Reaction to Transparency

I caught myself having (what I thought was) an interesting reaction to some online posts recently. I’m telling the story here because I think there might be a little insight into human reaction.

Someone (I don’t remember who) posted a book recommendation on Twitter a few days ago. Apparently by the time I saw the post, it had “gone viral”. The author subsequently posted something along the lines of “If I would have known what kind of reaction that was going to get, I would have added an Amazon Affiliates tag to that link”.

If you don’t know, Amazon’s Affiliate program is basically a commission program. If enough people that click on your special link buy something, you’ll get a little bit of a commission.

At this point, I specifically looked to see if the link had an affiliate tag in it. I don’t know why, but I had a feeling of “you’re not going to sneak one past me.” I was interested in the book but didn’t decide to buy it at that point.

A couple of minutes later, I saw a subsequent post from the same author that also linked to the book on Amazon, but this time he said something like “Here’s one with an affiliate tag included. It won’t cost you any more and why should we give Bezos all the money?” My reaction was completely different this time. I clicked the link and bought the book immediately. I think the decision was more about wanting to participate in the fun (like now we were working together to put one over on them) than because my desire for the book had changed.

It was interesting to me how blatant transparency completely changed my reaction.

.Net/Web development challenges with Time Zones (Part 1)

One of the learning curve issues when moving from a client-server environment where all the application users were in the same building to developing for the web is dealing with different time zones.

Dates have times whether you want them or not

The first time I remember being bitten by the time zone issue was a several years ago and it’s probably not what you’d expect.

My application had an Order table in a SQL Server database with an OrderDate field (DateTime data type). I wasn’t interested in the time part, so I was setting the value by using DateTime.Today, which gives today’s date with the time part set to 00:00:00 (midnight).

My test user called me to say that his OrderDate values were showing up off by 1 day. When retrieving the order, the web server was returning the order information in JSON. I didn’t realize at the time that browsers will automatically “time-zone-shift” JSON dates to the browser’s computer’s time zone. So, if the order date was “1/1/2019 00:00:00” and the test user’s time zone was 6 hours behind UTC – the browser (not realizing that the time part was not significant) translated that value to “12/31/2018 18:00:00”. My UI was formatting the date to only show the date part, so the OrderDate field value was showing as “12/31/2018” when it should have been “1/1/2019”.

This turned out to be a much trickier problem than I initially thought. This was when I realized the need for a Date data type (since there wouldn’t be any concept of time zone shifting with a Date-only type). I know SQL Server has a Date type, but C# still doesn’t.

At the time, I was in a hurry so I cheated a little bit. I started stamping the time part as noon (12:00:00) as opposed to letting it default to midnight (00:00:00). I didn’t care about the time part and it’s never displayed. This gives me 12 hours leeway in either direction with the date part being changed. Apparently some islands in the Pacific do have +13 and +14 time zones, but I was pretty sure that particular application wasn’t going to be used there.

That application has since been retired but I never found a more elegant solution to this problem. If anyone knows of one, please let me know.

Free SSL Certificates

About a year ago, Google started flagging unencrypted (available using HTTP as opposed to HTTPS) websites as “Not Secure” in the Chrome address bar. They have also started taking into account whether or not a site has HTTPS for purposes of search rankings. In other words, lack of HTTPS will affect your SEO.

Side note: HTTPS encryption is frequently referred to as SSL and the certificates that allow this are almost always referred to as “SSL certificates”, but this term is not technically accurate any more. SSL was the original cryptographic protocol used for HTTPS but it is obsolete and not considered secure any longer. TLS is what’s used for HTTPS encryption now, but the term “SSL” stuck.

For years, the general consensus was that you needed HTTPS for sites where you entered a credit card or things like that, but that for general information sites (like blogs) there was no need to encrypt the information. That consensus has changed over the last few years.

Most people have historically bought “SSL certificates” from a vendor like GoDaddy with prices starting around $75/year. A few years ago, a service called Let’s Encrypt was introduced by the Internet Security Research Group. Basically – they offer free certificates to encourage people to use HTTPS.

It sounds too good to be true and I was skeptical when I first heard about it, but it’s legitimate. I’ve been using their certificates for about a year. I’ve used them for websites running in AWS and Azure. There’s a little bit of a learning curve in learning how to get them to issue the certificates for you but once you figure it out, you won’t ever need to pay for certificates any more. (Blatant commercial message – we can help you with this learning curve.)

