AddThis

Monday, December 21, 2015

The Keystrokes - Generating Interest in STEM

Back in November, my friend Cheryl, whilst in casual conversation, mentioned to me that she was volunteering for Women in Tech (WIT) as well as Girls in Tech (GIT). She was in the middle of setting up a science fair type event that was meant to showcase current innovation and interesting projects from various tech and science companies to try and get girls more interested in science, technology, engineering, and math (STEM). Everything she was describing to me sounded super interesting and I asked her if I could get a booth. I had a few friends in mind that I thought would be interested in helping, but at this point, I hadn't asked them and I had no idea what we were going to showcase. But I was still very interested in helping, and Cheryl had an extra booth, so she said "Sure". Now to find a team and an idea.

I could go on, but my friend Mary, who was part of the team that we assembled for the showcase, gives a thoughtful and thorough retelling. Check it out here.

Mary is an excellent wordsmith and her account, including the events leading up to and including the showcase is truly excellent. I highly recommend the read.

Monday, February 16, 2015

RTFM

We're all guilty of it.  You are using this awesome tool that made your life so much easier.  You were initially debating writing something like this yourself or cobbling together a bunch of other tools in order to do what you want, but Behold!  Tool 'X' is doing everything you needed and more.

You started using it straight away.  You dove right in, and never looked back.  Now your app is in production and everything seems to be going great.

That is until your world is shattered by an article such as:

http://news.hitb.org/content/major-security-alert-40000-mongodb-databases-left-unsecured-internet
or
http://www.techworm.net/2015/02/major-security-alert-40000-mongodb-databases-left-unsecured.html

D'oh!  

You double check your configs and notice that you left a lot of things as 'default'.  Shouldn't it be safe by default!?  You read a little more into what the actual defaults are and realize that alas, no, they are not.

A lesson not to be taken lightly.  Even if you weren't affected by this MongoDB issue, let it be a lesson.  Understand what all the configuration options are and make sure you configure your tools correctly.  DO NOT TRUST THE DEFAULTS.

This happens all the time.  Another one that comes to mind was the JMX console on JBoss.  As a quick reminder, JMX is a tool used by most application servers to allow you quick access to monitor applications or interact with container managed beans.  And by interact, I mean things such as calling functions and invoking business logic.  The JMX Console is a webpage that allows you access to JMX.  For a long time, the default was no security for this page.  Anyone could put in your JMX console URL, and start mucking around with your server.  Even worse, because it's a public page, Google will actually index it.  Don't believe me?  Just do a search for "8080/jmx-console" and you'll find a bunch of servers with their JMX consoles exposed.

Happily, the latest version of JBoss has the JMX Console removed and allows access to JMX through JConsole.  From there you can use a username and password to log in and start using JMX.  These usernames and passwords come from either the ManagementRealm or the ApplicationRealm, so again, RTFM and do not simply use the defaults!

tl;dr RTFM and don't trust the defaults.