I’m a fairly security-minded and skeptical person. I understand the risks involved in posting resumes on things like Monster, Dice, etc, and to be wary once emails started coming in.

Today I received an email from Delany, Byczinski & Potamkin that their recruiting service had a great job that matched my resume. However, the email was written poorly enough to be a base Nigerian phishing scam. Before clicking any links I tapped into the internet and did a little research.

The feedback sitting out there is a bit staggering. It appears that Delany, Byczinski & Potamkin is another link in a chain of scam recruiting companies that elicit money from job seekers with the promise of good placement. This is but one link in a chain of (the same?) companies called:

CAN Inc.
McKenzie Scott
ITS
DPB (Delany, Byczinski & Potamkin)
Executive Search
Management Recruiting
Care Transition

that take thousands of dollars from you (often stuck on a credit or debit card) promise lofty job positions and don’t deliver. Moreover they don’t attack just by email but through phone calls and even personal interviews?!

What alarms me is I’m not a young kid just graduating college (for the first time). I’ve been in the workforce for over a decade and never heard of these scams before. I listen to a lot of tech and tech-security minded podcasts and never heard this issue raised before. I know a lot of IT people in the field and never heard of them talk about this before.

The number of testimonials from people on the web that have been taken by these people seems high once you know what to look for.

So my question now remains – why does this topic seem so well buried? Especially an in economy where money is tight and jobs are extremely valued is no one waving a giant, huge, enormous warning flag about this?

There’s obviously a larger story here. It’ll be interesting to see how it unravels.

So I’m currently reading Ryan Dewsbury’s Google Web Toolkit Applications (in between wrapping up this final semester and work and kids and looking for a new job). It’s a nice read so far (though already dated in regards to the version of gwt and thus some of the code examples are  deprecated). I do like how he was a fun application as the first example. I went through the steps and got it to work (and then visited Ryan’s  site and updated the code to 1.5.3).

So, if you feel like playing a game of Hangman, check it out here. All the words tie back to Oi! bands so it should be challenging to most.

Now to get through the final 6 weeks of school and work so I can dive into GWT full time.

New theme. Looks better.

I was going to write a nice post on CSS. However, I kept running into these tangents about security. So in the interest of not creating one giant confusing post I’ll address security here.

Security is of major importance to the coder and end user.  We see today the results of lackadaisical attitudes towards security. Viruses, Trojans, worms, bot nets, and enormous amounts of packet clutter clogging bandwidth and in-boxes, stealing identities, and generally being a pain in the ass.

When things go wrong it’s almost invariably the result one of two areas. An ignorant and/or sloppy programmer or an ignorant and/or lazy end-user. The programmer who doesn’t take the time to understand what they are coding creates new vectors for attacks. The end user who doesn’t keep software up to date, use proper passwords and protections allows for those new vectors to be exploited.

Happily there are steps you can take to keep your computer secure.

1) Choose proper passwords. Ideally you want something that is over 26 characters long (notice how many sites ask for 6-8 characters. Sub par.). You want at least one capital letter and one numeral. If you can, make it a phrase. It’s easy to hack a one word password and the software to do so can easily be found.

2) Keep your software up to date. Patch, patch, patch. Notice this step wouldn’t be necessary if programmers took their time to output better quality, better tested code. Regardless, most of today’s bot nets, Trojans and worms can be wiped out by a simple patch. Amazingly hundreds of thousands of people can’t be bothered to do this simple step. Don’t be those guys.

3) Log out. If you use a site that requires a log in, don’t just close your browser or tab. Click on the log out button (then close your tab or browser). Far too many exploits today are taking advantage of active cookies.

4) If you are using IE for your web browser, pick a different one. Any other modern browser is better in regards to both speed and security.

5) If you have your email preview pane on, turn it off (and do yourself a favor, delete emails from entities you don’t know without opening them. If it’s important they’ll call).

Any modern machine should already have a firewall installed and just about everyone is behind a NAT router, so no real need to go into that.

Follow those five steps and you will significantly reduce the chance of getting something ridiculous on your machine and spreading it to others.

Finally, something my CMIS101 programming teacher turned me on to – the Security Now! podcast featuring Steve Gibson. If you are serious about web programming and programming in general, cut your security chops by listening to him every week. You’ll learn far more than you imagined possible. Perfect for the daily commute.

