IT Deployments for Noobs
How can an inexperienced "tech guy" help his organization IT-wise, if outsourcing isn't on the table?
As an unwittingly frequent mentor to technical hopefuls, it's hard to draw the line between "sure just follow these steps" and "it's over your head, outsource if at all possible." How do you distill half a decade of experience into an email? Here's a case study:
Security for Developers
Here's the slides from my Technical Brownbag today at Gangplank.
Thanks for having me, guys! Please comment on your thoughts or anything you have to add.
Edit: One of the biggest security holes is the HTTPS issue. Please please PLEASE install and use an SSL cert on every webserver you run. WordPress, webmail, and anything else you run on your server is woefully insecure without HTTPS.
Also: Make separate database users for each app, and make their passwords at least 10 random characters. No sharing of users or passwords!
Security for Developers presentation slides (PDF)
Here's the raw text of the slides:
Security 101
Most people are blissfully unaware of what security means in the 21st century, despite using 21st-century technology daily. Many nerds are aware of attacks like viruses, trojans, and phishing, and many computer users are familiar with the idea that passwords are important and that their hard drives' data can always be recovered, but there are whole areas of security people are totally ignorant about.
This is a quick-n-dirty primer on security issues you probably don't know about (or aren't protecting yourself from.)
How to Solve ‘You do not have access to logon to this session’ error in Windows XP via Group Policy (GPO)
In order to login via Remote Desktop on Windows XP, you must be a member of the local machine's Remote Desktop Users group. This is slightly different than on Windows Server, where you can modify the permissions of Terminal Services and define custom groups to be allowed access.
Additionally, you've probably tried to change the GPO setting under Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment for 'Allow log on through Terminal Services' and discovered that it still doesn't work fully for non-Administrators.
The solution is to add the group, or the user, that you want to be able to login remotely, to the RDP computer's local Remote Desktop Users group. You cannot add people to the Active Directory domain Remote Desktop Users group, because this group is "local" to the Domain Controller only. So how does an administrator add a user or group to all client workstations' Remote Desktop Users groups without going to each computer manually? Use a GPO:
- Create a new Group Policy Object at the domain level (or OU level, if you know what you're doing.)
- Edit the new object
- In the Group Policy MMC, browse to:
- Computer Configuration/Windows Settings/Security Settings/Restricted Groups
- Right-Click and choose "Add Group"
- Add 'Remote Desktop Users'
- Select the group and choose the allowed members (for example, 'Domain Users' or create a new group called 'Domain Remote Desktop Users')
- Do a 'gpupdate /force' command on the target Remote Desktop computer. If you check the local group membership, you should see your new group now a member of the local Remote Desktop Users group.
- Attempt to connect to the target computer as a member of your new group.
(Instructions derived from Standford Windows Infrastructure.)
Email to Honda
I recently had my car serviced for an intermittent, weird noise-- it's 3 years old and just started making a weird clutch noise over the past few months. My experience was pretty average (read: mildly frustrating) and my response to a Honda phone survey resulted in a disappointed voicemail from David, the service advisor I worked with, and an email from Honda asking for a lengthier fill-in-the-blanks survey. Here's what I wrote in response to that survey email, word-for-word, typos and all:
I should clarify that the "didn't take my issue seriously enough" comment was what the phone survey representative wrote to summarize the below diatribe. David stressed in his phone call that he did take my issue seriously, which I guess is true, but is beside the point. I finally have distilled my main point down to "they could have done more, and earned my money, but didn't, and made me feel frustrated/dissatisfied as a result."
On Mon, Apr 12, 2010 at 9:14 PM, Will Bradley wrote:
I'm unable to accurately fill out this survey in a meaningful way.
The service advisor, David, called me in response to a phone survey I took, asking why I'd answered some questions with a rating of less than 5, any why I'd logged a comment that it "didn't seem like they took my issue seriously enough." He implied that any rating less than all 5's would negatively impact his career.
If I recall correctly, a "5" was "Excellent" -- if a friend asks me how good the best experience I've ever gotten from a mechanic or auto dealership, I will answer "pretty good." If Honda is expecting customers to answer "excellent" -- in other words, excelling or exceeding all expectations -- they will need to reinvent the auto industry,
Right-Hand Navigation in Website Design
This is a comment I posted on WebProWorld after a quick Google search to see what the consensus was on right nav in webdesign. It represents my current analysis of the issue.
I think, when designing your site, you should know which direction visitors' eyes will go. In L-to-R reading countries, this is top-left to bottom-right with few exceptions. In R-to-L reading countries, this is probably different.
There's a new trend in websites (especially blogs) where the content is the message (and, to some extent, the navigation.) In this case, the designer is saying "those links on the right are useful, but you probably want to read this content first."
I think the left-nav assumes that people want to know their navigation options before looking at the content. This is fine for a site like www.wellsfargo.com where there is hardly any useful content-- only links and calls-to-action. They know that 80% of their users simply want to login to their online banking, thus the login box is the first thing you see.
