Unified Security Code

Posted on by Michael

Don’t you just hate it when you’re all excited about something, but you can’t really explain it (or talk about it) to people around you?

Let me give you an example. Today I finished testing/debugging some security code that Summer and I put together. It is basically a one-stop shop for UCS developers to secure their PL/SQL applications. But… I can’t really talk about where it is (not in here). I can’t explain the subtle programming interwoven into the algorithms (even though it rocks). I can’t really talk about how to use it (although it’s commented). I shouldn’t even talk about what programs use it, and which ones don’t.

However, I can tell you that with this new code, every developer can secure his/her PL/SQL applications with just a few, quick procedure calls. Each application can have it’s own security that works in multiple ways. Programmatically, Summer and I do things differently (partly due to who we work directly for). So it not only handles ‘my kind’ of applications, but hers as well. In general, it should cover basically any LDAP authenticating PL/SQL application.

I can tell you that I have two applications successfully migrated to the new security, and so far am quite pleased.

Work Order System (revisited…)

Posted on by Michael

In a previous blog, I had mentioned my intention to build a Work Order system for Housing & Dining. The idea was proposed to take this new system and combine it with two existing systems – the UCS Service Request Line Helpdesk application and the Landers Computer Lab Helpdesk application (which a student work of mine wrote a few years back…).

At first I was quite confused, as ‘fixing toilets’ seemed to have little to do with a student checking a computer in to the lab to have a virus removed, or a professor needing help with their computer. I was having a hard time seeing the inter-mingling, but after a few lessons in stepping back, and seeing the big picture, I finally began to understand why the 3 systems could be combined into 1 new large system.

Anyway, long dramatic story short, the compromise has been made to leave the Work Order System as a separate system – but continuing with the idea to combine both Helpdesks. After more thought I really think that combining the two helpdesks is smart – for many reasons that I won’t list here. And I got a lesson in taking a step back (or for me, 4 steps).

This is gonna work out well – especially since Alex has a new CSS (stylesheet) already for the new project, and he really knows the ins and outs of the current UCS helpdesk – so redesigning and rewriting one system to do the job of both should be easier than average – especially with the two of us working on it together.

Audio Conference

Posted on by Michael

Today I was fortunate enough to attend an Audio Conference in Hamersly Library room 205 from 11am – 1230pm. The title of the presentation/Q&A session was “Cyber Profiles: When Facebook and Myspace Come to Town”. I think this is a relavant topic today because Cyber-Communities are becoming increasingly popular.

As the ‘technology’ representative of both Housing & Dining I was invited to attend as I bring a different perspective to the table, in the chance that questions of that nature were raised. Fortunately for me, I was almost completely an observer – and few technology questions were raised (most were raised in the room – some of which I answered).

But it’s an interesting topic. Students are forming more and more intracate relational networks in online communities. But how much is too much? Sites like MySpace are really raising questions about confidentiality, anonymous web usage, stalking, privacy and information sharing. It’s is amazing to me that people are willing to add their cell # or even an address to a ‘public’ website (which most likely has their picture on it).

It raises a signficant number of other questions for folks down here, such as the Judicial Affairs staff. How do you deal with a picture of people in a residence hall drinking together? Can people be held responsible via the web? Where is the line?

From the numerous subscribing schools, viewpoints and questions from all ranges where expressed. I was pleased to hear that the prevalent wisdom was not to ‘beat them’, but to ‘join them’. Why shouldn’t the schools have a presence in the web communities? Why shouldn’t we be taking advantage of this opportunity to meet students’ needs on their ‘own ground’.

I think a balanced and healthy view requires understanding not only the technology but the ideas and the opinions behind sites like MySpace. Basically I’m saying that I’m going to get me SomeSpace so that I can understand the technology and even possibly integrate some of that technology into what we do here.

Ya, Standardization is good…

Posted on by Michael

I don’t really like starting documents (including Blogs) with So.

