About Cyber X Designs

So tonight Cyber X Designs took the leap and installed Internet Explorer on yet another machine here. I know we are late to the game for a technology company, but we are wimps when it comes to new MS software. Well our fears were well founded. Our friends at QuickBooks and Microsoft aren’t playing nice together. QuickBooks Pro 2005 is incompatible with IE7. When QB loads up it gives you a nice error with instructions on how to uninstall Internet Explorer 7.

Are you interested in how to uninstall IE7?

1. Click Start
2. Click Control Panel
3. Click Add or Remove Programs
4. Select Windows Internet Explorer 7 - Remember it is “Windows” Internet Explorer, I didn’t and couldn’t find it in the list for couple of minutes.
5. Click Remove, wait wait wait.
6. Restart, again.

I uninstalled IE7, which went rather smoothly, and now QuickBooks is working again. I am going to keep my eye on the system for odd behavior. I will also list any other incompatibilities I discover here.

Not any more. I was searching around the web, before I had to create an SSL certificate, and I found this - how to create SSL certificates. Horshack provides lots of useful scripts and code for the sys admin. I used his bash scripts to create self sign certificates. I am sure I could have written the script but the hallmark of a good sys admin is one that finds the right utility for the job and saves himself the time of writing it. Happy signing.

There is a show about a Canadian contractor that goes around and works for families that have had chronic problems in getting their home built or remodeled. The host is the actual contractor and he goes through the home and explains where the last contractor went wrong and what the right solution is. He clearly outlines how the short cuts that were taken end up costing the customer much more than it would have originally.

I find myself in a very similar position when consulting for our customers on their interactive projects. Time after time we get called in to fix problem projects or to redevelop projects that have failed. The common thread in many of these projects is an attempt to save money initially by choosing the least expensive vendor. The discount vendor starts the project and is not able to finish it. Or worse the vendor delivers the piece and the client can’t use it because the workmanship is so low it would damage their image.

Let me share a recent experience. A client of Cyber X Designs’ elected to use an SEO firm based in India. They choose the firm because they were the ‘right’ price and the client wanted to move pretty quickly on the SEO efforts. The SEO company developed code for integration with the client’s existing web application. Per agreement with our client, Cyber X Designs was to audit all the code before it was integrated with the application. What we found was amazing! The ‘SEO’ development company provided PHP code that was dangerously insecure for a website that accepts credit card information or any website. The first error we found was un-escaped and unfiltered data being sent directly to MySQL. This was a huge and very simple SQL Injection vulnerability. It could have been avoided with just a small amount of work.

The second major error was that the web form posted content directly to the client’s website. There was no, count it ZERO, code dedicated to managing or staging the posts. The SEO company had promised that functionality but upon delivery it was missing.

The last major problem was that content was being displayed directly with out having any of the html or JS escaped. This made the scripts venerable to XSS and it would have put all the users at risk.

The short of it is, the SEO company broke every basic rule in the book! If they had attended a single New York PHP meeting, read a PHP Security book, read any PHP blogs or attended any conferences, it would have been painfully clear to them what they were doing wrong. The moral of the story here is that it is worth it to have your code audited and to invest in a respectable developer. You will save money and heart ache in the long run.
Some PHP Security Resources:

Chris Shiflett’s book Essential PHP Security

Chris Snyder’s and Michael Southwell’s book Pro PHP Security

PHP Security Consortium

Just a quick note, we upgraded MySQL from 4.x to 5.x on our main hosting machine recently. In the process we found out that Cerberus Helpdesk version 2.7.x is not compatible with MySQL5. So it looks like we will be upgrading Cerberus to the 3.x branch. We reached out to WebGroup Media, the makers of Cerberus, and found out that Cerberus will only apply the amount we paid for the original license to the upgraded version. We don’t just get the upgrade.

So anyone looking to upgrade MySQL with a Cerberus installation consider yourself warned.

I should add that we are very happy with Cerberus. It was installed for one of our clients in the beginning of the year and it has been running very smoothly and meets all their requirements. They tell us they are saving a lot of time and are able to serve their clients much more effectively now that they have the help desk software.

The New York City BSD Conference is put on by the NYCBug BSD user group. NYCBSDcon is the main conference on the East Coast for the BSD community. This year’s theme was “BSD in production”. The Conference included speakers from Morgan Stanley, Univ. of Latvia, Foundstone, Google, University of Toronto, and IBM.

Cyber X Designs sponsors a couple of open source events a year in the New Jersey / New York area. This year CXD was happy to have the opportunity to sponsor NYCBSDcon. We would like to take this opportunity to thank George Rosamond and Michael Welsh for inviting us to participate. This is the second year in a row we have sponsored this Open Source event.
Cyber X Designs uses FreeBSD in its production and development web hosting environments. We have a hand full of installations and are very happy. Cyber X Designs provides managed dedicated hosting and virtual hosting on FreeBSD and Linux RHEL.