SecMusings

My alma mater, Vassar College, has been in the news lately over an error in it’s admissions web site, which led 76 early decision applicants to believe they had been admitted when they had not. As the Times tells it:

On Friday, around 4 p.m., 122 students who had applied for binding early admission to Vassar saw what the school later called a “test letter” congratulating them on their acceptance. Hours later, the students received a message saying the letter had been posted in error. Once the correct decisions were displayed, only 46 of the students were told they had been accepted.

Vassar has since sent apologies to the students, to all of us alumnae/i, and other interested parties.  They are refunding the application fees for the rejected students. There has been some debate in the blogosphere and elsewhere about whether or not these applicants should have been admitted anyway.

For technologists, this speaks to the cost of the error, but the interesting part is the underlying cause.  This looks to me like yet another example of the bad things that happen when testing is done in the production environment. In this case 76 teenagers involved in what was already a very stressful process were forced to ride an emotional roller coaster of disappointment and embarrassment.  In other cases there can be large financial and even regulatory consequences when test transactions were accidentally put onto production systems and sent to counter-parties. Most senior technologists know a horror story or three on this topic, although they don’t like sharing them.

While there is increasing recognition of the need to better segregate production and test environments, it is both expensive and inconvenient to do so. In times of budgetary restraint, projects to fix this problem can get postponed until the next accident happens. I think companies would be wiser to work on this gradually and incrementally.  Trying to do nothing and trying to do everything all at once are equally unrealistic.

Be Sociable, Share!

• 

Hat tip to Brian Krebs for this one.  Also congratulations to Brian for winning a security blogger award at the RSA Conference.  One of his fellow winners, Chris Eng, won an award for the best single blog post for this wonderful piece. (Thanks to xtranormal.com for providing the embedding code on their website.  The original post may be found at http://www.xtranormal.com/watch/7897173.)

Be Sociable, Share!

• 

Beware of security questions that you didn’t create!  From XKCD (http://xkcd.com/565/)

Be Sociable, Share!

• 

OK, this post is not about either security or technology, it’s about the 4th of July.  My two favorite secular holidays are Thanksgiving and Independence Day.  Happily, Independence Day retains much of its original meaning, as well as its original date (rather than the closest Monday).

July 4th is a day for remembering the founding of this country and the lofty ideals of those who founded it.  It is also a time to reflect on the words of Thomas Jefferson, one of the sharpest minds and greatest writers of that period.  Consider the soaring prose of “all men are created equal and endowed by their Creator with certain inalienable rights, among them being life, liberty, and the pursuit of happiness.”  Part of the brilliance of the Declaration was Jefferson’s morphing of Locke’s “life, liberty and the pursuit of property” to something accessible by everybody, happiness, rather than just the landed gentry, property.

I hope that everybody, regardless of political orientation, will take some time to celebrate the American experiment.  We have our ups and downs, and plenty of imperfections, but it’s still descended from the ideals on which it was founded.

A famous quote from Winston Churchill come to mind.  “It has been said that democracy is the worst form of government except all the others that have been tried”.  He also thought that the fourth was a holiday for Englishmen, since it recalled the fight by Englishmen for their rights as Englishmen against a German king.

Happy holiday, everybody.

Be Sociable, Share!

•