So, Summer and I have decided to create some standardized PL (PL/SQL) security code for all of the developers to use.

Background:

Since the large migration (Wilbur to Aero) and LDAP push, I’ve noticed that some of my older applications are not using the more recently developed security technologies. In my personal decision to move projects over to LDAP authentication, I decided it would be a good idea to make sure my own (by my own, I mean a bunch of tips, tricks and code that I’ve modified and combined from AskTom) security code is A-OK. So I met with Shaun to go through the security code I’m currently using, so as to make sure it’s up to snuff. Anyway, Summer wanted to sit in on our meeting – cool – 3 heads are better than 2.

Finally, the culmination of that meeting is that we are going to take Summer’s pre-built form and LDAP authentication and combine it with my Cookie Obfuscation and Security Code to make one unified ‘package’ that all developers can use unilaterally for a huge variety of PL apps.

One of the primary issues we are going to face is the integration with existing projects and CSS (stylesheets). Summer’s current approach fits her existing needs, but we’ll have to expand it’s functionality to be able to utilize it effectively so that I can use it interchangeably as well.

Conclusion:

UCS developers will have a single location and set of dev-friendly code that has already been tried and tried again. Security for all PL apps will be highly secure, and security can be troubleshot (troubleshooted ?) by many different people. Now if we can just get everyone to use it (once it’s done) …

Work Order System

Posted on by Michael

I’ve reactivated one of my previously planned projects. My goal is to turn the current paper Work Order system into another PL/SQL program.

Some people might be asking themselves “What’s so wrong with the current system? If it ain’t broke, don’t fix it!”

Ok, I can dig that. KISS – Keep it simple, stupid. It’s a Computer Science principle that is designed to keep people like me from turning molehills into electronic mountains – and I try to live by it.

However, in the case of the WOS (work order system), it IS broke. Not only does it require the equivalent of at least 2 full sheets of paper per work order, there is very little accountability from group to group. I’m no tree hugger, but if I can save 2 trees a week by writing a digital system, then I’m all in.

So this WOS would allow students, staff, etc… to all have the ability to create a WO (Work Order) and track it’s progress. The maintenance shop will never have to hear “I wrote that like 3 weeks ago…” even though they only got it today. Staff can check on the status for residents, and make sure the maintenance folks are doing things in a proper timeline (which I don’t think is ever really a problem).

I think everyone wins. Why? The students can directly report WOs and don’t have to wait for anyone to give them to maintenance. They can also provide an email address to be notified upon completion.

Staff can monitor the progress of WOs and report that status to residents or others.

Maintenance can’t be accused of not getting WOs or losing them – as everything is recorded digitally.

So the design is a little complicated, as many different folks are using it for many different purposes. But it’s gonna be a challenge and I like challenges. In the end, student needs get serviced quicker and more efficiently with less waste.

Palm (aka "the devil")

Posted on by Michael

Hi, my name is Michael … and I’m a technology fan.

I like to tinker, to play, to test, to try. I enjoy the newest, the smallest, the largest, the fastest. I appreciate fine design and the engineering and innovation that does into today’s technology.

However, I’m about to rant about Palm – and their lack of … well – everything.

I loved my first Palm Pilot, the m500. It wasn’t all super colorific and didn’t play MP3’s. It did it’s job. It nagged me when I had an appointment and kept my life organized. Yeah.

Then the problems came. It would freeze, or hang, or just wouldn’t respond to my tappings. The digitizer would get all messed up so that when I touched here on the screen it was always clicking things 1/4 of an inch over. Very hard to hit some things. So I’d have to redigitize. Like 10 times a day. AND I DIDN’T REALLY USE THE PILOT THAT MUCH!!!

Anyway, so I can live with an occasional problem, BUT! Then my screen wouldn’t respond to anything and the pilot is dead. What does Palm say? Well it’s not under warranty, and even if it WAS we recommend that you upgrade.

