This is Why I Fly

Last night the Space Shuttle Endeavor launched for mission STS-126 with new components and crew for the International Space Station.  Liftoff was at 7:55pm Eastern Time from NASA's Kennedy Space Center on the east coast of Florida.  I wasn't at the launch, but I did see it from about 60 miles away 4,000 feet in the air.  In short, it was awesome.  At the moment of liftoff, the northeastern sky lit up and an orange streak ascended into the sky.  We were about as close as we could legally be in an aircraft, and the view was nothing less than spectacular.  A few moments after liftoff there was a quick flash and the color changed from orange to a bright white.  It kept moving up and away and just resembled a very bright star moving through the sky.  After a moment of this we had to turn around and return to the Earth ourselves.

Originally my best friend and his wife were going to accompany me on the trip, and he unfortunately was not able to make it.  His wife and his brother came along instead, and we had a great time.  His brother had never flown at all before, so it was an honor to be his first pilot.  Aside from the launch of the shuttle, the flight itself was relatively uneventful.  There were some clouds over the middle of the state which would have blocked the view, but we were able to get past them just in time.  After watching the launch just south of Orlando, we headed south around the restricted areas and headed toward Sebring to land.  We landed there to rest for a few minutes before taking off again to head back to Sarasota.  The clouds were getting lower and one stuck up on me.  We were inside the cloud for no more than a few seconds as I descended back down to visible conditions.  There was a little bit of rain, but nothing so bad it restricted visibility, so we kept heading west.  Eventually we left the weather behind us and we had a great view of Sarasota and the surrounding areas.  We followed another airplane in to land at Sarasota and returned safely to the ground.  Total flight time was about two and a half hours, and makes for one of the nicest and most relaxing flights so far.  I'm glad that I have the privledge to share the experience with friends.

0 comments - Posted by Justin Scott at 2:34 PM - Categories:

The Gold-Rush Period for E-Commerce is Over

When I first started in professional web development back in 1999 (that's equivalent to the Mesozoic Period in Internet time), it was really easy to put together an e-Commerce application and start taking orders and raking in cash over the Internet. People were throwing up stores for everything from books to pet food. Some met with wild success, and others went down in flames. When I say "easy" I'm not just talking about business ideas, but also about the technology and regulatory compliance.

You see, back in the early 2000's, you could create a simple shopping cart, make up a checkout process, then take the customer’s credit card information and pass it along to CyberCash or Authorize.net (or any one of a dozen other processors) and they would return either an authorization code that told you money was going to show up, or an error which you could pass back to the user so they could correct their error and try again.

Unfortunately, many programmers were very, very sloppy. In fact, some were just negligent in the way they handled the customer information. For example, storing all of the order information with full billing details in a text file that anyone could request right through the web site (it might have been easy for the owner to get to, but easy for everyone else to get to also). Things like this resulted in the wholesale theft of credit card and bank account details, which in turn led to millions upon millions of dollars of fraud.

Over the past few years, the "Payment Card Industry" has taken matters into their own hands and forced everyone, through their various agreements and contracts, to fix the problem and secure their systems. Now, don’t get me wrong, this is great for consumers, and businesses should be happy that these changes are being implemented, but it is really painful as a whole. At this point, nearly everyone is required to be in compliance with the Payment Card Industry Data Security Standard (PCI-DSS or simply PCI Compliant for short).

The PCI-DSS contains 12 main categories to look at within any business that processes, stores, or transmits information that is covered by the standards. This means that the little web store that just takes the credit card number and passes it to, well, whoever, to process the transaction now has to be fully compliant with every letter of the full requirements, even though they may not actually store any of the information at all and just pass it along.

Many of the things covered by the requirements are simple, such as using encryption during transmission (through SSL between the customer to the web server), encrypting the data once it’s received (if you’re storing it in a database), not storing the card security code, and restricting access to the card data to those who really need to have access to it. Many web developers were already doing these things and took a "reasonable" approach to securing customer data. Unfortunately, even when “reasonable” measures are taken, bad things can happen and the information can end up in the wrong hands. Or worse, someone may get access and you don’t even know it and they steal information over a longer period of time without being detected.

The PCI-DSS covers all of these things and basically forces a business to take data security very seriously. First, there are requirements for how the data is brought into the system, what you can do with it and what you can't do with it. Second, who has access is covered. There are requirements for password complexity, password rotation, account auditing, etc. They cover network and infrastructure security to ensure nobody can just walk up to the server and plug a portable drive into the system and walk away with a copy. The standards talk about logging and auditing so that if someone does break in there is forensic evidence that can be looked at to determine how they got in, and most importantly, what was taken so that customers can be notified. The list goes on and on and gets into a lot of highly technical detail.

The way I see it, the days of "Mom's Apparel" throwing up a store and taking credit cards directly are simply over. Any business that wants to accept credit cards directly will have some serious thinking to do. The cost-of-entry just went up, a lot. Unless they're planning to do more than a certain volume of online sales every month, it’s just not worth the overhead to ensure compliance with the PCI-DSS.

