Week 7: July 7th - July 13th
Sunday:
I went to church in the morning. We had a dinner afterwards, so I just hung out there and ate with everyone before heading back to the airport. Saturday was long and busy, so Sunday was a very very sleepy day. I couldn't really take a nap at the airport, though, so I just read (somewhat absentmindedly). Laura and Kimberly (Laurie's daughter) picked me up at the airport. Kimberly made picture frames for both Laura and me, and so she gave me mine, which I love. We were all talking away when Laura suddenly noticed that the exit we were coming up on was on the opposite side of Raleigh from where we needed to be. We had completely missed the turn and ended up very much on the wrong side of the city. But in case you ever need to know, it takes about 50 minutes to go around the entire beltline around Raleigh.
Monday:
I can't believe I'm starting my 7th week. Time is flying. In the morning, I updated my journal since I hadn't added anything to it for last week. I also met with Laurie and showed her the work I had done while she was gone. She gave me guidance as to what needs to be done next, so I'm going to work more on making the survey more user-friendly (fixing the questions, possible answers, hooking it up with PHP and MySQL). We talked about using the survey as an aid in creating company security policies. I started looking through the book on security policies, and it looks like it will be very helpful. I also ran down to the library again because the other book I had ordered came in. This time they didn't even make me check it out. That was rather peculiar, I thought.
At lunch, I introduced everyone to the wonderful world of Eugene Mirman. I just like the songs. They make me laugh. I was still so tired from the weekend, I just lounged around for the evening.Tuesday:
In reading through the book on security policies, I realized that security policies are inherently very broad. For example, "Managers must protect company data" would be a possible element of a security policy. It seems then, that the survey and other elements we are working on have to do with much more detail than that. The survey encompasses these elements, but it mostly builds on what a policy would be. To get into such detail, the book introduces standards, which would be something like "Managers must ensure that customer credit card numbers are protected by encryption." Then there would be procedures below that that outline the steps they would need to take to implement that standard. It's all rather organized (imagine that). In any case, the survey seems like it would be more helpful for creating standards rather than policies. As standards are derived from policies, you would still get to a policy using the survey, it just ends up being an indirect route.
Wednesday:
Today I reworded the questions so they have quantifiable answers (Y/N, options, etc.). Then I got the basic survey into php form. I haven't hooked it up to MySQL yet, but it's progressing. I also did some reading on the whole Microsoft Palladium thing. It is their theoretical new secure architecture. It sounds very interesting, and there's plenty of negative press out about it. I also found a new definition of trust (meaning I haven't seen it before) from someone quoting the Department of Defense. It stated that " a `trusted system or component' is defined as `one which can break the security policy'." At first that seems strange, but it makes sense if you think about it. Plus, it takes away the more subjective attributes of a definition of trust (such as something that's reliable, secure, private, etc. - all of which are subjective terms as well), which is helpful because it's difficult to provide guidelines for something you can't even define objectively.
In the evening, we had yet another wonderful dinner that evening prepared by our gracious host and chef extraordinaire, Danny Williams (he is a salesman, that is true, but he also has a degree in engineering and is a good cook, so he's acceptable, I suppose :-) ). Afterwards, Laura and I watched an episode of Law and Order which ended up being about Internet security/privacy. So we naturally had a detailed discussion about the show, what they had shown that was possible, what was embellished, as well as what philosophical statement they were trying to make about the topic. Who knew prime time TV could have such intellectual worth?Thursday:
This morning we renewed our weekly security discussion (it seems like forever since we met last). The chapter was on the importance of an external security audit after the completion of the software. We discussed potential problems with such an idea (time and money involved in having someone new learn and then review your code, etc.) and possible ways to alleviate the problems. We also talked more about the principles of XP and where they either complement or conflict with security principles. Later, Laurie got a book in the mail called How to Break Software, so I flipped through that for awhile. The title showed such promise, but it pretty much just gave you tons of ways to make MS Word crash, and who hasn't done that a million times already? The book was on testing, and it looked like it gave good hints on what to test for (showing where Word failed), but I just wanted to break things, so it was a little disappointing :-). I also read up on MySQL so I can hook up my survey to a database. I will work on actually implementing that tomorrow.
We left early because Laura and I were baby-sitting (kidsitting, rather) for Laurie's three kids, Chris, Kimberly and Brian. We ate dinner, went to see Mr. Deeds, and then got some ice cream at Cold Stone (which was very good). (We saw Prashant at the theater - somehow I always manage to run into him when I go see a movie up here). It was an entertaining evening. They are very cute and very likable kids.
Note: Today, Laura and I observed that "William Stufflebeam" has the same number of syllables as "water buffalo". Don't ask.Friday:
This morning we showed Annie the questions on the GRE that we needed some help on. She's going to set us up appointments with some other faculty members here so we can ask them questions. Most of the ones we had problems with were theory questions. I have to say that UGA did a good job of preparing me for the GRE. I griped and complained about having to learn some of the stuff (and I clearly didn't learn theory as well as I could have), but now at least I'm not completely lost in terms of the GRE. So special thanks to all my professors in Georgia! The rest of the day, I got the survey pretty much set up in PHP. I discovered that I didn't have access to MySQL, so I had to email William about getting that working. He had forgotten the password, so he had to email Paul. Hopefully I will be all set up by Monday.
We went out for Mexican with the Williams, and then Laura packed. She is abandoning me for several days to go to a family reunion in South Carolina. Apparently, she thinks because everyone else has been taking vacations throughout the summer that she has the right to leave as well. The nerve.Saturday:
Laura left bright and early, and I continued to sleep and sleep and sleep. I slept in past 9 for the first time this summer. It was quite pleasant. I tried to go study for the GRE, but the library was closed and Borders was too busy, so instead I just went shopping. I finally managed to use some more gift certificates from last Christmas, and they gave me the change from one of the cards, so I actually made money on the trip. I work on the GRE that afternoon, so I've had a cornucopia of pretentious words running through my head, like mendacious, invidious, and calumnious. I'm working on the verbal section first, as that should boost my confidence - I'll get around to math eventually. If I could only remember all the words, I'd use them in normal conversation. They are exceedingly diverting. It was Brian's half-birthday, so there was family dinner, cake and fireworks that evening.