Posted in IT

Keeping up with time (Just do it)

For most of my adult life, I’ve worked in professional services where billing was done by the hour, so tracking time was a necessity – which doesn’t change the fact that I’ve always hated doing it.

Even when I was tracking my time, I almost always did it after the fact, meaning – I did the work and then when it was time to complete the timesheet – I figured out how I had spent my time for the previous day (or week).

I’ve been making a conscious effort to track my time in real time. (I’m using the timer in Toggl.) The first barrier to this for me has been that I have to figure out how to categorize this particular block of time, and I want to get started on doing the thing I’m about to. Tracking time is almost never done to just have a log of how you spent your time, but to accumulate time into “buckets” to be analyzed and tracked (and frequently – billed). In the past, I ran into similar issues when trying to start budgeting money in Quicken.

I’ve learned that there is value to getting in the habit of tracking your time even before you’ve figured out how you’re going to categorize it. In not much time at all, I’ve starting thinking – just before starting a new task – “I’m starting something new” and click the button to start the timer.

Purge Your Data

Georgia Tech has suffered a data breach. I hadn’t heard about this until today, when my college age son received a letter from the school letting him know that his personal information (including date of birth and Social Security number) “may have been accessed”.

The Atlanta Journal-Constitution reported that “1.3 million current and former students, faculty and staff members” may have been affected. The article also notes the irony that this happened (twice) to the “world renowned university with lauded computer science programs”.

My son has never been a student at Georgia Tech. He did apply a couple of years ago but never enrolled. I can’t think of any reason why his personal information still needs to be in their systems.

It gets worse.

Two letters from Georgia Tech were in my mailbox today – the one addressed to my son, and one addressed to a former resident who I happen to know. (She taught one of my other sons in high school a couple of years ago.) Her letter was sent to where she lived in high school and used her maiden name, so I’m assuming she also applied to Georgia Tech. (I also know that she didn’t attend Georgia Tech.)

We’ve lived in this house for 16 years, so she applied at least that long ago but I’m betting it was closer to 20 years ago. I really can’t imagine that Georgia Tech needs personal information but applicants who didn’t enroll from 20 years ago.

Too many systems are designed with people thinking of how to get data into the system without any thought of purging it when it’s not needed anymore.

Georgia Tech’s enrollment is ~27,000. If you do some basic math, it’s hard to come up with a good reason for there to be 1.3 million people’s personal information in their systems.

Breaches happen, but I’d much rather do crisis management for a breach affecting 100,000 than 1 million.

Purge your data.

Posted in IT

Stuck print jobs make Windows Server UI drag

There’s a Windows Server (2012 R2 to be specific) at a client’s location that I occasionally have to login to via RDP. The last couple of months the UI performance was painfully slow. Because I usually just needed to get in, check something quickly, and get out – I hadn’t spent any time tracking down what was going on. (It was still performing its “server duties” adequately so this wasn’t a huge priority.)

The other day, I decided I would spend a few minutes tracking it down. It turned out that there were 51 jobs in a print queue for a printer that was no longer physically on the network, but the printer share was still available on the server.

As soon as I deleted these print jobs (and the printer share), the UI performance was dramatically better. Obviously the shared printer shouldn’t have been left there and I know that the print jobs were taking up RAM, but I was surprised at how drastic the effect on performance was.

Posted in IT

Consider CAPTCHA

A few days ago, one of my clients called to say that their credit card processor had suspended their account because their website was being used to submit fraudulent charges and that a CAPTCHA mechanism needed to be added before they would reactivate the account.

By Scooooly – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=47265558

We’ve all been required to complete a CAPTCHA process when doing something online. I knew the general idea was to make sure that the website was being used by a human and not a “bot”, but, I’ll confess – I really hadn’t given them much thought prior to this.

Google’s reCAPTCHA documentation begins by saying “reCAPTCHA protects you against spam and other types of automated abuse”. This was an eye-opening example of automated abuse. I’m still not exactly sure what was being attempted, but my best guess is that hackers were using the site to test combinations of digits to come up with valid credit card numbers, or something along those lines. Because this form was setup for donations and no merchandise was going to be shipped as a result of valid credit card charges, I hadn’t thought about the possibilities for this to be abused.

