reports is Qualified to Report

Cannabis Reports is a qualified source when it comes to cannabis technology. We constantly report on technology and the role it plays in creating a safe, reliable, and successful cannabis industry.

28029466752_aedb5f901a_b

Our Open API supports thousand of developers and hundreds of applications by offering access to information on over 9000 strains and 19000 products. We never stop encouraging technologists to enter the cannabis space and create wonders for the people who love this wonderful plant.

Please note, many publications are calling this a “hack” with very little regard to what actually occurred on the technological side. There are many possibilities as to what caused this incident, and as a community, we should refer to that accordingly.

What We Know About the Incident

Sometime late Saturday January 7th, MJ Freeway went down. One of the ubiquitous softwares powering cannabis sales across the country became inaccessible at thousands of retail locations. MJ Freeway claims to have “nearly 50 percent” of market share, and the outage made a huge dent in national sales that continues while service is being restored.

Some dispensaries began taking orders by hand, others simply closed to avoid the nightmare of non-digital sales. Certain states actually have exclusive contracts with MJ Freeway that require retailers to rely on the software, making legal cannabis nearly inaccessible in those regions .

By Sunday January 8th, MJ Freeway’s Executive Director of Data and Marketing, Jeannette Ward, made a statement on the incident, then stating that users should expect access within 24 to 48 hours, by Monday or Tuesday the 9th and 10th of January.

On Monday January 9th, the company notified users that the outage duration could last between 72 hours to three weeks. Some clients reportedly got access to limited service today, although restoring  historical transaction logs will take hundreds of development hours.

Currently, MJ Freeway’s site hosts an explanatory message emphasizing: “On Sunday, January 8th, [our] infrastructure was attacked,” and “NO client or patient data was extracted or viewed in the attack.”

Screen Shot 2017-01-11 at 5.20.00 PM

The first MJ Freeway clients now have access to a temporary POS resource that allows them to conduct sales, but historical records, like sales history and trends, remain inaccessible.

Thankfully, MJ Freeway immediately understood the gravity of the situation and began work on a solution that could keep retailers open for business. The company reports that they have been working non-stop to resolve issues for all of their customers.

Damage Report: Community Response to the Incident

The community was quick to react, as thousands of patients and business operators were forced to endure the lengthy process of tracking retail with pen and paper (and in fact, certain states penalize the use of handwritten ledgers for cannabis sales). The result was long lines and slow transaction times, costing retailers anywhere between an estimated $1,000 and $10,000 per day, depending on whether the retailer shuttered their store completely.

pasted_image_at_2017_01_11_10_40_am

One client who voiced their grievances online demanded a full refund for the inconvenience they continue to experience. Others were quick to jump into the conversation, offering both sympathy and disdain for MJ Freeway’s predicament. Competitors of MJ Freeway were quick to pounce on the opportunity, offering sign-up deals and promising a working POS solution within 24 hours of set-up time.

pasted_image_at_2017_01_11_10_49_am

As the MJ Freeway team scrambled to resolve the outage, some clients began their own investigation into what possibly went wrong. One individual presented the possibility that the incident could have stemmed from the use of an outdated version of Drupal, a content management software used to created digital frameworks.

pasted_image_at_2017_01_11_10_50_am

The individual also expressed their apprehension to accept that no user data was viewed or extracted, and asked the company to be transparent and release an incident report.

A different user on Reddit posted an in-depth assessment, based on their professional experience, as to what likely caused MJ Freeway to go down:

Comment from discussion MJ Freeway.

With such a large percentage of the market share for cannabis POS, the loss of MJ Freeway negatively impacts the entire cannabis industry, even if it is just for a few days or weeks. It is likely that several MJ Freeway clients will switch over to a competing software due to a loss of trust.