Not all hope is lost, however. Notice that I said "accept credit cards directly." A new business can still take payments online, as long as they aren’t handling "sensitive" data directly. Providers like PayPal have entire departments dedicated to regulatory compliance, and they've been doing it for nearly a decade now. They know how to manage and secure their systems properly, and the fees they charge are about the same as you would pay to a traditional credit card processor. They become the ones who have to be compliant since you are no longer handling the information directly. They just let you know that a payment has been made but you don't have to worry about the actual credit card data.

Unfortunately, companies like PayPal have earned a somewhat negative reputation for some reason. Perhaps the merchant will think their customers won’t take them seriously or believe they aren't a "serious business" if they only use PayPal to process their transactions. Whatever the reason, many businesses are reluctant to wash their hands of regulatory compliance and just keep doing what they’ve been doing in the past. Sure, they can say they're compliant, but if there is ever a breach and data is stolen, the liability will come down upon them like a ton of bricks. Frankly, it has the potential to destroy the business entirely.

All in all, the easy times are over for online sales. Any small operation with dreams of selling online had better get used to the idea of using an outsourced payment service if they want to minimize their liability. No, it's not glamorous, but it's safe, and that is what customers need right now. They need to know that when they purchase from your online store, their information is secure. The best way for a small company to do that is to outsource that piece to the experts who know how to do it properly. It's better from a liability standpoint, and from a trust standpoint knowing, not hoping, the payment data is safe.

0 comments - Posted by Justin Scott at 3:06 PM - Categories: ColdFusion | Business Development

Celebrating One Year of Flight

It has been one year to the day since I first took to the skies with an instructor to begin flight training.  In that time, I have logged 82 hours in the air and earned my private pilot certificate.  I've flown the standard Cessna 152, Cessna 172, Glass Cockpit Cessna 172 (with all digital instruments), a Piper Arrow, and a twin engine Piper Seneca.  The twin normally rents for $300 an hour plus $50 an hour for the instructor, but they ran a special for a while where you could take it out for $200 for the first hour, so I jumped on it just for the experience.  I can train in that airplane with an instructor towards my multi-engine rating, but I can't rent it solo until I have 500 total hours, so it was just for fun at this point.

Overall, I'm proud of my progress.  Looking back I believe this is one of the best things I've ever done for myself.  I'm constantly learning, and I'm still excited about the idea of someday sitting in the cockpit of a commercial airliner.  Growing up I always had the dream of learning to fly, and always looked on airplanes with a sense of awe and wonder.  Unfortunately I didn't have a mentor to guide that dream to reality.  Over the last year I've been stumbling my way through the process mostly on my own.  I do have my instructor to look to, and a great support system in my friends and family, but still nobody to really connect with who has been where I want to go and can show me the way.  One of my goals this year is to find a mentor who can really help me shape a path for the future in aviation.

The other great thing is that the dream got me back in school.  I'm a reasonably smart guy, and I can get by with my own research and intuition, but the college is great to fill in the gaps and bring up topics that I normally wouldn't spend time with otherwise.  It's not exactly been challenging from a mental standpoint, but trying to juggle a full-time job and full-time school (with flying on the weekends) has put stress on me in other ways.  To combat this I'm switching from in-class instruction to a more self-guided on-line program.  It's the same degree program through the same school, but the delivery is more flexible and self-paced.  Most of the time I spend in class is, for me, wasted listening to the instructor go over the same things over and over again for those who don't learn as quickly as I do.  Most of the class is lost, and I'm ready to move on to the next topic.  With the on-line instruction I will be able to learn and complete my assignments without having to wait for everyone else.  In the grand scheme of things I will not be able to move through the program more quickly, but I will be able to have more free time after work to focus on other things.

The rest of this year I will be focusing on learning everything I need to know to pass the written exam for my Instrument Rating.  I still need a lot of "hood" time flying in simulated instrument conditions before I really start getting into my instrument training with my instructor.  To that end I've been sharing some time with another pilot to cut down on the hourly costs.  We're usually flying a slower airplane, so trips take a little longer which results in more hours logged for both of us.  I still have a long way to go.  The plan is to keep building hours and study for that written exam.  Once I have the knowledge and hours in place, I'll jump into the instrument training with both feet without a lot of interruption.

Looking back I've had a lot of great experiences, and I'm looking forward to the next year of continued training as well.

0 comments - Posted by Justin Scott at 10:20 PM - Categories: Flight Training

Technology Wizard

0 comments - Posted by Justin Scott at 3:11 AM - Categories: Misc. |

High Flying and Query Adjustments

0 comments - Posted by Justin Scott at 11:19 AM - Categories:

Preventing SQL Injection Attacks

0 comments - Posted by Justin Scott at 11:24 PM - Categories: ColdFusion |

Build a Better MLS IDX

2 comments - Posted by Justin Scott at 3:59 AM - Categories: ColdFusion |