Example of Google reCAPTCHA v2

Luckily, using Google’s reCAPTCHA tools – it only took an hour or so to add the functionality to the site. I used v2 (pictured above) because that’s the one I was most familiar with, but I was very interested to learn that Google has now released reCAPTCHA v3 that doesn’t require any user interaction.

Now that I’ve seen an example of non-obvious (at least to me) abuse and how easy it was to add CAPTCHA functionality, I’ll be reviewing other sites to see if there are other places it would make sense to use this. I’m encouraging you to do this to.

(BTW – I never knew that CAPTCHA was an acronym for “completely automated public Turing test to tell computers and humans apart”.)

My Team Won so I’m Better than You

It’s the morning of the Iron Bowl 2018. For those that don’t know this is when my alma mater (Auburn University) plays their arch-rival (The University of Alabama) in football. In the state of Alabama, this is a really big deal. Bragging rights are at stake for a whole year.  If my team wins, I get to give the other teams fans a hard time about it all year. And really (if I’m completely honest about things), it means I’m better than them – at least for a little while.

When you think logically about it, it’s really strange that how one group of young (typically 18-22 years old) men (that I don’t know) do on a football field today compared to another group will affect how I feel about myself. (Full disclosure – my team is predicted to lose badly today, so that could lead to my philosophic frame of mind about this.)

This isn’t limited to just sports fans. Unfortunately, for many of us, which political party you identify with has become your “team”. Self worth is tightly linked to how your side does compared to the other side. The other “team” is the enemy. Their supporters are evil and must be defeated – not just on the athletic field or at the ballot, but in life.

It’s much easier to claim “our team’s” victories for our own (“We won! We won!”) than to actually get in the arena and win your own battles. Confession – when Auburn won the National Championship a few years ago, I paid a lot of money to be in the stadium and was overwhelmed with joy when the game ended. (“We finally did it!”) But – I had nothing to do with it.

Enjoy the games today. Good luck to your team. But – after the game, I’ll be working on my own game plan that will actually affect my life. I hope you’ll join me.

More thoughts on Gratitude

Several years ago, I took my kids to see Diary of a Wimpy Kid at the movie theater. The way that the main character ranks himself in comparison with the other kids at school really hit me between the eyes. I thought “I do that”. I’m not proud of it, but I do. (If you haven’t seen the movie, you can see what I’m talking about here.)

A few months ago it occurred to me that – wherever we put ourselves on the list – most of us spend a lot of time looking “up” at the people we’ve ranked higher than us and plotting on how we can climb higher, when we should “look down” and try to figure out how we can help those that we perceive as below us.

I was trying to explain this to someone and they (correctly) pointed out “you shouldn’t think you’re better than some people and not as good as some others”. I tried to explain that I knew I shouldn’t, but if I was going to have this bad habit, at least changing my focus from “looking up” to “looking down” might produce some good out of it.

I recently realized that – I don’t think this inner monologue of ranking myself in comparison to others was really about “better” or “worse”, but about who I perceive as having more than me, and who has less. There are definitely people that have more than I do, and people that have less than I do. When I look “up”, I focus on what they have that I don’t. That’s called “coveting” and it’s not a good feeling. When I look “down”, it makes me grateful for what I have and (hopefully) makes me to want to help those with less.

Grateful for the New Year

Happy New Year!

2017 was a year of changes for me. My oldest child graduated from high school and went off to college. In my work life, I finished the project I had been working on for a couple of years and, for the first time in about 20 years, felt like I had a little time to breathe and not have to put out fires constantly. At the end of August, I was able to go on a mission trip to Honduras that was eye-opening and provided a great opportunity for reflection.

At this point, I’ve started a couple of new work projects and plan to hit the ground running as 2018 starts. My New Year’s resolution is – to work on having an attitude of gratitude.

I’m reading a great book by Brene Brown – The Gifts of Imperfection (Let Go of Who You Think You’re Supposed to Be and Embrace Who You Are). She says: “Without exception, every person I interviewed who described living a joyful life or who described themselves as joyful, actively practiced gratitude and attributed their joyfulness to their gratitude practice.”

That sounds pretty good to me, so that’s my resolution – count my blessings and practice gratitude.

I hope you have a joyful (and grateful) New Year.