I’ve Implemented Two Factor Authentication

Over the past 24 hours, someone has been attempting to gain control of my accounts. I’ve received over 50 different emails for password resets and various services alerting me that someone is attempting to gain access to my account.  This very blog a few months ago was averaging roughly 5 login attempts per second. Over the course of a day, I was seeing nearly 450k failed login attempts.  I’ve implemented a series of features that would slow down and potentially block people from gaining access through brute force.  At the end of the day, it seems someone clearly wants to gain access to my accounts.

I’ve been living in comfort all this time without two-factor authentication, assuming my strong passwords, unique for each service would suffice. I still think these passwords are strong. But what if someone figures it one password through brute force? As far as I know, none of the attempts have been successful.  But it leaves me paranoid that they will keep trying until they eventually become successful.

Continue reading…

Must changing your default email be this difficult?

As you may (or may not) have read yesterday, I have been migrating my email services onto a more reliable platform.  In the process of doing so, I have been looking to change my primary personal email address from @cy-designer.com to one at @pelland.me. I don’t know if any of you have tried to change your primary email address, it is not at all easy.

Continue reading…

I’ve finally migrated my email away from shared hosting!

I’ve spent the better part of the day today working to migrate all my email accounts from my current shared hosting provider onto a more reliable Outlook.com. My shared hosting provider, which I do not wish to mention at this moment, but will in future posts, has been terrible. I’ve had emails disappear on me and in many cases my emails bounced. Of course when I contacted support with those issues, they blamed the sender for improperly typing the email address. Out of the dozen or so support tickets on the issue, not once did they bother looking into the issue.

Continue reading…

A happy user is a happy customer

Understanding human to computer interactions is a crucial step for insuring users are happy using your product.  As technology advances, it tends to get more complicated as a result.  The user experience should not.  Complications in interfaces and user experience often stem from privacy regulations, connection to multiple third party networks, a result of software that tries to give user options, or by overwhelming the user with features.  While valid problems, they can all be solved through innovative UI.

Some of the best and most used products on the market feature a very simple on boarding process for the user and keep the user engaged with limited options.  Can you get a user to get your product in 5 steps or less?  Can you get them to find the value of your product in those steps?  What about keeping the discovery process simple for the user as they continue to explore your product?

Continue reading…

Technical Redundancy – A Crucial Business Requirement

This post comes in light of recent events in New Jersey and New York, hit by hurricane Sandy.  Like Katrina, it has been a very difficult moment and is nice to see people help each other.   Businesses too were affected by Sandy.  They suffered power loss or loss of hardware due to flooding.  Individuals and business alike will be changed forever.

While working for General Motors, I was given the opportunity to learn and work on disaster recovery and business resumption plans.  This included researching tremendously in something I knew little about.  To my surprise, a lot of horror stories came out of Katrina, many businesses effectively shutting down and liquidating.  These business owners having written about their losses, hoping that others would learn from their mistakes.  GM as you can imagine, has a significant amount of employees, business apps and data required to run day to day operations.  If the headquarters is hit by a tornado or blocked by disgruntled union workers, how do we ensure continuity as if nothing happened?  Working on the Disaster Recovery Plan (DRP) and Business Resumption Plan (BRP) was an eye opening experience for me.

Just to make sure I am not confusing anyone, DRP is a plan that is used to recover data and ensure that the tools used by the business are recovered.  BRP is the plan that is executed when the physical business local is no longer operable and requires setting up remote locations to resume business as normal.  Each business will have different requirements for resuming operations, including timelines and services that are crucial to operations.

I operate under the assumption that anything that can go wrong will go wrong and the edge cases, while rare, will also happen when you least expect it.  For instance, who knew that of all things, a CAW blockade would require execution for the BRP for GM?  Looking at Amazon over the past few months, they’ve had numerous large scale failures.  Sandy has caused major disruptions and forced multiple websites and services to shut down as the backup generators ran out of fuel.

I’ve asked many small and medium sized business owners to describe their disaster recovery process.  To my disbelief, most are unprepared or do not understand the severity of potential events.  I live in a world filled with paranoia, so I asked them “what if your hosting provider disappears tomorrow?” which is often followed up by a puzzled look. Amazon could never crash right?  What about pushing code to live the accidently purges live data?  Or even an intern who runs a query that deletes data?   Companies and developers are assuming that edge cases never happen because they pay attention and they can fix problems as they arise.  They need plans for when things go terribly bad, even if it never will.  I won’t try and claim that I haven’t made mistakes and that I have everything implemented, but I have the plans.  Now if I had money to execute my plans, I’d perhaps be in a better position to convince everyone to follow my lead.

