SAS 70 becomes SSAE 16
By Jon Jensen
February 8, 2011
In recent years it’s become increasingly common for hosting providers to advertise their compliance with the SAS 70 Type II audit. Interest in that audit often comes from hosting customers’ need to meet Sarbanes-Oxley (aka Sarbox) or other legal requirements in their own businesses. But what is SAS 70?
It was not clear to me at first glance that SAS 70 is actually a financial accounting audit, not one that deals primarily with privacy, information technology security, or other areas.
SAS 70 was created by the American Institute of Certified Public Accountants (AICPA) and contains guidelines for assessing organizations’ service delivery processes and controls. The audit is performed by an independent Certified Public Accountant.
Practically speaking, what does passing a SAS 70 audit tell us about an organization? Most importantly that it is financially reliable, and thus hopefully a safe partner for providing critical Internet hosting and data storage services.
On June 15, 2011, the SAS 70 audit will be effectively replaced by the new SSAE 16 attestation standard (Statement on Standards for Attestation Engagements no. 16, Reporting on Controls at a Service Organization). Thus the …
audit hosting
Web Friendly Tools
By Steph Skardal
February 7, 2011
Over the past few weeks, I found a few nice tools that I wanted to share:
Spritebox
The first tool I found came across and wanted to share is Spritebox. Spritebox is a WYSIWIG tool to create CSS sprite rules from an image on the web or an uploaded image. Once a sprite image is loaded, regions can be selected, assigned classes or ids, display settings, and background repeat settings. The preview region shows you which part of the sprited image will display in your DOM element. After all sprite regions are defined, CSS is automagically generated, ready for copy and paste into a stylesheet. This is a user-friendly visual tool that’s likely to replace my tool of choice (Firebug) for generating CSS sprite rules.
I select the twitter region and assign several CSS properties.
|
I select the header background region and assign several CSS properties.
|
Typekit
Another tool / service I’ve come across on the design side of web development is Typekit. Typekit is a font hosting service that allows you to retrieve web fonts and render text with those fonts instead of using Flash or images. I recently noticed severe lag time on font rendering for one of our Spree clients. I was curious …
tips tools
Using nginx to transparently modify/debug third-party content
By David Christensen
February 6, 2011
In tracking down a recent front-end bug for one of our client sites, I found myself needing to use the browser’s JavaScript debugger for stepping through some JavaScript code that lived in a mix of domains; this included a third-party framework as well as locally-hosted code which interfaced with—and potentially interfered with—said third-party code. (We’ll call said code foo.min.js for the purposes of this article.) The third-party code was a feature that was integrated into the client site using a custom domain name and was hosted and controlled by the third-party service with no ability for us to change directly. The custom domain name was part of a chain of CNAMEs which eventually pointed to the underlying actual IP of the third-party service, so their infrastructure obviously relied on getting the Host header correctly in the request to select which among many clients was being served.
It appeared as if there was a conflict between code on our site and that imported by the third party service. As part of the debugging process, I was stepping through the JavaScript in order to determine what if any conflicts there were, as well as their nature (e.g., conflicting library …
browsers camps interchange javascript linux testing tips
Monitoring with Purpose
By Jason Dixon
February 4, 2011
If you work on Internet systems all day like we do, there’s a good chance you use some sort of monitoring software. Almost every business knows they need monitoring. If you’re a small company or organization, you probably started out with something free like Nagios. Or maybe you’re a really small company and prefer to outsource your alerts to a web service like Pingdom. Either way, you understand that it’s important to know when your websites and mailservers are down. But do you monitor with purpose?
All too often I encounter installations where the Systems Administrator has spent countless hours setting up their checks, making sure their thresholds and notifications work as designed, without really considering what their response might be in the face of disaster (or an inconvenient page at 3am). Operations folk have been trained to make sure their systems are pingable, their CPU temperature is running cool and the system load is at a reasonable level. But what do you do when that alert comes in because the website load is running at 10 for the last 15 minutes? Is that bad? How can you be certain?