Flowhub and BioTrackTHC are two of MJ Freeway's competitors that are likely snatching up disgruntled clients

Flowhub and BioTrackTHC are two of MJ Freeway’s competitors that are likely snatching up disgruntled clients

MJ Freeway will have to go above and beyond to restore their service, and retain the bulk of their customers. The outage will likely shift resources from the technological partnerships that MJ Freeway has announced with other cannabis businesses, like Weedmaps (search), Cannabase (wholesale exchange), and MassRoots (social media).

Resolution, Hopefully to Include Incident Report

MJ Freeway says their team is working around the clock to resolve the issue, restore service, and that already a handful of clients are able to operate on a temporary site.

MJ Freeway is currently employing a 3rd-party security review, although it is unclear if they will release an incident report.

This comes right on the heels of the Nevada incident, in which nearly 12,000 business applications were exposed. The proximity of these two incidents highlights the immediate need for serious technologists to enter an industry with so much personal data on the line.

The company has remained adamant that no user data was ever available. According to MJ Freeway, this attack was malicious and brought down their infrastructure, but none of the data was visible due to strong encryption techniques.

“The attack was aimed at corrupting, not extracting, data… What that means is all client-patient data is still protected, still safe, still encrypted and was not viewed by the attackers.” Jeanette Ward, MJ Freeway’s Marketing and Data Director, during an interview with The Cannabist

MJ Freeway experienced a massive outage in November of 2014, when a technical issue brought down the system for their roughly 1,000 clients. That incident supposedly originated during a migration to an improved hosting service with the intention of improving site functionality. Many users left MJ Freeway after that incident, stating that the outage made their retail location appear unorganized and unprofessional.

140101141455-01-colorado-marijuana-0101-horizontal-large-gallery

The public perception of the cannabis industry is typically forgiving, especially considering the infancy of many of the foundational technologies used by retailers and brands. We hope to see service restored quickly, as the estimated financial losses per day are enough to permanently affect small businesses.

Incident-Report

We also hope to see an incident report released so that the entire cannabis tech community can learn from this mishap and strengthen security. Whether it was a shady competitor, a disgruntled employee with inside access, or a breakdown of the technology itself, knowing the cause will help everyone prepare for the future.

Openness is essential for a stronger and better connected industry, and qualified developers are the key that will open the door.

The Longterm Solution: Cannabis Needs Developer

At the end of the day, cannabis needs technology, and it needs competent and driven developers to build it. There is a massive opportunity for technologists to create the tools so desperately needed in the cannabis space, and incidents like the MJ Freeway outage prove how impactful technology can be in a growing industry, for better or for worse.

Cannabis Reports supports hundreds of developers as they design applications for cannabis, from POS systems to chatbots, and everything in between. Our goal is to make the underlying technology ingredients available so that the master chefs of the software world have a full refrigerator while they cook up their ideas.

slack-imgs.comTo join the Cannabis Reports developer ecosystem, sign-up for free on CannabisReports.com and request an API key to start building today.

For the most up to date info on Cannabis Reports, follow us on Twitter, and like us on our Facebook page.

Cannabis Reports Gets a Big Shout-Out from Developers Who Build with Our Open API

Late last May, Josh Pardee and Kelly Martin of CannaFo.com and DaKine420 sat down for an interview with Time4Hemp. While the entire hour-long discussion is fantastic, the Cannabis Reports team was humbled by an amazing shout-out to our team, our platform, and our mission.

logo-4

We take great pride in supporting the developer community, and have helped hundreds of individuals and dev teams since we opened up our API in June of 2015.

logo

It was evident early on that Mr. Pardee and the CannaFo team were committed to building an exceptional tool to disperse cannabis information, and their project is getting a lot of wonderful attention.

Screen Shot 2016-06-14 at 11.13.35 AM

If you are unfamiliar with CannaFo, you should definitely take a minute to explore the information throughout their site. CannaFo lists top quality strains, products, and cannabis services in an easy-to-use format, and also serves as an encyclopedia and marketplace.

circuit_leaf_dropshadow-676x685

Since both of our teams have spent a good amount of time bonding together over open technology, Cannabis Reports could not be happier to see such a successful application like CannaFo making solid use of the data we offer through our open API.