Judging by the talks with friends, peers, coworkers, and family everyone seems quite fed-up with the current financial escapades. Savings, retirements, 401Ks and job security is in the proverbial toilet. There’s a lot of anger put precious little understanding of how we got here or who should bear the brunt of said anger.

It’s safe to assume we got here by not understanding what was going on behind the scenes. Wouldn’t it have been nice if someone could have pulled back the curtain – if not to avert the looming disaster, to at least gird ourselves better against the fallout?

Well, get ready for the next shit storm. Read carefully intrepid… er… reader, for the next big thing is coming down the pike and here’s your chance to be the first to look behind the curtain!

Science and mathematics education is a keystone of American society. Unless you live on a remote farm and are self-sustaining, you depend on the end result and output of very technical pursuits. An education system that produces quality engineers, scientists, and a generally informed public is paramount to keeping up this comparatively luxurious lifestyle that you enjoy day in and day out.

Cutting to the chase: Phase 1 of breaking up this foundation is currently underway in Texas, specifically the Texas Board of Education and their undermining of the science education standards. “How can one state screw the whole country,” you ask yourself? Texas is big. Their standards determine the textbooks that will be purchased in affordable amounts across the US (the more you print of one thing the cheaper it gets). When a state like Texas sets an education standard and determines which textbooks will be used invariably most other states follow suit.

If you remember the shenanigans that went on in Kansas (which spawned the Flying Spaghetti Monster meme) and Delaware (which spawned the amazing Kitzmiller v Dover case), then you will have a fundamental understanding of the debate going on in Texas.

Don’t be distracted by a protracted debate on the merits or demerits of religion. That’s a red herring. What we have here is a bastardizing of the foundations of science education, of teaching,  and explaining the scientific method, and ultimately the shaping of minds of individuals who will grow up and create things that are essential to your life (like the internet and all its underlying protocols). A few Protestant fundamentalists (who have been waging this fight since the late 1800′s in America) stand to alter something that will have expanding repercussions as surely as tossing a rock in a pond makes ripples.

So what can you do about it? Get informed. Get involved. Understand what is at stake. If you have the initiative contact your representatives and tell them what you think.

This will have far greater impact than being out of a job or having no savings now. We’re talking about the next and future generation(s) of scientists and engineers being given a foundation of bullshit upon which to build.

This will affect you. This is not going away. So what are you going to do?

Google Web Toolkit (GWT) is slated to be the next big thing. The neat-o thing about it is you can program something in java then use GWT to compile it into JavaScript.  For those not in the know that’s kind of a big thing. This has some pretty hefty implications.

1) GWT will become a standard.

2) It’s Google’s baby (meaning more Google dominance in the marketplace).

3) Many more websites will have a lot more JavaScript.

On the one hand the things you can do with GWT are mind blowing. You can make a website look and act like your desktop.

On other hand, most of the population is not computer security savvy. A malicious individual can do a lot of damage with scripting to those that don’t know how to secure their browser and computer.

Either way this is one of those tools that will be a must-have to the serious web programmer (and something I’m diving into). I would like to point out one very particular annoying item with the Get  Started area of Google’s GWT page.

There’s something missing between Step 3 and Step 4. Something fairly critical that keeps Step 4 from being as simple as “Done! Start using Google Web Toolkit!”. Here is the text that should be there:

Step 3.5:  Set the System Variable Path to wherever you are going to have the GWT folder located. To set the System Variable Path, right click on My Computer and  select Properties. Choose Environment Variables. Under System Variables click on Path and choose Edit. Add the Path plus the GWT folder name followed by a ‘;’ and click OK.

Your Path  might look like this:
c:\gwt-windows-1.5.3;

Otherwise it doesn’t work. A fairly big omission in my opinion. Hopefully this will help someone out there that was initially as frustrated as I was. Keep this in mind the next time you write a step-by-step for someone, don’t omit a key step in the process by assuming they already know what to do!

An interesting meme in the world of coding.

When you start out coding it’s the obligatory first program. I wonder how many people installing WordPress as their blog of choice see that title and smile a little while remembering their first program?

It’s only fitting I leave that as the default title of the first post.

“What’s the point of this blog,” you are no doubt asking yourself.

It’s another fine way to keep in touch with friends and colleagues as the sun sets on one career and I embark on the next. A place where I can test code and share ideas as well as the latest antics of family both blood and otherwise while chronicling the proverbial journey west.