The art of monitoring isn’t simply reactive in nature. A good SysAdmin will …
monitoring performance sysadmin
In Our Own Words
By Steph Skardal
February 2, 2011
What do our words say about us?
Recently, I came across Wordle, a Java-based Google App Engine application that generates word clouds from websites and raw text. I wrote a cute little rake task to grab text from our blog to plug into Wordle. The rake task grabs the blog contents, uses REXML for parsing, and then lowercases the results. The task also applies a bit of aliasing since we use postgres, postgreSQL and pg interchangeably in our blog.
task :wordle => :environment do
data = open('http://blog.endpoint.com/feeds/posts/default?alt=rss&max-results=999', 'User-Agent' => 'Ruby-Wget').read
doc = REXML::Document.new(data)
text = ''
doc.root.each_element('//item') do |item|
text += item.elements['description'].text.gsub(/<\/?[^>]*>/, "") + ' '
text += item.elements['title'].text.gsub(/<\/?[^>]*>/, "") + ' '
end
text = text.downcase \
.gsub(/\./, ' ') \
.gsub(/^\n/, '') \
.gsub(/ postgres /, ' postgresql ') \
.gsub(/ pg /, ' postgresql ')
file = File.new(ENV['filename'], …company analytics ruby
Visit at DistribuTECH
By Ron Phipps
February 2, 2011
I had the chance to attend DistribuTECH in San Diego, CA this past week. DistribuTECH is billed as the utility industry’s leader in smart grid conference and exposition. End Point was present at the conference on behalf of Silver Spring Networks. Silver Spring Networks contracted with us to provide a Liquid Galaxy installation for their exhibit.
The Liquid Galaxy did its job from what I could tell. The exhibit was consistently surrounded with conference goers both interested in listening and watching the tours that were being presented as well as wanting to see what the Liquid Galaxy was all about. This was the first time I had seen the Liquid Galaxy and was quite impressed with how well it worked. I saw many people moving their bodies in sync with what was being displayed on the screen, showing that they felt immersed while within the galaxy. One gentleman knelt down while attempting to look under a graph that was being presented on the screen. This same person had returned to the exhibit several times, bringing colleagues back each time to “show off” what he had found.
I spent some time on the conference floor, checking out what was being displayed and seeing how others were …
conference environment visionport
Browser popularity
By Jon Jensen
February 1, 2011
It’s no secret that Internet Explorer has been steadily losing market share, while Chrome and Safari have been gaining.
But in the last couple of years I’ve been surprised to see how strong IE has remained among visitors to our website—it’s usually been #2 after Firefox.
Recently this has changed and IE has dropped to 4th place among our visitors, and Chrome now has more than double the users that Safari does, as reported by Google Analytics:
| 1. | Firefox | 43.61% |
| 2. | Chrome | 30.64% |
| 3. | Safari | 11.49% |
| 4. | Internet Explorer | 11.02% |
| 5. | Opera | 2.00% |
That’s heartening. :)
browsers
JSON pretty-printer
By Jon Jensen
February 1, 2011
The other day Sonny Cook and I were troubleshooting some YUI JavaScript code and looking at some fairly complex JSON. It would obviously be a lot easier to read if each nested data structure were indented, and spacing standardized.
I threw together a little Perl program based on the JSON man page:
#!/usr/bin/env perl
use JSON;
my $json = JSON->new;
undef $/;
while (<>) {
print $json->pretty->encode($json->decode($_));
}It took all of 2 or 3 minutes and I even left out strictures and warnings. Living on the edge!
It turns a mess like this (sample from json.org):
{"glossary":{"title":"example glossary","GlossDiv":{"title":"S","GlossList":
{"GlossEntry":{"ID":"SGML","SortAs":"SGML","GlossTerm":"Standard Generalized Markup Language",
"Acronym":"SGML","Abbrev":"ISO 8879:1986","GlossDef":{"para":
"A meta-markup language,used to create markup languages such as DocBook.",
"GlossSeeAlso":["GML","XML"]},"GlossSee":"markup"}}}}}into this much more readable …
javascript json perl python ruby