Ccov4DJUEAAcqhU

Full Interview with Time4Hemp

You can watch the full interview below, as well as find a transcription of the shout-out to Cannabis Reports beginning at minute 49:00:

Transcription of Time4Hemp Interview Shout-Out [49:00]

[Kelly]: And I would like to make one shout-out, because these guys were very, very helpful in sharing their data, and that’s Cannabis Reports. They allowed us to actually use a bunch of their data that they have been compiling for a number of years, and they share it. They are big advocates, they want the information out there, they want to help people, and just a great group of people. I thank them very much for them helping us with our project too…

[Josh]: Yeah, for all those developers out there, when Leafly shut down their developer options, Cannabis Reports has definitely got their hands on quite a bit more data. They are more like me and Kelly are, they are really trying to take this information and they want to see things like CannaFo branch off of that, or cool app ideas, and they are out there to definitely help you get access to information like CannaFo is, and build your own projects and put back into the cannabis community, and that’s wonderful, so definitely check them out.

The Cannabis Reports team is happy to help any and all developers build off of our open API. Please each out to us through our Contact Page to request an API key. For the most up to date info on Cannabis Reports, follow us on Twitter, and like us on our Facebook page.

Technology Can, and Should, Adopt Open Standards for Cannabis

This article was originally published on Medium.com by David Drake, founder and CEO of Cannabis Reports.

The multibillion dollar medical and recreational cannabis industry cannot rely on technologies that don’t communicate.

“There is no proper measuring, there is no proper quantitative analysis. They’re all differing according to store to store. So that’s where we run into the health and safety implications for the people that are utilizing these products. There’s no standardization amongst these products that are being either consumed by adults and/or children.”

— Acting Inspector for Toronto Police Service, Steve Watts

Spending money on technology is no joke on this little rock we’re all riding through the solar system called Earth. According to Gartner, who looks into things like this, we (yes, the collective one) are looking at spending $3,500,000,000,000 next year on technology.

That’s trillion with a “T”.

Putting that into some grim perspective, the accounts from Brown University’s ‘Costs of War’ project put the estimates for the 2003 war in Iraq at 2.2 trillion dollars; 62 percent of the efforts in technology next year.

Cannabis technology is complex and fragmented with closed standards and operations being adopted and created all of the time. It’s no wonder that a consistent complaint from law enforcement, medicine, researchers, consumers, patients, business owners, and government officials is the ineptitude of the industry in being able to provide some kind of standardization practices.


Yesterday on May 26th, 2016, the Toronto Police department completed an unprecedented raid on dispensaries in the city. Here’s the numbers for the people immediately affected:

43 executed warrants for storefronts. 90 people arrested with 186 controlled drugs and substance charges.

My condolescences to their friends, families, communities, and constituents for all of these locations. More victims of the war on drugs who will have their lives forever affected by this occasion.

Project Claudia Seized


When I said that cannabis technology is fragmented, I wasn’t exaggerating. With the recent states of Louisiana and Ohio finally coming to their senses regarding cannabis, over one half of the United States have enacted some sort of medical cannabis laws now.

For those who haven’t been following along, I’ll say that one more time:

Screen Shot 2016-05-31 at 10.41.04 AM
What does this mean for cannabis technology? It means that all of these states are evaluating and enacting different methodologies and implementations for tracking cannabis within their systems. Since cannabis and cannabis products still can’t cross state lines, it means that every single implementation is wildly different.

Cannabis Technology is Complicated

RFID tags that sit in the dirt the moment a single seed or clone is started to create the flowering plant. Bar codes, scanners, local databases, remote databases, government mandated databases, all sort of talking to each other, when they aren’t down for hours or days. Scanners and printers of all sorts to keep track of these things.

Secure networks with HIPAA and restricted access since we’re dealing with medicine. Some of the most closed, horribly documented APIs you’ve ever seen. Wholesale, shipping, and distribution recreating the technology wheels we’ve had in place for decades regarding shipping everything else since traditional shipping isn’t available.

