Jan 12 2012

Security Review : MidWest GiveCamp Experience

I been hesitant in posting after GiveCamp because well I don’t know but I finally got the nerve to start posting all my drafts to public little by little here is a post a created the beginning of last year:

I’ve had some people in real lifetell me that they enjoyed my first post about my experience at MidWest GiveCamp, but what does it have to do with Information Security? Simply put, a lot! The objective for Dreams for Kids was to become self sufficient and to deliver new website that could help increase productivity while getting to focus more on content and the kids than the website.

From an Architecture perspective we provided Dreams for Kids a single system. In the past they had one person to update and maintain two separate websites. The problem is what if that sole person leaves Dream for Kids? Who would update and maintain the system? One fundamental tenant of security is Availability. In our implementation we were able to allow multiple users to have access to write, update and maintain content. As well, it added Integrity because you know who is providing the content. By incorporating roles we can have multiple administrators if we would want ,in order, to maintain the system. No longer do we have a problem of counting on one person to keep this system up and running. We also can have specific roles that only let certain people modify,update, delete content or pages. The whole website is built on the concept of “Secure Innovation, By Design” that I mention in this site.

In general, By Design is a lot like K.I.S.S. (Keep It Simple Stupid). Instead of having two systems we migrated them to use one system. The focus was to keep promote the mission of Dreams for Kids, by getting rid of the complexity they already had going. The system was innovative to them because they had a hard time navigating Drupal. WordPress tends to be much more simple. As, well much more secure HP Security Report stated that WordPress is more secure than all the rest of the CMSs on the web mostly due to its automatic patching.

Overall, we delivered the new secure system that allowed them to meet their objective of increasing productivity while getting to focus more on content and the kids than the website. Security is a lot about educating the users so it was not like we just presented them a new system and left them high and dry we also took time to train people in how to use the system. In the end training the end user in use and some simple security principles like not shared each others passwords ,as they were doing previously, help them become more secure.


Jul 14 2010

MidWest GiveCamp Experience

This past weekend, I was commuting to Microsoft in Downers Grove to help with the first ever Midwest GiveCamp. I’ve have to admit I was afraid that I would suck.  I mean we have 3 days to make a ‘real’ impact for the non-profit that we were assigned. In the past I found myself having clients that want everything and it never all get delivered.

Friday Night:

As always when you are getting things started we had some technical difficulty getting started on-time. Eventually we had a presentation on each project that we were there to help with the sponsor giving some information on what they do and what they need. After they spoke we divided into teams. I was assigned to Dreams for Kids. We immediately went to a whiteboard to see what our sponsor needed to be done.

Mark Nichols(PM), Kyree Gerson (Sponsor), Clark Sell(GiveCamp Organizer)

So what did we have to accomplish in less than 3 days? Well here was our assignment:

1.       Flickr embeddable picture album/slideshow

2.       Multi-user blogging with WordPress

3.       10 Campaign look/feel

4.       Event calendar

5.       Ability to post blog posts to multiple social networks

6.       Drop-down display of sub-items off of main menu in web site

7.       Make them able to maintain it on their own

So what is the problems with the current site? Well they were using Drupal, WordPress,  and WordPress.com for starters. Our starting plan was to get the first two items then if we can get to it the rest of the list. We also decided that it would be nice to have only one CMS. At the time we said that as a maybe. We started some initial coding that night. I almost forgot to mention our sponsor Kyree wanted us to come up with a name and we did “Team Dream” and at this point it felt like a dream to get through this whole list.

Saturday:

It was off to a rocky start. Before we all knew it it was noon and with the network problems it was not making our work any easier. Eventually I found that I could migrate all the information from Drupal into WordPress. I started migrating all the information into a new database on my own test domain. We eventually figured out what each of us was doing for the project:

Clockwise: Aaron King, BJ Dibbern, me , Steve Murawski, Mark Nichols

Aaron King: Worked on the 10 campaign

BJ Dibbern: Worked on the Theme and 10 campaign

me: Migrated Drupal into WP, and fixed links and stuff

Steve Murawski – Worked on Doco and Social Networking

Mark Nichols – PM, and worked on everything else that was not getting done

Sunday:

So what happened? We completed everything and more than they could hope here is what Mark said we accomplished to our sponsor:

1.       Flickr Slideshow: You have the ability to organize pictures and videos of your event into a Flickr Slideshow which can be embedded into your web site pages or blog posts.  The slideshow will “run” on its own or manually, and will also expand to full screen for better viewing or presentations.

2.       Blogging:  Previously, blogging was done in two different “areas” within the site and the interns portion had a completely different look and feel.  Now it all has a common look and is managed in a centralized way but also gives you the ability to provide accounts to all that you want to blog.  Also, blogging can be done straight through the site as before or through an editor on your laptops or desktops.  The editor option will allow you to create content offline and then you can publish as you wish just by clicking a button in the editor.

3.       Social Networking:  The site has been configured with “Ping.FM”.  This feature will automatically publish your blog content to any social networks (FaceBook, Twitter, etc.) that you have configured on the site.

4.       The 10 Campaign site has been redesigned to mimic the brochure that Kyree created/provided.  There is also a more secure “Sign Up” page that will email Kyree every time someone submits their info in through the page.

5.       Navigation: The entire menu system has been redefined.  There is no longer a need for the “tree” that appeared on the left of the site.  The menus on the top of the page now has dropdowns giving the visitor a view into what and where they may want to go that is more descriptive than before and also more consistent.  There are “bread crumbs” that will appear as the visitor progresses in the site.  This will give them constant feedback as to where they are and how they can get back.  Also, as a result of removing the “tree”, you gained a significant amount of screen real estate that you can use for more content.

6.       Event Calendar:  The events page has been changed to employ a Google Calendar.  With this, the events page will appear with a calendar metaphor showing a month’s worth of events at a time.  The month can be scanned forward and back to whatever month the visitor wishes.  The events can then be clicked on and the details (time, description, location, etc.) will appear.  And, the location can appear via a map if the visitor clicks on the “map” link.

7.       Search:  Although not requested, the team implemented a search capability so that a visitor can type in a topic or key word and a list of matching pages or blogs will appear.  This should help make finding content much easier if the visitor does not know specifically where to go through the menus.

8.       Documentation: It is very important to us that you become self-sufficient and to that end, we created more than a dozen documents describing “How To’s” on the site changes.

After reading this I was really fired up. In the past projects I’ve never seen it 120% beyond what the client wanted. This was a great experience and I cannot wait till next year. Also I didn’t suck! At the end of this I found out a new cool podcast as well, called “Developer Smackdown” check it out!