While I have over two decades of experience with computers, I am a novice with networks and I appreciated the chapters on switches, VLANs, routing and Quality of Service. It was written well enough that I could understand the basics and the graphics he used helped me understand the concepts.

Donahue has some great comments in the back about how to sell your ideas to management and how to be more professional (instead of just a techie).

Overall it was certainly worth my time reading this. If you are interested in a better understanding of how networks and network transports work, this would be a useful read. If you're a network expert and don't need to deal with Cisco equipment, it's probably a waste of time.

I was installing a new VPN client on my main machine and, foolishly I will add, had two different VPN clients (one using IPSec and one using SSL) connected already. When I installed the new VPN client, about halfway through the install both of my current connections were severed and my machine went into an automatic shutdown. No problem I thought, I'll either uninstall and reinstall the VPN or just continue the VPN install and I'll be fine. Well, this install leaves something around to let it know an install was in process. Perhaps I could have figured out what that was and cleared it, but I figured it was a safer bet just to restore the system to the point before the install. Sure enough, there was the restore point waiting for me. I restored back to that point in time and re-ran the install (not connected through the VPN this time!) and everything worked out nicely.

By Alan Cohen from Law.com
Corporate Counsel
October 31, 2008

If there's one tried-and-true way to tackle a problem, it's to make it someone else's problem. It's the strategy that's given us plumbers, fluff-and-fold laundry and lawn services. Yet for a long time, corporate computing didn't really lend itself to the pass-the-predicament model. Sure, you could hire consultants to troubleshoot your hardware, patch your software and get all the PCs and servers talking to one another. But at the end of the day, it was your system -- and your headache.

Delegators take note: The times are changing. An increasingly popular software model tries to make things simple by -- get this -- literally making things simple. Known as Software as a Service or cloud computing, the idea boils down to this: Instead of running an application yourself, using your own equipment and IT staff (not to mention ...

Organizations are increasingly looking to next-generation social networking tools to conduct sophisticated business intelligence and analytics. In many cases, they are mining data and looking for trends and patterns, such as which salesperson has the relationships to pull off a deal or which customers seem to have the biggest influence with others online.

Cloud computing environments will contribute to the expansion of SaaS into areas beyond ERP, CRM and HR management systems. Rob DeSisto, analyst for Gartner, says organizations increasingly see the benefits of moving large-scale software expenses from the capital budget to the operating budget.

Saavy IT managers are now looking for ways to automate and embed security and compliance processes across the value chain, including on mobile devices. Surprisingly, a key challenge is one of perception, not technology. Companies must get over the idea that security and compliance systems are simply insurance against problems, and that they dont improve the business in ...

It's powered by Postini, so the back end looks good. But, I like to try these things out before rolling them out to customers. So, I decided I'd sign up my business domain for the service. I get a little bit of spam, generally it's caught by the filters in Outlook or on my server. I was using StartLogic, which I'd been signed up with for about five years. To make a long story short, after much gnashing of teeth and trying different things, it turns out that StartLogic's mail servers can't handle the Google Message Filtering service. I believe it has to do with the way the MX records are described and how StartLogic figures out which domain the mail belongs to, but I'm not sure.

So, I decided ...

I have nothing against corporations or even republican conservatism. But neither the means nor the end ever seemed as important to me as the manner of the journey; and love, equality and justice have always felt like better principles for a manner than achievement, winning and owning for their sake alone. These fundamentals that ring so true in every heart seemed absent often from the rhetoric of success Id often hear.

But sometimes getting out into the sun reveals more scenery than you guess. I met two brothers yesterday, who described themselves as the original LinkedIn. Though they sold insurance, most of their day was connecting people and businesses to each other and to funding. Their courting of VCs and VC target companies was strategic, to be sure, but a complete indirection to selling insurance. The direction was to expand their network, to participate in community and thereby simply by being known, succeed at insurance.

Almost be existing they are flourishing, Sum Ergo Sum.  This strikes me as a lot more productive than fighting to convince a client of my value. By sharing it is easier to receive, and we get to more malt syrup or is it? Its easier to believe in love and sharing when everybody with ...

It has been endorsed by no less than Bill Gates himself, who claims that it's a wonderful tool. Any time you use it, it is obvious that it has terrific analysis, provides great insight, and boy does it have a beautiful website.

There is in fact only one problem: it doesn't work, which is always an interesting thing with technology, because the fact is The metadata that Xobni collects provides an incredibly rich view of related conversations and related people and the fast indexing is faster than built-in search in Outlook, in finding specific people for contact information or other information about conversations with people.

So how can it then not work when it works?  Well if you have more than one inbox open in your Outlook profile, Xobni reduces the responsiveness of outlook to a crawl.  Adding 15 seconds to every click, between an email, or to the calendar or between contacts means that it literally takes half a minute to go through two emails.  This means that without typing a single word you can only read 2 emails a minute ...