Testing labs with no universal standards for what they test for, how they test for it, or how the results are published and made available through their LIMS. Quality control nightmares requiring entire brands worth of products to be taken off shelves since there’s no specific identification.

How much of this data is made available to the public or other services for integration and analysis? Virtually none.

Cannabis technology is in shambles. It’s a mess, and it’s getting worse, not better. But, we’re new enough that there’s opportunity to fix it.

Cannabis Technology Companies are So New Compares to Other Industries

Screen Shot 2016-05-31 at 10.42.17 AM

Folks familiar with technology are aware of something called NIH syndrome. For those not in the biz, it stands for “Not Invented Here” syndrome.

From Wikipedia: “In programming, it is also common to refer to the “NIH syndrome” as the tendency towards reinventing the wheel (reimplementing something that is already available) based on the belief that in-house developments are inherently better suited, more secure, more controlled, quicker to develop, and incur lower overall cost (including maintenance cost) than using existing implementations.”

Outside of programming and technology, we see this attitude at every single cannabis business convention. These ideas run rampant through cultures of cannabis technology companies big, small, new, and old. We have an industry-wide problem with NIH syndrome. More from Wikipedia:

“As a social phenomenon, this philosophy manifests as an unwillingness to adopt an idea or product because it originates from another culture, a form of tribalism.”

Max Simon, the head of Green Flower Media, which is an organization dedicated to information and education surrounding cannabis, speaks often about tribes. His soft-spoken demeanor guises a burning and palpable passion when he often talks fondly about the various cannabis tribes: technology, business, entrepreneurs, investors, and so forth. I like the way he looks at these things.

We, as a technology community, need to come together and start communicating more and working together as a tribe.

The “Us Versus Them” mentality born of the legalization movement isn’t about “Our Company Versus Your Company,” it’s about “Us” as humans seeking a better future versus “Them” who would stand in the way of progress.

Right now, we’re standing in our own way and we’re not being helpful. We’re making things harder on the folks who already work harder than most. Farmers, innovators, small business owners, big businesses trying to do right by their consumers, and everyone who services and is involved with these industries.


The most common question that comes up when talking to folks about identifying cannabis is: “How can we be sure this is what it says it is?” Whether it’s talking about the various names of strains, or the contents of a tincture created for medical application, there’s so much uncertainty around cannabis that it’s impeding progress on all fronts.

According to Cannabinoid Dose and Label Accuracy in Edible Medical Cannabis Products, published in JAMA, June of last year, whatever we’ve got in place to help accurately “track” or “trace” is not working, by any stretch of the imagination.

Only 17% of cannabis edibles tested in various markets were correctly labeled for their contents. 23% of products were underlabeled, meaning there was more than it said. 60% of products were overlabeled meaning that the contents were not as high as advertised.

Imagine, if only one in five of the cold medicines on a shelf in front of you were accurately labeled. Cough syrup that actually contained more than what it said on the label, or allergy pills that contained none of what was actually said on the label.

What if the beer or wine you went to purchase had a 4 out of 5 chance of having less or no alcohol in it at all, or worse, more than you were expecting?

We’d be outraged, and rightly so.

But that doesn’t happen. We don’t doubt the 7% alcohol content label we see on beverages. We know there are technologies and standards in place that create a complex system of checks and balances to make this a reality. We shouldn’t have to doubt the labels for cannabis products either. But the technology isn’t up to the standards of 21st century ubiquitousness, so we do.

There are millions of dollars worth of human and technological implementations in place to prevent this from happening in the industry but it’s totally failing.

As a technologist and advocate for cannabis, that sucks.

Open Standards Can Let Us Start to Fix Things

Since we already said NIH syndrome is a huge problem, let’s not try to create some new defition of open standards. Let’s look towards the guidelines setup by organizations responsible for so many technologies we take for granted today. Wikipedia has an extensive page on “Open Standards” that can give you an idea of just how many have been adopted throughout different industries.

