Certifications are good things, or so I’ve always thought. Though the more work I do to help achieve ISO 17799 compliance, I’m beginning to dislike them. This has been steadily adding work since I started this job in December, but now that we are only a couple weeks away from what should be our final audit, the work is coming a lot faster. We’re working to ensure everything we have in production meets the requirements of the standard, which has proved to be rather difficult.
The primary issue has been in data access, eliminating all direct SQL queries, and replacing them with stored procedures. While this isn’t that difficult, when there are dozens of systems that need updates, it adds up surprisingly quick.
Security is always a good thing, and when dealing with sensitive personal information of thousands of people, it’s very important. So I’m not complaining about the security required, but when you are trying to cleanup from years of more relaxed practices, it takes a surprising amount of work.
I like free stuff, I really like free stuff from Microsoft, as they normally have good free stuff, and this time, it’s a free copy of Visual Studio 2005 Standard Edition, and a couple other goodies. Here’s the list:
- Microsoft® Visual Studio® 2005 Standard Edition (Not for Resale)
- Five chapters of Programming ASP.NET 2.0 Core Reference, by Dino Esposito
- A 30-day hosting account to try out your custom Web applications
- Microsoft Developer Security DVD with how-tos, white papers, tools, webcasts, and code samples that demonstrate how to write more secure code
- A 50% discount on a Microsoft Certified Professional Exam so you can add your new skills to your resume
- A voucher that allows you to buy Visual Studio 2005 Professional Edition with an MSDN® Professional Subscription at renewal pricing (a $400 savings)
Not a bad grab bag if I say so myself. Want the details?
- You have to be in the US or Canada
- You have till April 17th
- You have to watch 3 ASP.NET related webcasts
Sounds like a deal to me, I’m in. Here’s the link.
Magazines are great, I really like just being able to pick one up, lay back and do some reading. Development magazines, not so great. They tend to have a higher price, far less content, and more ad pages than content pages. Eric Sink think they are dying, and based on the announcement that “Software Development” is being dissolved, looks like he’s right.
It’s too bad really, I almost hate to see them go, but I have to ask, do they really have any relevance in the modern development world?
When I buy something, I expect support. When I buy something expensive, I expect really good support. That may be asking too much, but that’s just how I think. Now, when I contact the vendor for support, I expect to talk to somebody that understands the product. When I bring up an issue that gets me on a conference call with a Vice President and a Project Manager, I expect them to give me accurate data.
Seems not everybody thinks that way.
We recently installed a new communications system at work, this is basically two servers (one was an old database server we already had), and a bunch of wires. This $40,000 gadget manages our phone systems, one of its components is a $14,000 reporting system (that’s what the old DB server was used for). This reporting system is a rather complex bit of software, one that I’ve spent the last 5 weeks trying to figure out.
When I first heard we were installing this system, I was rather excited as it uses MS SQL Server as a back-end, so writing custom reports should be easy. So I dug into the (limited) documentation and set to work. After a couple days I had everything in place for my most important reporting project (it’s used to report details for part of a major banks customer service department). After a few bumps, it was done and was a bit of a hero for getting it running so quickly.
There were several more bumps on the road, most due to odd, conflicting, or confusing data, but it looked like we were slowly getting there. About a week ago, an issue was brought to my attention, one of the numbers looked wrong, so I dug into the data deeper than ever. I almost had a heart attack. Two of the most important items on the report were wrong, wrong by almost 50%. Not good.
So several phone calls later, we hit a dead end, we just can’t get any answers. So one of our executives asked if we had cut the check for the system, turns out we hadn’t. So the word went out to not pay until we could get some answers. Not too surprisingly, when the vendor found out we hand no intention of paying until it was working properly, they finally agreed to give us what we were asking for: answers.
Those answers came in the form of a conference call with a Vice President and Project Manager from the company that created the software, if anybody understood this software, it would be them. I guess luck wasn’t on our side. Of all the information we gathered from them (and confirmed more today), here’s the parts that matter:
- The documentation is completely wrong
- They don’t understand the settings for their own product
- They don’t truly understand how their own product works
- They can’t answer a question without first blaming it on something else
Somehow, I was hoping for real answers, not more clueless people.
After spending $14,000 on the system, as of yesterday, they wanted another $27,000 to create reports and add-ons to do what was promised when we bought it. That’s doesn’t include any user training, or the thousands we lost due to under billing because of the bad data.
I expect good support, seems not everybody thinks that way.
While reading a post on Paul’s blog, I came across a rather interesting guide to “better email” – while I tend to disagree with ever deleting an email as author suggests often, this looks like a worthy read.
Yesterday the WordPress team announced a new version of WordPress, the blogging software that powers this site, that resolves a couple security issues. So me, being the security conscious person that I am, decided I had to upgrade, that was a two hour adventure.
Due to some of the unique aspects of my theme, I’ve had to modify some of the core WordPress files, that turned out to be a bad idea. I had to convert all of the PHP & JS files to DOS format (after finding a Windows version of unix2dos) and then convert the diff file to DOS format, then the patching began. Getting the patch to apply to my modified files turned out to be an interesting experience, to say the least. Though after about 30 minutes of tweaking, the patch finally applied cleanly.
All in all, it took a little more than two hours, but now I’m secure again. 