Upgrade? Cha-CHING! I’m all over that. Color, sound, lasers (ok no lasers) but upgrade is always a good word.

But you know I’m not a fool. My momma told me you’d better shop around. So I did. Alot. I had it all picked out, and made my proposal to the money people. Alas after all that searching – everything was in order. So I went to buy it. Oops!!! It had been discontinued (but had only been on the shelf for about 6 months). Discontinued? It’s still brand new? Like 5 or 6 people have bought one? What’s up with that?

So, new faster research, more money but a nicer model. Ok, I can deal so can the money folks. And it’s a good pilot, I still have it.

But now you say “that’s not so bad, what’s your issue?” Well I got a pretty nice model, but then other pilots down here start to die or need replacement. No problem I say, we’ll just order one of min…. wait. They are discontinued. Holy heck.

So, back to the research department, check with UCS, it checks outs – so we buy like 3 or 4. They are OK.

Now for the kicker (yes I’m still telling the same story). Tina’s lovely 505 dies a flaming death so we buy one of the previously mentioned models for her, and 2 more for Mark and Patrick whenever their’s give up the ghost.

Suddenly last week, Tina’s pilot starts doing naughty things – like not telling her about meetings with the VP. Naughty. Anyway, Joan finds this support document that says Tina’s pilot is not supported. But wait! I checked with UCS before we bought these. That SAME document said Tina’s pilot was OK and good to go.

So now I’m angry. Not only will Palm not release a quality pilot for less than $400, but they keep changing the rules. And every 6 months there is a new pilot. Why can’t they just make a quality model and SUPPORT IT!

Anyway, so now I’m thinking about investigating Pocket PCs. Seems like a neat toy, and apparently they are not so high maintenance.

We’ll see.

Something embarrasing…

Posted on by Michael

Well you can’t always be the man (or woman).

Today we finally finished ghosting our non-critical lab machines. Now you might ask, “Why haven’t you ghosted the machines before now? It’s like the 6th week of the term…” Well I have no excuses, and I’m not proud of it, but they are finally ghosted.

Once configured (a day or two) some of them will go onto the shelf as backups and some will be used to fill out the Landers Computer Lab. We will also, most likely, make a new image for the Landers Computer Lab, after we finish tweaking one of the machines. That way we shouldn’t have to do hardly any tweaking in the future.

Now that school is in, and our student load is down, we can finally start attending to projects that have sat and sat waiting for us to pass the most crucial time of Fall Move-In…

Well that time is here. And the time is now.

Oh mighty Solaris!

Posted on by Michael

Well today I joined in a group that was finishing up the Solaris 10 install on a little box in ITC 008. Mike and Shaun were fighting with VI (vi ?) trying to modify a text file so that we could more appropriately use the OS to do what we want to do.

I was a little late to this little party because I have been invited to the OUR (Housing & Dining) Staff meetings which are ALSO on thursday mornings – from like 9am till 10ish. So those every other week meetings occasionally conflict with my now-standard thursday 930am-11something UCS staff meetings.

But it’s all OK – I can make it work.

So after watching a short portion of the modification of this text file (which was an OS file I’m guessing), we rebooted and could not login.

TRAVIS TO THE RESCUE.

He taught us all something about logging into a slightly-hosed Unix machine ( that I probably won’t remember ) but included in it a little lesson about physical security. It was like watching a good cartoon. It’s funny, exciting, action-packed…. but there’s a lesson to be learned. A little something about real life that you and I can learn from those muscle-laden, gun-blazing, trash-talking superheroes we all know and love ( it’s OK if your cartoons are plush, soft-speaking, carrot-eating jokesters).

Anyway, as we were doing all of this to eventually install Oracle 10g, and get it up into test, we finished this step relatively close to a meeting I had scheduled, so decided to adjourn.