“Dedicated to promoting a proven set of principles that establish The Modern Paradigm for Standards.”

“Dedicated to promoting a proven set of principles that establish The Modern Paradigm for Standards.”

One of the organizations called OpenStand has a Joint Affirmation Statement that is signed by 5 of the largest governing bodies for the way we operate technology today: Internet SocietyInternet Engineering Task ForceInternet Architecture BoardWorld Wide Web Consortium (W3C), and IEEE Standards Organization.

Here is that affirmation statement:

“We embrace a modern paradigm for standards where the economics of global markets, fueled by technological advancements, drive global deployment of standards regardless of their formal status.

In this paradigm, standards support interoperability, foster global competition, are developed through an open participatory process, and are voluntarily adopted globally. These voluntary standards serve as building blocks for products and services targeted at meeting the needs of the market and consumer, thereby driving innovation. Innovation in turn contributes to the creation of new markets and the growth and expansion of existing markets.”


Like the fields of grain that are cultivated throughout the world that find their ways into our cereals, our pharmaceuticals, our beauty products, and our lives, cannabis is no different. Global production of cannabis is not decreasing, it’s increasing at a pace unlike anything else before.

Thousands of tax-paying companies and organizations are producing, processing, and distributing cannabis-derived consumable and non-consumable products, and there are thousands of technologies that make this possible.

But there is still not a standard way to identify anything in the global supply chain.

Ackrell Capital released their “U.S. Cannabis Investment Report 2016” where they begin to paint a picture of just a snapshot of companies participating in a global industry that has no standardized way to identify any products.

Hundreds of Companies Utilizing Technologies Without Any Identification Standards

Hundreds of Companies Utilizing Technologies Without Any Identification Standards

No globally recognized SKU system. No accepted Universal Product Codes. Just a new brand of identification and tracing with every new locale that is re-incorporating cannabis back into the human experience.

Wholesale technologies without the ability to normalize a chocolate bar amongst their vendors. Public websites purporting to help consumers find the products they’re looking for with normalization so bad, that we were able to find examples of companies with 12 products represented with nearly 2,000 different names.

Technology can do better. There’s no reason that other agricultural products like poultry, beef, or fresh fruits and vegetables can have global traceability and cannabis can’t. There’s also no reason we, as the cannabis community and tribe, can’t adopt global standards that still allow for innovation, healthy competition, and a safe and transparent way forward.

There’s also no reason we can’t do better than other industries before us and create an example for how a global agricultural industry can be redeveloped using the availability of today’s technology and information.

I want a future where I can look at the labeling of my product and with a single identifier, get access to information about who made it, where it came from, and what’s actually in it. I want a future where we take for granted that there are good principles in place so we don’t have to doubt whether the 23 mg of THC on a label is true or not. I want a future where this system is easy for myself and for the businesses associated to participate. I want to know that researchers can access and test these products and positively identify that a specific batch of chocolates on one shelf is the same batch of chocolates on 200 other shelves. I want tracking and tracing, to effectively communicate from state to state, and have information available for improved technologies to be developed. I want everyone to be able to build their startups, technologies, and businesses with equal access to information so they can all be the very best at doing what they do.

The global cannabis future is already upon us, we’re just keeping it from being effective through closed systems and APIs, proprietary technologies and databases, and consumer information sources wrought with advertising and promoted listings preventing equal and open access to everything in the industry.

I want an open cannabis future and you should too.


When I started Cannabis Reports as Smoke Reports in 2008, I was on a mission to introduce specificity into the ways we identify and talk about cannabis strains.

Seed companies had already been working for decades, traveling the globe to find complex varieties of cannabis, and working for years on breeding them together to stabilize flavors and effects to bring you the strains you know and love today. Cultivators had been keeping mother plants alive and well from generation to generation for years to create clones that would allow for exact genetic copies to be cultivated and made available to consumers.

Yet the people, organizations, and stories about the family trees for these strains were being lost.

