The Byte Stops Here

Sometimes you need a simple script to backup the full DB to a file.

Some of the uses of the script I found were:

• To create a nightly job; simply have a hard file backup on a drive
• To generate a file on demand for restore to other environments (dev/stage/uat)
• And to be part of some build process
  

This script automatically appends a timestamp, so each time you have a fresh copy of the DB. Works great for us! See the associated restore script as well.

See: http://blog.tech-cats.com/2007/10/sql-server-script-to-backup-database-to.html

In this post, we'll try to create a grading system for PCI Compliant Managed Hosts, which I'll later use to go over several hosts whom I've been interviewing and dealing with over the past 3 months.

This is all new territory for me, and for the industry. There is no coherent grading system, and its hard to tell the newbies apart from the gurus.

So you've scoured the web, and looked at lists. By this time, your initial shock may have subsided. Shock? Yeah, you've had no need to narrow your list as the list is already small. Why in the world are the rest of the hosts so behind? Are those $9.95 e-Commerce plans PCI Compliant? Probably not. Does it seem like 95% of the world doing e-Commerce actually doesn't meet most of the PCI specs? Yup. Should you be scared about where and whom you buy from online even more? Yes.

So let's take a look at the hosts. They tend to fall into categories pretty easily.

Tier 4 (Highest) - These guys rock. The eat PCI Compliance for breakfast.

• May belong to the PCI Security Standards Council
  
• Should be able to provide a pretty detailed diagram of the setup
• Should be able to provide a dedicated Account Exec, along with an in-house team of experts (Sys. Admins, DBAs, etc)
• Should have certification with Visa for their Cardholder Information Security Practices (CISP) standard for compliance, along with experience with Sarbanes-Oxley, HIPAA, etc
  
• Have expertise in other areas like SAS 70 Certification

Tier 3 (2nd Highest) - These guys have experience, but are far from experts.

• These guys don't have formal processes to handle new clients for PCI
• They usually have done several clients in the past, and are "getting better" with each new client
• They usually put more emphasis on the initial sales pitch, but drag their feet for details

Tier 2 (2nd Lowest) - These guys are new, and may actually be making stuff up along the way.

• I know, my rating system is getting harsher, but these guys may advertise PCI, but aren't prepared in the least.
• They may offer some sort of PCI Toolkit, but their implementation (and/or understanding) of PCI is flawed.
• They might think of PCI as a patch, or some extra hardware.
  
• Their sales people (and/or tech reps) are barely trained to talk PCI.

Tier 1 (Lowest) - These guys advertise PCI, but wouldn't know it if it stared them in the face.

• Their sales process is extremely weak.
  
• They have little to no understanding of PCI Compliance.
• They bad mouth other host.
• May offer "special" pricing to hook you.

JVM Tuning has been long a favorite subject of mine. Maybe some day I'll share our JVM Settings in full, but for now you need to do two things.

Update to JDK 1.6 Update 10 - Once CF8 came out, people started complaining that their frameworks loaded slowly, initial page loads were long, that CFC generation took a while, etc. The conventional wisdom was to move back down to 1.5, which didn't have these issues. No more. Update 10, which has long been in beta, is now fully launched, and our CFC generation, slow loading issues are nearly gone. Whereas before it would take minutes, it now takes less than 15 seconds. Besides the other benefits of running the latest 1.6, this one rocks. Download info available @ http://java.sun.com/javase/downloads/index.jsp.

Garbage Collection Settings just for Frameworks - We would occasionally notice hiccups, slight slow downs for GC despite our numerous JVM tweaks. No more since adding two lines. More information is available @ Mike Brunt's blog - http://www.cfwhisperer.com/post.cfm/sun-jvm-1-6-heap-memory-behavior-with-coldfusion-frameworks.

The Two JVM Tweaks:
-Dsun.rmi.dgc.client.gcInterval=600000 -Dsun.rmi.dgc.server.gcInterval=600000

Subversion 1.5.3 had enough bugs to warrant a new release two weeks later. See notice below.

---

I'm happy to announce Subversion 1.5.4, fast on the heels of Subversion 1.5.3.

1.5.3 was discovered to contain a regression in 'svn merge'; see CHANGES for more information.

Subversion 1.5.4 is available from:

http://subversion.tigris.org/downloads/subversion-1.5.4.tar.bz2

http://subversion.tigris.org/downloads/subversion-1.5.4.tar.gz

http://subversion.tigris.org/downloads/subversion-1.5.4.zip

http://subversion.tigris.org/downloads/subversion-deps-1.5.4.tar.bz2

http://subversion.tigris.org/downloads/subversion-deps-1.5.4.tar.gz

http://subversion.tigris.org/downloads/subversion-deps-1.5.4.zip

Release notes for the 1.5.x release series may be found at:

http://subversion.tigris.org/svn_1.5_releasenotes.html

You can find the list of changes between 1.5.4 and earlier versions at:

http://svn.collab.net/repos/svn/tags/1.5.4/CHANGES

As many of you know, for e-Commerce, whenever and wherever you touch credit cards, you must be PCI Compliant. But where do you start to find hosts, who have created an environment for you, and are willing to work with you. Besides Google, oops, I mean Scroogle, you can look at the list Visa provides.

Download the list @ http://usa.visa.com/download/merchants/cisp_list_of_cisp_compliant_service_providers.pdf.

I'll be covering the ones mentioned for Managed Hosting in forthcoming reviews.