Category Archives: Personal Views

A U.S. State paid over $1,000,000 USD (million) for “fake” security in their web application!

I have the “pleasure” of interacting with a software for a US state that was contracted out to a third party.  The third party vendor is not known for high caliber software, but what found recently while digging around their web application really made me cringe.

When you first login to the application, a little modal pops up and alerts you to the fact that it is connecting to secure servers.

I noticed after the redirect, I ended up in a non-ssl web application.  I mean, literally, no SSL ANYWHERE.  Every piece of information posted back and forth to the web application is done in PLAIN TEXT across the magical internet pipes.

This piqued my interest, and led me to dig around the HTML/JS that was loading during that modal.

To my surprise, NOTHING was being done at all!  This piece of code literally LIES to its users, suggesting that it is going into secure channels.

Knowing the state paid over $1,000,000 for this web application makes me sick to my stomach.  The system has been plagues with issues since launch, (as most web applications do), but this really is going above and beyond.  Seeing the commented “alert” let’s me know someone was debugging this thing at some point.  What was the time spent to write this code (essentially misleading users about security) vs the time it would have taken to install an actual SSL certificate?!

BioCrap_SecureLogin

Tagged ,

“Just Let Me Code!”

http://beta.slashdot.org/story/204979

LOL!  I have certainly felt like this before.  Knowing what I “love” to do and what I “have” to do.  We always talk about avoiding the “M & M’s”.  Managers and meetings.  Time sinks that can easily corrupt a development plan.  Getting into coding was so easy.  You pick things up, learn, and just hammer away at the keyboard.  Once it becomes a profession, it changes.  Schedules, deadlines, technology you didn’t get to choose.  It becomes more of a dodge and weave scenario vs a creative process.

Why I am in Washington, and programming with SAP!

So now that I am finally settled in to my new location, and Comcast has finally connected me online, I can post an update.

Long story short, my business partner and I developed some software over the last few months over long nights and weekends.  Very quickly we drew the attention of several investment interests.  Over several weeks, meetings, and countless demos we were dazed and confused.  We couldn’t decide if we wanted to continue running the company and keep in our direction, to bend to investment teams whims and wishes, etc.  Like a shining light, we happen to discover a company based in Vancouver, Washington who was looking for additions to their team, specifically developers in the industry we JUST BUILT SOFTWARE FOR!  It was like the ying to our yang.  Several meetings later, and we were sold.  We needed to move ASAP in order to begin integrating our technology stack, ideas, and begin solidifying a framework to revolutionize our industry.  We fell in love with the team, the direction they were on, and were in company of some seriously talented people.  We knew this was it, exactly what we had envisioned one day.

The background of our team members is as diverse as it is talented.  Most of the development team, support, and infrastructure is done within SAP’s platform of services and tools.  We are diving head first and using our intense .NET knowledge to leverage SAP’s enterprise level data and SDK.  It is a little different, leaving the web (temporarily), but all in all I believe our talents will do nothing but benefit the team and we will be able to bring strong development background to a team and industry that need solid development.

Why am I in Washington writing SAP?  For an industry.  For my team and family.  For my future, and the push for premium enterprise grade programs.

I’m back!!

Back from my wedding (which was awesome)!  Married my best friend of 13+ years, girlfriend of 8+ years, and fiance of 3+!  Years of planning and saving went off without a hitch!  I am excited to have seen all of my family and friends together and excited to start the next chapter of my life!

SummerAndI

Tagged

A Rare Connection: My Photo Shoot with John Schneider

A Rare Connection: My Photo Shoot with John Schneider

Wow.. Right in the feels.  The power behind these shots once you realize the context they were taken in.

Tagged

“Our project has been 90% complete for a year now…”

“Our project has been 90% complete for a year now…”

We have a running joke in my office about people/project who are “90% complete”.  I can’t tell you how many times we’ve talked to a client who says “Yeah, I hired this guy like a year ago.  He said it would take 4 months to make my web app, but here we are still not 100%.  We’re like 90% done, we just need that little push to get us to 100%”.  We take a quick look at their application (say e-commerce) and find out you can’t manage products, check out a cart, sign up for a user account.  Very far from 90% indeed.

Or clients with a WordPress theme jam packed with Lorem Ipsum, and stock photos.  Not to mention on their live URL, causing SEO issues.

90%?  Suurrrreeee…

What people don’t realize is that software is never 100%.  You’ll never make it to 100%.  No software that I know of was released at version 1 and has never changed.  It’s constantly being updated.  Tweaked, fixed, broken, you name it.  What owners of websites/web applications need to realize is that your project is an ongoing deal that will need constant attention, updates, etc.  Things change.  Business relationships, sources of data, needs of the business.  As business changes, so will your site/application.

I used to think I could sell someone a site/application, shake hands at the end of the project and we both walk away happy.  After 10+ years of development I’ve learned a few things.  One of those things is that you become personally invested in a project for the life of the project.   I have some software applications 3-5+ years old, still chugging along.  Written with horribly designed, non object-orientated code, but running.

I now know every website/web application I touch has the potential to stick with me for years.  The client could potentially use it for years.  It makes you think twice when you write code.  You want the system to make sense to the “next guy”.  Sometimes that “next guy” is future you.  I’m sure future programmer me, would fire current me because I’ll learn more, change my ways, adapt to ever changing technologies.

I also learned that there is no 100%.  You can be stable for some time, days, weeks, months, years, but there will be some need for attention in the future.  We know consider all of our projects 90% complete, and we plan to work perceptually on it.  Knowing that nothing can ever be 100% done in web.

Tagged

Minimum Wage Was Once Enough To Keep a Family of 3 Out of Poverty

Minimum Wage Was Once Enough To Keep a Family of 3 Out of Poverty

In 1968 the federal minimum wage was enough to keep a family of 3 out of poverty!  Think about that for a minute.  Today’s federal minimum wage, $7.25 / hour.  80 hours of work, you take home $475 after taxes.  $240 a week…

Tagged

Tired Of “Hiding”

I realized something recently.  Throughout my “internet lifetime” I have used a ton of unique usernames.  They usually are related to the person I am at the time I make them, but that person changes.  I think back to all the times I answered questions on forums, or expressed my opinions.  All those people I helped, all that information I left I the internet, lost.

I think it’s time we own up to who we are.  Why do we choose to remain anonymous on the internet?  Honestly, what benefit does it provide?  I’d rather leave my legacy and have people know who the person behind the moniker is.  I’ve begun changing all of my accounts to use my real name.  Reddit, XBOX Live, WordPress, my domain name.  Everything.  This way, good or bad, the world can always know my stance on issues, or know who helped them.