As programmers, we have often been tricked into thinking that we should be writing code all the time and anything less and were not being productive enough. I know I often struggle between writing code which I enjoy, have some skill in, and can easily see my results and doing other important project tasks.

When I was working on Word for Windows 6.0 (and there's a whole 'nother story about why it was numbered 6.0 rather than 3.0, since it followed Word for Windows 2.0 the short quote is 6 is larger than 3) Chris Peters (who has since left Microsoft and brought the PBA back into prominence) at one of our team meetings made it clear to us that, in order to ship Word 6.0 we needed to remember that our job wasnt to write code or test code or any of those things. Our job was to ship Word 6.0. Now often that would mean, as developers, we should write some code (or fix some bugs) but we needed to think each day about what we could do that day to help ship Word 6.0. Some days that would mean not writing new code (and new code is the worst it has to be tested, localized, documented, etc.). Sometimes, the best way to finish the project would be to talk with our program manager and see about cutting a ...

Sanitizing Input Strings

Most developers are aware of SQL Injection attacks and know how important it is to sanitize input strings such as names, email addresses and any other content. (kxcd has a very funny cartoon about such exploits). Steve Friedl has a good article on how attackers find such holes in your applications. It's critical for web application security that you make sure inputs are properly escaped before using them in database queries. Perhaps in a future post I'll talk about some strategies for doing that more effectively. And remember that you must sanitize all input, not just strings. Sure, you have a <select> list to allow the user to pick which type of pizza they want and you've given them numbers (1 = cheese, 2 = sausage, 3 = veggie combo, etc.) but that doesn't stop someone from sending you a request where the pizza type is a string with instructions to change the admin email address to their own.

Preventing Problematic Output

But it's not just SQL Injection attacks we must be concerned about with sanitizing user input. What happens to your application if a user can put HTML in their ...

I know that many people run their code and if it looks like it works they figure - Great, I'm done! But while seeing that it performs as expected is one test of your code, seeing your code in action gives you a much better sense of what's happening and whether it's going to do the right in every case.

Let's take a look at a contrived example in code. I'll use PHP since its what I'm using for most of my work these days, and I'll simplify the code so it's clear what's going on.

function getItemFromDBOrCache()
{
	$fInCache = false;

	$fINCache = foundInCache($row);

	if (!$fInCache) {	
		$row = fetchFromDB();
	}

	return $row;
}

If you run this code, your program should work fine. Yes, the cache isn't used, but if you don't have an easy way of checking that, you'll never notice the uppercase typo on the $fINCache line. But, if you set a breakpoint on this function and step through each line, you're very likely to notice the problem (even if there are several lines between the pieces of code in the example). You'd see the cache return the item and then the code still fetch the item from the database. Doing a good code review would probably also uncover this problem, but usually that's later in the development process. I suggest stepping through all new code when ...

Join me June 23, 2008 for a very interesting discussion on society, business and technology:

Topic:       Thriving in the New Social Internet

Speakers:  Dr. Charles Kreitzberg. Alberto Molina, Anne Kreitzberg
Location:  Sante Fe Grille Upstairs private dining room
Date:       Monday June 23, 2008
Time:       6:00 8:00 PM
Suggested Contribution:  $15 per person for room, appetizers, beer, soft drinks, tax + tip* 

Overview:

The new social world of the internet represents far more than finding a friend on Facebook or keeping a diary online for anyone to see. New Web technology, also referred to as social media or Web 2.0, is unstoppably shifting the way we communicate and interact with each other for business. The question is not if this affects you, but how will you fit in?  Will you be a wallflower or the center of the party? The panel will discuss new opportunities and challenges for companies in this dynamic environment.   Our focus will be presenting ways your business can understand, approach and thrive in this new social and communications landscape.  Don't miss out on this opportunity to leverage your understanding of web social architecture and how you can make this changing landscape work for you and your organization!

This morning, we experienced a service outage starting at 8:42 AM EDT. Service to most customers  was restored by 9:55 AM, with all customers having full service by 10:10 AM. 

The outage was initially caused by a primary power outage at our Saratoga Springs data center (the result of a severe thunderstorm):

This was followed by issues with some of the UPS ((Usually!) Uninterruptible Power Supply) units being unable to continue providing power until the data center backup power became available. This resulted in server shutdowns which caused the service outage. 

You may be thinking:

Why didn't your redundant datacenter in San Francisco kick in?  Why didn't your 4000 kilowatt diesel generators kick in?  The answer is, we don't have them. 

What we do have is our "Guaranteed Availability with 24/7 monitoring of server systems and a 99.9% Service Level Agreement" which is satisfied year after year.  We continually strive to offer you the very best prices with the highest level of support and reliability.  We are constantly upgrading our infrastructure striving for 100% uptime for all of our systems.

