innismir.net

So, the web is all abuzz with Obama being elected to President. He has already set up Change.Gov for his transition, a first.

Personal politics and concerns about whether this is .gov worthy or why we need this when we have presidentialtransition.gov aside, this is an important lesson on why QA is important before putting your website/code/whatever into a production environment. People have release early/release fast/release often mentality when dealing with code. This can be fine when you are dealing with a project that no one expects to be 100% on the first pass. But when you are dealing with a site that should be a somewhat of a flagship for your “brand” it helps not to have embarassing SNAFUs like this:

Also, this SCREAMS possible XSS security hole to me (Note, this isn’t my screenshot, I didn’t test this, nor do I condone or endorse probing .gov sites for security holes without permission)

All of this annoys me to no end as a security guy, as QA is when we usually get called in (at the last minute) to “make sure we’re secure.” More often then not, when I tell them, in fact, they are not secure, I get “Well, we can’t fix that right now! We’ll fix it later in production!” from the developers and they try to move forward until someone from management smacks them with a rolled up newspaper. I’m thinking that this a shining example of what happens when the developers go ahead without being smacked. Quality Assurance is a necessary step when moving forward in website. Yes it’s tedious, yes it’s annoying, but it will save you pain and embarassment if you do it correctly.

(Hat Tips to Michelle Malkin for originally pointing out the site and dual_parallel for doing some in-depth research)

So, like other hard core political junkies, I was watching the election results of the Iowa Caucus last night trying to get the latest results. I went to surf around 8:45PM EST, looking to get the results trickling in.

The Iowa Democratic Party website was zippy, automatically updating, and from what I can tell, AJAXified.

The Iowa Republican Party website… Well… Not so much.

Apparently my fellow political junkies flooded the Iowa GOP website off the tubes. I’m seeing some more frazzled SysAdmin who thought “Hmmm! Two T1s and a server should be find for my flash heavy, graphically intensive website!” and then cowering when hundreds of thousands of users descended onto his or her server.

Meanwhile, the Iowa Democratic website had the foresight to realize how many people will be clamoring to get to the data. They put a streamlined results page on, and moved it to Amazon’s S3 service which saw our requests and laughed as we made hardly a dent in their bandwidth. I think someone reads Jeff Atwood.

The end result is that I was on the Iowa Democratic Website almost all night, and had to turn to other sources to get the GOP results. Way to go guys.