Web Dev class Demo Day

At last Saturday’s Demo Day, 3 groups from my Web Scripting and Development class showed off their projects to Dean Goldstein (Bachelor’s Degree Program) and Professor Villegas (Chair – School of Information Technology).  The impressive projects were built in a relatively short amount of time and incorporated technologies learned in the semester such as PHP, Javascript/JQuery and MySQL  on a Linux environment. One of the primary aims of the course was to enhance students’ knowledge learned in basic database, programming and web courses and apply them in a semester-long series of quick discussion and cookbook-like implementation of web technologies used in the ‘real-world’.  Other neat features seen at the demo included Paypal integration and Social Media plugins.  I think Wilson, Dunvan, Edgar, Arthur, Lyuba, and Roberto did well and are on their way to apply their new skills in their jobs and/or internships!

Wilson and Dunvan – Tech blog: http://bit.ly/HAMIDF

Edgar and Arthur – Tablet Site: http://bit.ly/Hf3fdM

Lyuba and Roberto – Culinary art blog: http://bit.ly/HHf8tB

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
  • email
  • LinkedIn
  • PDF
  • RSS
  • StumbleUpon
  • Twitter
Leave a comment

IT’s not that bad

The Director of IT job has evolved dramatically compared to, say, 5-10 years ago.  Most technology systems are hosted, cloud-based, and there are a myriad of new devices to support.  While it has always been challenging, I’m surprised that apparently being Director of IT is the most hated job according to this Yahoo article.

I have first-hand experience being IT Director for a number of years and here’s what the experience taught me:

It’s (or IT’s) a thankless job
IT is supposed to work.  All the time.  Never mind that wireless networks are not reliable, Internet connections drop, hardware dies, software license expires, and users continuously download unsafe stuff from the Internet.  IT has to work.  And when IT doesn’t, it’s your fault (I’m looking at you, Mr. IT Director).

Everyone’s a tech
All users think they’re technophile, techies, technologists because a) they use Facebook/Twitter/Foursquare/latest social media or mobile fad; b) they have ‘super fast’ connection at home and have every device at home connected to the Internet; c) they read TechCrunch and can recite every new acronym and shiny device’s specification.

Nothing to deliver
If you’re a developer, you have your code and working system to show.  If  you’re in sales, new accounts.  If you’re IT, what?  Not even 5 9′s uptime is enough (What, NOT 100%?!?). And even this were true, I’m sure your Network and System Administrators would take credit for it :)

So while the above are grim, I do not think it is that bad to be labeled the ‘most hated’.  There’s always a delicate balance between maintaining a stable system versus keeping employees happy, and maintaining a healthy balance is one of IT’s bigger challenges. In IT (and being the Director, at that), you have the choice of creating and implementing policies that you think would best keep that balance.  You need to be involved in all things technology — and these days, that’s pretty much everything — and keep abreast of changes.  I think that’s exciting!

The job also requires certain personality to thrive in.  If you’re the person who needs constant taps-in-the-back, this is not the job for you (“Hey look, I was able to connect everyone remotely and securely via this elaborate tunnel I created!”).  If you’re happy being in the background, admiring the constant hum of a working system, plus being able to be calm when things don’t work, IT’s not that bad.

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
  • email
  • LinkedIn
  • PDF
  • RSS
  • StumbleUpon
  • Twitter
Leave a comment

Making sense of PCI Compliance

One of the interesting tasks at my previous startup was securing PCI compliance for our system.   Important (and required by law, at that) to any site that does credit card processing or transaction, the exercise proved to be a challenging process.

Here are some notes and tips learned throughout the experience:

1. Do your own security scan/check to catch the usual suspects — SQL injection, Cross-site scripting and other services’ vulnerabilities (CVE).  While it’s true that most frameworks should address these concerns, I found other interesting exploits during the scan.  Here are two sites that were immensely helpful: XSS cheat sheetSQL injection cheat sheet.

Take note of those tests that fail in your vulnerability scans.  Add them to your test library and routinely check against them for any page or module you add.

2. Ensure that you have strong security and network policies that you are implementing religiously.  Although an audit is not usually required for most of the websites that process credit cards online, it still behooves you/your company to actually implement the policies you’ve checked off.  Also, most of the vendors would routinely check your site every few months or so to ensure continued compliance.

3. Work with your vendor, ISP and other providers.  Some CVE are outdated and frankly, idiotic.  So be prepared to challenge the security vendors’ vulnerability assessment with some proof from your ISP and vendor.

