Security Concerns

Security is a big deal in a lot of programing and web development, but at the same time if you aren’t working on the right kinds of things, you’ll only ever peripherally interact with it. I’m not a security guy; I’ve work mostly on small websites and small programs, and while I’ve used security, it’s never been beyond what’s built into the libraries or frameworks I’m using, and I just follow the directions for the simplest way to implement it if I’m told to.

That isn’t to say I hold security in contempt or something, but it’s not a subject I usually think a lot about. But the other day I was talking with an older retired programmer, and I think being paranoid about computer security was one of his major hobbies. He suggested I read Zero Day, which I assume is a reference to Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. He also talked a great deal about how security agencies largely make the world less secure by hoarding and hiding things like day zero exploits and paying for exclusive ownership of knowledge on discovered security holes from grey and black hat security experts.

It was an interesting subject, and obviously a topic of passion for him, and I enjoyed the conversation. Really, I can’t say I gained any deep knowledge on the topic outside of the political. But it’s always worthwhile to remember that just because something is a tangent you occasionally intersect with, doesn’t mean it isn’t also a entire serious field which people invest their lives in. Security is only mildly important for something like an Art Gallery, outside pay features, but it’s really important for, say, your Amazon Account.

I’ll probably end up dealing with real security at some point, so it’s not like it’s a subject that’s irrelevant, just not something I’ve had much to do with up to this point.


Open ended commitments and the independent web developer.

A while ago I entered into an open ended commitment, and while it was neither a mistake nor an accident, it was recently called upon.

I made an art gallery for my step-mom. She’s a programmer herself, but in her free time she likes to paint, and draws some truly beautiful paintings. You can find the site over here. She asked me to make two changes.

The page is a Single Page Application, it looks like several different pages but it’s not. This had some behavior she didn’t like in how the gallery displays. The Gallery is a single template, rather then multiple templates, so at the time clicking on the ‘Galleries’ tab while looking at a picture wouldn’t do anything; you were already in the Galleries tab. I had included a back button to solve this issue – whenever you navigate into a subsection of the Galleries tab, a ‘Back to X’, where X is the next level up in the hierchy of the galleries template, displays in the upper right corner.

However she felt you should also be able to go back to the top level by simply clicking the Galleries tab again.

The second thing she wanted was simpler – she didn’t like the original water marks I put on her paintings, and wanted to replace all the pictures with ones with slightly altered watermarks. As she was unfamiliar with the database I was using the the imagines, she didn’t want to hassle with it and had me upload it for her.

Neither of these tasks was arduous, and while she could theoretically do the second herself, it would have been a hassle for her as she had never used that service herself. As for the first, well it would be at least annoying for anyone else to go in and try to make that change, even though it’s minor. Working with other peoples code is always a bit annoying, until you really familiarize yourself with it.

If I had done this site for someone who wasn’t family though, I wouldn’t have been terribly interested in making changes this late in the game – I had asked if doing the galleries that way would meet her needs and she had said yes. I wouldn’t want to put in the 45 minutes of work refamiliarizing myself with the code, writing the patch, and then the hour getting it up on Amazon AWS and working. It wasn’t a big deal, but it was more work long after I turned in the basic project to spec.

As for reuploading all the pictures, in a normal contract you would be using whatever database your customer had already setup, or if he hadn’t, setting up and handing off the database would be part of the contract. It’s extra busywork you wouldn’t normally do months after passing it over.

I’m not saying you never go back and give support for your work, but normally you want to submit what you’re asked for and then be done with it. You might have a support contract, at which point doing this kind of work is normal, but for a normal freelance project you want to turn in something the customer is happy with at the end of your contracted work. You want the tabs to work how the customer will be happy, and to give them the ability to upload new imagines, or whatever else they need to be able to do to maintain the site day to day, and be done.

If you’re maintaining a site you’ve been paid to work on for a week, three weeks later, you’re doing free work. That isn’t ideal and it’s a situation you should avoid, but making sure you give the customer what they want within the time they want it.

Don’t be the victim of scope creep, or get into a state of confusion about what you owe, because even if you’re in the “right” (which you might not be if you screwed it up), you won’t walk away looking clean.

This was an amusing anecdote because it happened with family, it would be deeply annoying if it happened anywhere else.