By contrast, www.lloydstsb.com is saying "yeah you probably want to log in, but first check out these other things!" Also note that Lloyds can't make full use of a 1024px-wide screen because many people browse with non-maximized browser windows, thus clipping off the right edge-- Wells Fargo's site can be a full 980px wide because everything important is in the left 80%.
One right-nav site I use as an example is www.southwest.com -- they have a large splash message on the left, and "book a flight" as the leftmost and topmost navigation options. This splash-then-nav strategy would work great for image-oriented sites, like an artist, real estate, or other site that NEEDS a large introductory image or block of content.
Business, government, and conglomerate/departmental websites, however, would probably do best with top-only or top-and-left navigation, since the website's main purpose is to direct you to the appropriate subdivision and not to present interesting content (at least right away.) For example: a right-nav on fedex.com would just be confusing. A right-nav on a large university site would probably not go over well.
I think the emphasis over the past few years of quality content over page quantity is a good thing that ultimately reduces frustration. If you do have quality content that people want to see right away, you can do them a favor by highlighting it on the left, with secondary things like navigation on the right. A design that clearly defines the right-nav will further assist users in "seeing out the corners of their eyes" that the nav is right there, even as they glance at your left-oriented content.
Javascript Countdown Timer
Better code for doing a date-based countdown in Javascript. The top results on Google appear to have been written in 1990 and are unnecessarily cumbersome-- here's a version I wrote for a quick Christmas "countdown" webpage.
One major advantage to my version is that it compensates for the date in a given timezone, so that it counts down to the same exact second regardless of time zone (assuming that everyone's computer time is accurate) instead of "rolling" across time zones. This is done by taking advantage of the way numerical timestamps are stored (always in GMT) and the .toUTCString commands. For an even more accurate rollout, I used inline php code to populate the timestamp number and also perform some logic when the server thinks the time has been reached, so that users can't simply change their computer's clock to see the result (which in this case is just reloading, since my PHP should have replaced the server-side HTML by that point.)
If you'd like to see the inline PHP that handles the official rollout, leave a comment!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | <html> <head> <script type="text/javascript"> /* Javascript Countdown Timer * Will Bradley (www.willbradley.name) Dec. 2009 * Code released publicly without any warranty or license. */ function showtime() { dateString = new Date().toUTCString(); now = Date.parse(dateString); xmasDateString = new Date(1261724400000).toUTCString(); // The long number is December 25, 2009 in Javascript's .getTime() format. You can put almost any value in here, including plain english dates. xmasDate = Date.parse(xmasDateString); dd = xmasDate - now; dday=Math.floor(dd/(60*60*1000*24)*1); dhour=Math.floor((dd%(60*60*1000*24))/(60*60*1000)*1); dmin=Math.floor(((dd%(60*60*1000*24))%(60*60*1000))/(60*1000)*1); dsec=Math.floor((((dd%(60*60*1000*24))%(60*60*1000))%(60*1000))/1000*1); if(now > xmasDate) { // Put any "countdown done!" code here. I've got it reloading in order to pull new info via a coordinated PHP countdown, but you could put anything. window.location.reload(); document.getElementById("secs").innerHTML = "Reload the page for your gift!"; } else{ document.getElementById("secs").innerHTML = dday + "<em>days</em>" + dhour + "<em>hours</em>" + dmin + "<em>minutes</em>" + dsec + "<em>seconds</em>"; timerID = setTimeout("showtime()",1000); } } </script> <style type="text/css"> body { background-color: black; color: white; text-align: center; font-family: Lucida Sans Unicode, Lucida Grande, sans-serif; font-size: 12px; } h1 { color: #ee0000; font-weight: bold; margin-top: 150px; font-size: 4em; text-transform: uppercase; } h1 em { color: white; font-style: normal; margin: 0 0.5em 0 0.25em; font-size: 0.4em; } </style> </head> <body onload="showtime()"> <h1 id="secs"></h1> </body> </html> |
Re: Gangplank Looking To Move Downtown
This is a reply to a post here: http://gangplankhq.com/2009/11/gangplank-looking-to-move-downtown/
Whether Tempe is a poser or Phoenix is sucky or Chandler is a thriving tech incubator is somewhat diluted by their public perception. I think perception is reality-- if the public thinks something, it becomes a self-fulfilling prophecy.
Moving Gangplank to Buckeye would be a harder sell than moving it to Downtown Phoenix-- people would whine either way, but Buckeye isn't perceived as a technological place whereas Downtown Phoenix seems like an objectively logical choice. I've only lived in Phoenix since '04, but Chandler/Mesa/Gilbert doesn't seem like an objectively logical choice for technology incubators. It might be in practicality, but I think that would shock most Valley residents, and so unfortunately you're working against public perception which is an uphill battle.
It's hard to be "the best collab space in Phoenix" if you're actually 10 miles outside of Phoenix and a 30 minute drive from the city center. If Gangplank doesn't want to be, that's fine, but it'd be helpful to explicitly state this so guys like myself don't write short blog-essays in vain.
New personal site
This site is the personal blog counterpart to my professional site, zyphon.com