“My dealer said it’s Blue Cow O.G. Deadhead 49er Kush. Apparently it’s a sativa with 37% THC and 5% CBD. But I really have no idea.”

We created distrust in our own ability to accurately identify what we were consuming and it’s time to gain that trust back.

To combat this distrust, and allow for specific identification, we’ve created and maintain the Universal Cannabis Product Code (UCPC). The UCPC is a specific, open, identification and codification scheme for everything in the cannabis industry whether it is consumable or not. It was created to address the complexity of identification and mis-identification of cannabis by allowing for additional specificity of where cannabis came from, who it was produced by, and accounts for the fact that batches of cannabis can differ from cycle to cycle.

Universal Cannabis Product Code (UCPC)

Universal Cannabis Product Code (UCPC)

Starting with the strain, we do not simply identify a strain as Blueberry Muffin. We identify the strain as Blueberry Muffin from Rebel Grown, or Blueberry Muffin from Sequoia Seeds, or Blueberry Muffin from Humboldt Seed Company.

Next, we identify the company that created the product. Whether it’s the plant form as seeds, clones, flowers, or shake, or the extract, edible, or non-consumable product derived from it: the specific strain identification remains the same.

The fourth section accurately identifies the individual product. And the last section allows for specificity about the individual batch of product. There, a lab test and date of production can be attached and specifically identified.

By not just having a record that says “Blue Muffin,” but a record that says “Blue Muffin flowers, from a specific seed or clone provider, cultivated by a specific producer, associated with the date and batch of production,” we can be specific. Just like it’s possible to have chardonnay from multiple sources, cultivators, or wineries, we need to have a system where “Blue Muffin” can be varied as well.

This means it’s okay that Blue Muffin over here isn’t quite the same as Blue Muffin over there. We’re accounting for the differences properly and we can do something about it.

We Are On the Way and Invite You to Join

All product, production, and company data on Cannabis Reports is available freely for all to use. Our fully documented API offers access to normalized data for nearly 40,000 different strains, flowers, extracts, edibles, and non-consumable products from thousands of companies; we’re well beyond getting started.

Opening to the public on April 20th of 2015, our API is being utilized all over for all kinds of things. As of this writing we’ve had 3,312 unique IP addresses from around the world interact with our API to utilize the data available through it. We’ve heard from data researchers, app developers, businesses, marketers, investors, medical professionals and more that the database has helped them. Heck, we have thousands of others utilizing the data for reasons we don’t even know about and we’re totally okay with that.

Involvement in open standards and open technology is not mandatory, but it certainly can make things easier.

While our team and technologies are capable of continuing to research and normalize the data out there, we also offer businesses the opportunity to take control of their information and data so that others may have a correct and accurate source to build upon. We offer business tools and insights that allow for organization, tracking, and involvement in an open cannabis future. And we don’t charge many hundreds or thousands of dollars per month for access.

We’ve started down the journey of creating open standards for Cannabis Supply Chain Traceability and are releasing them under a Creative Commons Attribution-NoDerivatives 4.0 International License so that we can all come together and discuss the basic necessities that we all need to communicate together. It’s not full of checklists of 100 different terpenes to check, or what sorts of fertilizer you can or can’t use. These standards aren’t meant to replace government-mandated technologies, although they could certainly be adopted and supported. It’s also not perfect, but it’s a start.

These standards are meant to be the very basic information and definitions we need along the global supply chain for technologies to be able to effectively communicate together.

Whether you’re in the technology of tracking and tracing, education, information, medicine, research, production, delivery, retail, reporting, analytics, or simply consumer sites for people to have fun: we have the opportunity to come together, right now, over cannabis.

“Let’s create an open cannabis industry we can be proud of for this generation, and the next generation.

Screen Shot 2016-05-31 at 11.01.19 AM

David Drake is the Founder and CEO of Cannabis Reports. Their mission: to improve the relationship between human beings and cannabis through education, outreach, and open technology.

For the most up to date info on Cannabis Reports, follow us on Twitter, and like us on our Facebook page.

Older posts