But I can’t wait to get 10g going. So much new stuff, and we need to see if some of our existing applications will be compatible with the new DB platform. Basically we are going to start catching up, which makes me excited.

wOOt.

Sophos

Posted on by Michael

In my last blog, I said “…the only constant is change…”. Well that’s sure true today.

Our mighty and gentle giant Sophos has been much less of a pain than many other Antivirus products that we’ve used in the past.

Today we finally got to see the meaner side of Sophos. Before I continue:

DISCLAIMER: The following information is AT PRESENT a matter of opinion as it has not been conclusively tested to the point of fact.

So bascially Sophos, it appears, seems to be disabling the ability of some residents to surf the web. In many cases IM programs, Sophos update and other web-oriented programs work, but neither IE nor FF will download and view a webpage.

John Rushing had received about 5 calls over the period of 20 minutes and we knew something was up. Upon further investigation it was found that 90% + of machines exibiting this functionality (and the total number of affected machines is unknown – we’ve received probably about 50 calls, although reports of entire communities being offline have been reported) could be ‘reconnected’ by disabling Sophos Services.

In most cases re-enabling the Sophos services did not re-disconnect the computer from the ability to surf. So as we continue to gather evidence and sort through the myriad reports, we only know Sophos seems to be the root of the problem. But it’s a computer, so who knows?

More to come on the not-so-criminal investigation of the Surf-Killing Sophos…

Is it Sophos? OR something far more sinister…like falling buttered toast taped to cats?

Inquiring minds want to know…

Please click here if you want pictures and can brave German.

Software Life Cycle (and Philosophy)

Posted on by Michael

I recently returned from a trip to Hawaii (my wife and I went to a wedding) to find out that one of my software programs had crashed during a critical time. Luckily for me, enough WORKING ‘duplicate’ reports existed for the data to be extrapolated from the DB and sent to the appropriate department.

However it forces me to pause and reflect. Selah.

Everyone with a CS degree should have learned about the Software Life Cycle. It’s an interesting model that can be viewed in many ways. Basically very few programs are ever written, tested, modified, released and then never touched again. As the only constant is change, and this truth extends not only through our personal lives but into the working world as well – I’m given pause to consider the Software Life Cycle.

Things change. Let’s face it, but what is the best practice for things like software that can change both quickly and significantly. It turns out that my programmatic issue was a DATA issue (compounded by another system recently upgraded unfortunately producing slower access times). But as a Software Engineer (SE) I should be able to deal with that. Or should I?

Who’s job is it to maintain the QA of ‘the code’? Is it my job as the SE to guarantee (which is a dirty word with computers…) that NO MATTER what comes my way the code should be able to stand? Is it the job of the DB engineer to structure the DB in such a way so that many things are not possible – thereby eliminating many ‘required’ checks and error conditions, etc…

I’m not going to propose ‘the answer’ or an answer at all.

Users want stability…and consistency. The SE wants to be able to efficiently generate code to meet the users’ demands. Is there a responsibility by the SE to train the users to use the program correctly, thereby again eliminating much ‘required’ error checking, etc…

As a SE I don’t want to bloat my code with 400,000 checks and re-checks to make sure that every possible condition that CAN exist will be dealt with. That creates as much as 2-3 times as much code – which itself can be buggy. Is it alright that when a users does something REALLY unintuitive and totally against what the program is supposed to do that they get an ugly error message and have to contact me? Is it alright that when someone else’s system has data integrity problems that it can create ugly error screens for my users?

Should the users have to put up with that?

Should we (the SE’s) always have to make sure that even when things go wrong that the user gets sweet and clean messages and everything’s still pretty and happy? Should I be expected to have programs that never crash (or at least crash hard) ?

Well fortunately I have great users and my programs don’t crash often. Users understand that program do occasionally crash. Not everything can be considered beforehand. Sure it’s my job as the SE to keep them from crashing frequently. But with an average of 5 minutes to fix most problems, where is the line?

Where is the line?