4. Compliance != Security.  Don’t be lulled into a fall sense of, well, security once you have achieved compliance. On one hand, most of the vulnerability scans will probably re-occur after certain number of months. On the other hand, you should always (pro)actively seek ways to improve your system.  Security, as I mentioned in my earlier post, is not some software you install, or some certificate from a vendor you can hang your hat on.  It is an ongoing process and a mindset.  Design your code and architecture with security in mind and you have taken the first important step towards securing your applications.

Note/Aside: You could also ‘outsource’ compliance by handing off the responsibility to a payment gateway that does processing and saving of credit card information.

At the end of the day, the exercise proved to be helpful not only for compliance’s sake, but forced us to re-think and update our security policies.  More then acquiring that security assessor’s compliance skill, the entire experience afforded an added layer of peace of mind against common attacks and vulnerabilities.

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
  • email
  • LinkedIn
  • PDF
  • RSS
  • StumbleUpon
  • Twitter
Leave a comment

Bayside Scrabble August 19

The takeaway from last week’s tournament is that I’m rusty, having not been in a tourney in 4 months.  There’s inconsistent tracking, missed phonies and apparently a game I shouldn’t have won because we misscored magnificently.

Still, I learned that I actually finished third a few days later — I’ll take it.

Some interesting stats and notes below (Plus, Adam’s lovely SFOrZATO play).  Play along!
Game 1 vs Paul (331-440) Play
Game 2 vs Jim (375-282) Play
Game 3 vs Jeremy (365-311) Play
Game 4 vs Verna (427-436) Play
Game 5 vs Adam (374-389) Play
Game 6 vs Nancy (425-449) Play
Game 7 vs Peter (403-372) Play
Game 8 vs David (470-388) Play
Game 9 vs Elston (362-378) Play
*challenging TIC, misscored his AUNtIES play by 12 (after him saying it should be scored as a triple-triple, which I found really funny); on my penultimate play, I verified the score with him — he had me down by some 60 odd points.  When I bingoed out with LANCIERS, plus tiles on his rack, our count showed me winning by 6.  He did not ask for recount.  Weird game, all around.  I should note too that before this game, there was a lengthy discussion about overdraw/playing with 8 tiles/etc between Elston, Adam, David (whom I was playing against) and Ginger — while the other games are at play.

Bingos (mine – 14): DaRKNESS, iNSANER, TROpHIED, GReEDILy, LANTERNS, MAlARIA, CERTAIN, NEGATRON, ETESIAN, WEANERS, sCROOGES, CABINETS, SNORTED, LANCIERS

Bingos (theirs – 13): AVERTER, OvERSOFT, AIRIEST, HANDIEST, AMNIOTE, SFOrZATO, sTERIGMA, ENDITERS*, INQUEsT, DAUTIES, FRAUlEIN, NEROLIS, AUNtIES

Missed/interesting plays/options: BORnITIC, GASOGENE, SECPARS, GOMBO, THECA, ANHINGA, hOSSANA, uNKISSED, TARDO, BELGA, wITHEROD, TOPOS, KRAAL, CLARKIA, ENSLAVED, WAFTURES, OXIDATE (with OXID on board), CANEWARE, nOVALIKE, GORcOCKS, GRACiOSO, STAYSAIL, SATIRISE, OVERPLOT, AUXESiS

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
  • email
  • LinkedIn
  • PDF
  • RSS
  • StumbleUpon
  • Twitter
Leave a comment

One

Matthew has recently discovered the joys of walking.  He would scoot and blitz his way to the nearest bench, book, toy,… anything.  He would flap his arms, waving mightily against the wind, squeaking in delight.  He would trot from zero-to-too-fast in 6 seconds or less.  His apt nickname is Dash.

What I have discovered, as any nervous first-time parent would know, is that I am more scared for him that he for himself.  When I hold his hand, he would drag me to where he wants to go.  ’Hurry up, old man!”, he must think.  I would say “Slow down” and “wait up” and he would deliriously pull me along.

What’s this got to do with Tech and Startup (the defined topic of this blog)?  Not much, really.  You could push it and say that your startup is like your baby as it experiences the joys and pains of growth.  You could say taking baby steps and walk-before-you-run mantra (although I shudder to think when Matt learns to run.  How can I now catch up with him?  Ah yes, learn to let go…. om…..).

But none of those quite matter.  In the grand scheme of things, Matthew has dashed his way to One.

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
  • email
  • LinkedIn
  • PDF
  • RSS
  • StumbleUpon
  • Twitter
Leave a comment