Web Software Architecture and Engineering – Life on the Bleeding Edge

Archive for December, 2008

SQL Server Script: Backup a Database to File

Sometimes you need a simple script to backup the full DB to a file.
Some of the uses of the script I found were:

  • To create a nightly job; simply have a hard file backup on a drive
  • To generate a file on demand for restore to other environments (dev/stage/uat)
  • And to be part of some build process

This script automatically appends a timestamp, so each time you have a fresh copy of the DB. Works great for us! See the associated restore script as well.
See: http://blog.tech-cats.com/2007/10/sql-server-script-to-backup-database-to.html


Tracking Holiday Packages

One site:

  • takes all tracking codes (Fedex, UPS, etc)
  • provides a Google Maps display
  • provides RSS feed functionality

What more code you ask for?

Amid Layoffs, Adobe Posts 11% Profit Jump for Q4


Grading PCI Compliant Managed Hosts

In this post, we’ll try to create a grading system for PCI Compliant Managed Hosts, which I’ll later
use to go over several hosts whom I’ve been interviewing and dealing
with over the past 3 months.
This is all new territory for me, and for the industry. There is no coherent grading system, and its hard to tell the newbies apart from the gurus.
So you’ve scoured the web, and looked at lists. By this time, your initial shock may have subsided. Shock? Yeah, you’ve had no need to narrow your list as the list is already small. Why in the world are the rest of the hosts so behind? Are those $9.95 e-Commerce plans PCI Compliant? Probably not. Does it seem like 95% of the world doing e-Commerce actually doesn’t meet most of the PCI specs? Yup. Should you be scared about where and whom you buy from online even more? Yes.
So let’s take a look at the hosts. They tend to fall into categories pretty easily.
Tier 4 (Highest) – These guys rock. The eat PCI Compliance for breakfast.

  • May belong to the PCI Security Standards Council
  • Should be able to provide a pretty detailed diagram of the setup
  • Should be able to provide a dedicated Account Exec, along with an in-house team of experts (Sys. Admins, DBAs, etc)
  • Should have certification with Visa for their Cardholder Information Security Practices (CISP) standard for compliance, along with experience with Sarbanes-Oxley, HIPAA, etc
  • Have expertise in other areas like SAS 70 Certification

Tier 3 (2nd Highest) – These guys have experience, but are far from experts.

  • These guys don’t have formal processes to handle new clients for PCI
  • They usually have done several clients in the past, and are “getting better” with each new client
  • They usually put more emphasis on the initial sales pitch, but drag their feet for details

Tier 2 (2nd Lowest) – These guys are new, and may actually be making stuff up along the way.

  • I know, my rating system is getting harsher, but these guys may advertise PCI, but aren’t prepared in the least.
  • They may offer some sort of PCI Toolkit, but their implementation (and/or understanding) of PCI is flawed.
  • They might think of PCI as a patch, or some extra hardware.
  • Their sales people (and/or tech reps) are barely trained to talk PCI.

Tier 1 (Lowest) – These guys advertise PCI, but wouldn’t know it if it stared them in the face.

  • Their sales process is extremely weak.
  • They have little to no understanding of PCI Compliance.
  • They bad mouth other host.
  • May offer “special” pricing to hook you.

PCI Compliant Managed Hosts – GSI Hosting

GSI Hosting was really aggresive from the get go about talking on the phone. Once I did, I knew I was talking with guys who knew their stuff, and were in a completely different league. Not only are they experts in the security area for a while, but they’ve gotten PCI down, and can ask all the tough questions, and answer them right back. They were quick to bring all the necessary experts in the room.
As you can tell, I felt very comfortable with them. Plus, two key points really helped them, one they are among a few certified by Visa as a model for others (and from what I can remember, they even host some of their servers). Second, the company itself started out with CF (in the Allaire days).
It became quickly apparent, these guys had their technical and business chops. They talked about the competition, and how their ROI was different because you would achieve the highest level of PCI Compliance, because they didn’t offer toolkits, but their whole environment from the ground up met or beat PCI Standards. What this meant was no unforseen costs, you host, you’re compliant under their certification by Trustwave.
They also offered tons of flexibilty. Needless to say I was impressed.
Unfortunately, their cost structure put them at par with Rackspace. But, as you can tell, their was a world of difference between them and Rackspace. We tried really hard to get the cost down, as GSI ended up being my top choice, however they still ended up high, and with the economy, management could not support an increase in spending at this time.
There is so much more to say about these guys. So how do I rank them. Most definitely Tier 4! I would highly recommend them if PCI Compliant Managed Hosting means a lot to you and want premium support and services.

PCI Compliant Managed Hosts – Rackspace

First off, a lot of people like Rackspace. Their website looks very credible, they are publicly traded, and the seems to know what they are doing.
However, my dealings with Rackspace, over the past several years, has shown them to be the opposite. Case in point: PCI Compliant Hosting.
Rackspace offers a “PCI Toolbox.” You can tell right away this is not going to be good. At the bottom of the page is a contact our sales team link, and you have to basically fill out a form, which is what I did.
When I originally did this, I did not hear from them at all. Looks like they were too busy for me. 10 days later, I filled it out again, asking if they wanted my business, and they got back to me in 24 hours. I told them about my needs for PCI Compliant Managed Hosting, and they transferred me to someone, who was supposed to know what I was talking about. That person never responded. Days later, I emailed again, and got a generic response. I told them what I needed a quote on, and was told to wait a couple days. I waited.
And waited. Next I emailed again, and this time got a response from a 3rd person, that my quote was being worked on. I asked about how they met PCI Standards, and got generic responses. Basically, they provide you the tools, but your responsible for self-certification, and they’ll work with you on any changes. It meant, they’ll charge you later if you need more security… yet they sit on the PCI Council.
When I got my quote, it needed revisioning. As you can tell, things moved slowly. I was promised diagrams, which tooks weeks to deliver. In the end, it was an arduous journey.
The cost? They are HIGH. Let’s just say, they are 2.5x what we ended up deciding on with our new host. All with little to medium knowledge, potential long term costs, and a poor sales process. How was I to make a case for their “Fanatical Support” after that?
I may attach some of the quotes, documentation and answers for you to see. Still deciding on that. But let’s just say, my impression of Rackspace hasn’t changed in the past 5 years.
So what Tier would I rank them. Let’s make them a Tier 2.
Let me know if you have any comments or questions.

Tis a Sad Day – Sr. CF Product Mgr Laid Off w/ Silver Lining

As many of you guys know by now, Jason Delmore was among the 600+ laid off by Adobe recently. While I don’t know if anyone else in the CF team was affected, I do know that Jason was a tremendous asset to the team.
Reading this in the blogosphere, I was hoping to find some good news. Well, it just so happens that Jason Delmore’s resume has an interesting tid bit, a silver lining for all of us CF people.
As you know, Adobe is always hush hush about sales number when it comes to CF. But if you look at the resume, you’ll see:
“Product revenue increased 50% Year over Year with 84% Quarter over Quarter at release.” That’s great news for CF, and a testament to what Jason’s helped with.
Just thought to share that with all the bad news going around.