Regardless of your situation, you should plan.  I won’t get into business resumption too much. Unless you have a decently sized company or a corporation, you won’t necessarily need it, your developers likely could work from home and be as productive as they are in the office.  If you operate under VPN and have a variety of services in house, then you will more than likely need a BRP.  I may get into that for another blog post if I get requests. Plan the implementation of the DRP as you get cash and the scale of which you deploy this plan.

Continue reading…

Only the best powering Lightning

It is Sunday night, CBC is going well and no server hiccups at all, so I’d take a bit of time to post some stuff and benchmarks we’ve hit with Lightning.  Lightning is the name we are calling our new platform.  Not only does it sound better, it also works with a few other products that are coming out that support Lightning. Lightning is a name that has meaning for the goals we are looking to accomplish.

Continue reading…

Hello world! An update from me!

I haven’t posted in a while. I know.  Its been quite an exhaustive past few months, but I’m still alive and kicking.  I’ll post a very short summary of what I’ve been up to since March.

Social Game Universe and the Lightning Platform are now powering a live CBC TV show called Over the Rainbow.  Over the Rainbow is a production which asks the audience to pick their favorite Dorothy.  During the show, viewers get to follow along with their computer or mobile device, interact with the TV show and vote at the end of the episode. On the 8th episode, one Dorothy will be cast to Andrew Lloyd Webber’s production of the Wizard of Oz.    This project was a true test to Lightning’s scalability and prowlness, achieving higher amounts of users per minute than we’ve achieved with Dirty Dancing, running on less servers.  The average API call executed in 30ms (0.003 seconds) which really isn’t too shabby when you are seeing such a high number of users, a number I am hoping I can disclose in the near future!

Continue reading…

The Age of the App – Get With the times

It is no secret that our governments are as slow as molasses when it comes to truly helping citizens. Need help getting a hold of the city to fix a water leak in your basement? In the past you’d call 311, surprisingly, that hasn’t changed much these days. However, given the internet age, you can likely jump online or onto your smartphone and find an app that can get you the help you need. This begs the question, why do our governments need large teams staffed to handle those calls when an app can do the same work?

Don’t get me wrong, I think it is great that people are employed to support services like 311.  This post isn’t about spending money. I am not in any way a staffing / financial expert and will stick to commenting what I know, which is technology and building / managing this technolgy. My question is whether we can improve the government’s efficiency and open up the services to even more people.  The majority of government sites I’ve used were impossible to navigate and at times lacked consistency.  In most cases, app developers are focused on usability and UI that I don’t tend to complain as much.

Continue reading…

HTML5 not yet ready for prime time

Before working with HTML5, I had initially questioned HTML5’s support and adoption, considering IE6 and IE7 were still dominating browsers.  Recently, Microsoft has announced IE would automatically update, like their competing browsers Firefox and Chrome.  I’ve developed using HTML5 and CSS3 for the past few months, using all the latest browsers.  In short, most of my tests and development failed to be cross-browser compliant.  I’ve probably swore at my computer a few dozen times and rewrote the code to use standard JavaScript just as many times.

For those of you who know me, they will know that I am using Internet Explorer 9 64 bit as a primary browser.  My reasons are very simple, I want something fast, has robust developer tools, and good crash management.  If my options were limited to IE 32 bit, I could promise you that I would not use Internet Explorer as a primary browser, despite having arguably the best developer tools (which oddly enough come built into the browser, unlike Firefox which requires you to install Firebug).  After using it as a primary browser for a few months, I’ve noticed how much different the web looks from the perspective of an IE user.  Websites had bugs, some code had breaking errors (that other browsers tend to ignore) and some sites simply refused to let you in if you used IE (regardless of the version).  I’ve had a few sites tell me to switch browsers for no clear reason.  Oddly enough, as a user of IE9, I love it, but as a developer who wants to build using the latest tools, that is simply not possible… unless of course I used IE10.

When developing in HTML5, I did not build a game, as most people expect HTML5 to be used for.  Instead, I used it to build tools and manage data.  Based on my earlier posts, you will see that this has been no small test, with more than 200k lines of code from the start.  Today, it stands at 165k lines of code (yes, we are refactoring).  HTML5 is supposed to have more tools and capabilities with handling forms and have new events that would hopefully cut down on the need of observers in a page.  Beyond that, I was mainly looked forward to HTML5 for the ability to embed multimedia into pages; like music, videos, articles and figures.

Continue reading…