If you are one that either has a blog or is thinking about starting one, might I highly recommend you take an hour of your time to watch this.
It’s stuff that I’ve been doing (or trying to do) for a while now, but Merlin has a way of boiling things down to the simplest parts so that it makes sense.
The short version is right there and it all makes sense if you think about it. If you want more details however, you will need to follow the link.
I would be interested in reading in comments you might have about this. You know what to do.
If nothing else, I know how to communicate. Blame the Gemini in me, or my training background. It’s also evident by the number of posts here, here, here and even here. In total, more than 10 years of combined archives of stuff I’ve typed or said. That doesn’t even count the 1800 photos on my flickr or any of the video stuff I’ve done.
I know how to communicate.
I can do it in person too. One on one or in front of a group. Especially if I have something to say. It’s one of the things that fall into the category of ‘what I do’.
So, I was supposed to be on my way to Arizona today to do more of ‘what I do’, this time some property management software work, a backup configuration and some network maintenance. 2 solid days worth of work, 2 solid days worth of travel.
I talked to the site almost 2 weeks ago about this. Gave them the information they needed for the software I’m supposed to install, asked them to make a list of other computer-type stuff they would like to have me do while I was there and to give me a call back once the software was ordered to let me know when it was supposed to be there.
No call back.
So I waited. Waited a week. No call.
Called Monday to find out if the software was going there or not. Nobody was there that had a clue about what I was talking about. So, I left a message.
Still no call back.
Fast forward to this very morning. I called early so my voicemail would be (hopefully) at the end of the queue and get full attention. 9:00 came and went and I still didn’t get a call. So, I called again as 9AM was the time I was hoping to be walking out the door to the car rental place to start the drive there*. I got one of the people that could, actually, help me out telling me that the software wasn’t there and that a large contingent of people from the corporate office were there, including the President of the company.
I’m going to guess that I’m still not going to get a call back.
I would have left, but you see the MINI is a pretty rough shape. And it’s not cheap to rent a car for a week. And, without the software upgrade, it’s hardly worth my driving over 1200 miles for what would end of being less than 1 days work.
I could have being doing many other things that I am now going to start doing since I know that I will have the entire week. But, I could have started last week.
It’s all about communication.
What a depressing day. Not because of my work load. Not because of traffic. No, I didn’t get any bad news from any family member.
I listened to news radio.
What was I thinking? First, there was the ridiculousness that was the Olympic Torch in San Francisco. I’d type it all out again, but Michael already did.
Then, more on the housing problems. Coupled with news/reminder about how much the war is costing on a daily basis.
Finally, lets finish with a rousing round of increased oil prices! To which I say, no shit Mr. News Guy. I paid $3.91 for a gallon of the good stuff today and fully expect it to be over $4.00 by the end of the week, even if oil doesn’t go to $120 a barrel.
Much like going to the gym, I must remember to keep the ipod with me at all times. I mean, it’s nice to know what’s going on in the world and all that, but this much at once was just too much.
Uncle I say.
Maybe, Mr. and Ms./Mrs. News Person, next time you are going to pile it on all at once you can remember to dig out those human interest stories that you keep hidden for slow news days. Or maybe play a song, or a short comedy bit, maybe something from last night’s Letterman (He’s CBS, you’re CBS. Talk to your people).
Thank You.
So the new version of WordPress supports tagging, which is cool I guess, but I already have categories. What’s the difference?
I’ve been looking around and can’t really find a definitive answer, so here is how I will use them for the time being. I will use categories for broad organization, then narrow it down with tags. I think.
Sure tags help with Technorati searches and whatnot, but I still don’t understand it. If anyone else does, please ‘splain for me.
By the way, you are reading this and I’m at PodCamp SoCal. Full report to follow later in the day or tomorrow. Check back!
Way back in 1984, or thereabouts, when I got my very first computer (an Apple IIc is you must know), the last thing I ever thought I would have to be is a security expert. I thought it was enough that I mastered SuperCalc (and later, SC2, ’cause that’s how I roll) and make my name scroll diagonally on the screen x times.
Or, in 1989 when I was programming restaurant databases on old CP/M machines or running chain (Remanco users unite!) did I ever think I would have to be a security expert.
What about in late 1994 when I got my very first ‘real’ computer? First website in ’95, rockin’ the AOL account on a screamin’ fast 14.4 modem. Did I think I would have to be a security expert then? Nope.
Working help desk from 1997 – 1998?
Restaurant Point of Sales installation and training from 1999 to now?
Playing psuedo network/sys admin from ’00 – 02?
Nope, nope and nope.
But here we are. 2007. The internets aren’t safe any more. I’m stuck in a Windows world with Windows devs that make me use IE on office computers manned by women who could honestly give a crap about what kind of nastiness gets on their machines. Oh, but there is so much more!
My newest headache? PCI DSS.
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council’s mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.
So, not just any security, but credit card security. I would have never guessed.
As it turns out, people like to pay for car washes with those little plastic cards. About 30K a month company wide. That’s a lots of swipes! And I’ve been tasked with keeping those numbers safe. Piece of cake. Lucky for me there is a 74 page doc of the requirements, a 14 page self questionairre and 25 page doc on the certification process (that luckily, I don’t have to deal with).
So my days for the last 2 months have been clogged with implementing advanced security procedures with users that are far less than advanced. The idea of a unique name and complex password (changed every 90 days please) to my users makes them give me the Lassie look, followed by smoke from their ears.
Expensive? Not as bad as you would think. New Sonicwall internet devices are on my desk waiting to be configured and installed. It’s also getting me an upgrade on my Corporate copy of Norton Antivirus with kick ass pricing from AT&T (I know!). Oh, and a VPN in another week or so. All good.
But, this week as I was continuing on through the 75 page document to the sections I haven’t completed, I come across the dreaded section 9. Physical security. It says, in not so many words, that any device where credit cards are stored must be secure. By secure I mean
“Hey, that’s awesome db! Nice to see someone doing something to protect my data!”
Yea, hey, no problem. But, here’s the thing. I don’t have 1 location where card holder data is stored.
I have 8.
For all it’s badness, the internet does some pretty neat things. One of those neat things is make is possible for retailers to swipe your credit card and get an approval back with voucher printed in less than 10 seconds. Actually, it’s closer to 7 (yes, I have timed it). It’s about a 4K packet being sent from the retailer to the processor and then returned with a yay or nay vote. The old way, with modem, used to take as long as 20 seconds. The bulk of that time was the hand shaking that had to happen between the retailer and the processor, because even at 33.6 speeds, 4K up and back is still a pretty speedy trip ya know?
Anyway, it’s because we process credit cards over the internet this way (instead of using a modem) that I have to do all of the extra work.
Section 9 could seriously mess all that up tho. I’m all about keeping stuff as secure as possible, but honestly, it’s not cost effective to do it the way I’m required. Also, for the low volume that I have to manage, I really think it’s overkill. Besides overkill, it’s cost prohibitive for our small company. Having to do any of the items in section 9 would actually ’cause me to have to revert back to dial-up for credit card processing. No body likes that. Customers don’t because transactions take longer. Processors don’t like it because they have to keep the modems revved up, plus the 800 number to dial into. It’s bad bad all the way around.
So, I have calls out to everyone I know that is doing this right now to see how much I’m really going to have to do. I’m hoping they come back with the information I want to hear.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Feel free to use my stuff, just Be sure to let me know.