We have taken the following two measures immediately following this morning's power failure:

1. greatly reduce the likelihood of server shutdowns caused by power outage

a.  Implementing additional monitoring of our UPS battery packs, with 'deep-discharge' activities to be scheduled as necessary

b.  Adding additional UPS's in our racks to increase the amount of time we can run on battery power before server shutdowns occur

     2.    greatly speed the restoration of ...

My main audience at this point is the development staff at Topaz Group. We are separated both by space and time. By space, because we are spread out and do not share offices or even the same area code. By time because I know there will be new developers coming after me, some of whom may join only after I leave. And while there will be development documents and design documents that may be private, I also want to write about how one does a good job of developing software.

Obviously, by making this public, I also hope that there will eventually be other readers (and, once we advance the tool some, we'll even turn on comments so you can make yourselves known). As with the Topaz Group developers, I would hope that I have some words of wisdom to new developers.

I've been in the business of developing software for over twenty years now (and "writing computer programs" for over thirty years if you take a broad definition of that phrase. Perhaps later I'll write down some of my early experiences for historical sake) and I've had the opportunity to learn from some remarkable people and make some mistakes, which helps the learning process. So, I'd like to pass on that learning to whomever is interested. Hopefully you'll find some of it useful and you'll come back to read more.

Last time I reviewed one of two books on security that I had recently read. This time I'll review the other book - Secure Coding: Princeiples & Practices by Mark G. Graff and Kenneth R. van Wyk (and published by O'Reilly which puts out excellent books in general).

This is a great book which I would recommend developers, testers and managers read. Even operations folks could get something out of this book. It's a different book from the Security Development Lifecycle in many ways. It's shorter and doesn't provide the step-by-step methods that SDL does. It is very easy reading, with just a few coding samples. It provides some great real-life examples of security flaws and some creative solutions.

Graff and van Wyk give you a lot of things to think about and some problems to avoid and ways to do things right.

One of their better suggestions is to come up with a metaphor of your application (or a particular feature) when you are designing the architecture. Rather than thinking about people making seat reservations (for an on-line ticketing system, for example) come up with a different model and think about how someone might attack that. Because, they point out, someone attacking you isn't necessarily following your model and architectural security flaws are the most difficult to solve.

This is another book I'd suggest you read and have on your shelf.

The meat of the book (Part II)  is an explanation of the stages of the Security Development Lifecycle (SDL) process. The authors do a good job of explaining these steps and how you can implement them in your own project. I think the SDL is a great process for improving the security of a software project and would suggest anyone who is concerned about the security of their software project (which should be just about everyone working on a significant software project) should read this book.

I would recommend this book for managers and developers (even though the authors point out it is not a book with code samples and examples of how to write better code). I believe if developers know more about the how security issues crop up and can be handled, they will be better equipped to write solid code.

Rather than a mass customer base, advertising on these blogs gives lobbyists unbridled access to an extremely valuable audience: Britains political elite

<font style="margin:0px; margin-bottom: 9px; padding:0px; font-size:16px; color: #990000; font-weight:normal; line-height: 23px;">&lsquo;Rather than a mass customer base, advertising on these blogs gives lobbyists unbridled access to an extremely valuable audience: Britain&rsquo;s political elite&rsquo;</font>

Every time I hit the "clear" button, which is the apple equivalent of Num Lock, I got a little squat sound like the fart of a beetle.

This is the apple system sounds equivalent of "Doh," congratulations you are blocked.

I searched Dr. Google and apple help and this is what they had to say: "to turn on and off num lock, hit the num lock key."

In other words, thanks but no thanks, come back again another day ... nada amigos.

Well if you're thinking of pulling out your hair try this first:

NUM LOCK can be deactivated on the mac by hitting option FIVE TIMES.

This is a setting controlled in Universal Access. Hitting the option key FIVE TIMES enables keyboard control of the mouse, in the event you neglect to plug in your rechargeable or get some other bunk mouse situation.

The only indication is that when you hit the 4, 8, 9 and 2 keys on the num pad, the mouse pointer moves a smidgen.   BUT THE NUMBERS DON'T WORK, as if the devil himself were laughing as you try to give someone your phone number on IM.

So try hitting that option button FIVE TIMES to deactivate universal access and see if that's the solution you'r looking for.

Here ...

When we think of hosting we think of having guests at our house.  We think of music to play and finger food.

Our business is taking the time to understand the equivalent of tea time in the digital age.  Our business is communication, the kind of effective and enjoyable communication we look for at the homes of our friends and relations.

Just because so much transacts online now, does not mean the rules of courtesy, attention and mood have gone away.  Online communication with living breathing and valuable associations is our specialty.

To do this well we have a discipline of understanding technology, the tools of our trade.  Just as washing dishes isn't the point of tea, servers aren't the point of hosting - you are.