Hmmmmm. There's more people reading these blog pages than I thought and some of 'em sniff something more than what's showing.

John; I see you've done away with the WordPress blog, kept the Grey Matter and have something entirely different here. What have you got up your sleeve?

Hey! I like the new blog but what happened to the WordPress themes and blog? You had it fixed so nice. This one's nice too though.

I know you are doing something. When's it going to be ready? What is it? A new CMS? Just News?

OK! I reckon I'm Busted. Here's the deal.

Yep, it's pretty obvious the WordPress blog has been dismantled and the free theme downloads... Well, they're gone too. I appreciate the accolades but, there's plenty of themes available. And, yes, I've kept the GreyMatter News for now but it too will be dismantled in time.

This particular "News" is powered by a $40.00 third party script. It's incredibly powerful but, relies on flat-files to warehouse the news articles and isn't quite as powerful as WordPres. I've used this particular script as somewhat of an "experiment" but have ended up hacking the script so much that it barely resembles the original. You folks are going to have to live with this for the time being.

Now to answer, "What's Up My Sleeve". Yes, there is a completly new CMS system in the works. One that will combine some of the features of GreyMatter and a few features of WordPress. In a nutshell my goal is to produce a CMS/News system that will produce the static pages as GreyMatter and yet will rely on MySql to keep track of articles and comments plus of course, offer RSS feeds.

Yeah, I know, I could cobble together some PERL and some PHP and make GreyMatter work or I could continue to use WordPress along with some of the great plug-ins to cache pages and .htaccess to make "pretty URLS". The Key Word in that last sentence is Cobble. I don't LIKE cobble.

Rarely a week goes by that I don't receive correspondence asking about (complaining) .htaccess mod_rewrite stuff or some host is imposing some kind of limit on their MySql database or they just can't make something work in their current CMS/News scripting. I just don't have the time to fix each individual's problem: Without it turning into a cobbled mess. I don't like cobble.

So.... The solution seems to be a fresh start with a combination of the "best features" all in a nice, seamless, neat package. Will it work for everyone or suit every need. Hell NO! However, if most folks will be honest with themselves and take a real look at what they're posting: It'll be "Jussss' Right".

Now this endeavor isn't going to come to fruition in a week or two. I reckon it's going to take at least several months. You've got to remember... I'm a committee of one and I've got to eek out a living doing the regular stuff.

Own a street-side business and doing business on the web as well?  Which is more secure in terms of general access?  There are many parallels in security measures implemented on the web that you may very well want to carry over to your street-side business.

And, if you treat the security of one business differently than the other you may very well be leaving the locks... Unlocked.

Here's the scenario:  What would you do IF?...  A potential customer visited your street-side business and in their pocket was a permanent ink marker or a can of spray paint.  In the process of their visit to your store they proceeded to deface your floors, walls and displays.  Perhaps even some of the merchandise or the front door itself along with the outside display window.  On your web site they've completely re-done your home page or added SPAM entries to your guest book or message board for the world to see.  Or worse!  Gained access to all your administration pages.

The Police Report would call the street-side problems vandalism.  On the web:  Your site just got hacked and there's not a soul to report it to other than your webmaster and I'd almost bet you're wearing that hat.  No matter if it happened at the corner of First and Maple St. or on the far reaches of the web:  It's still the same and may very well cost just as much to clean up one mess as the other.

Here's the kicker!  The street-side vandal may have taken several minutes to accomplish his dastardly deed and chances are you don't have a clue who he, she or they were or even the exact time the act occurred.  The police are powerless to do much more than offer their sympathy unless the perpetrators left some incriminating evidence.

Conversely, the vandals that stuck your web site (in a matter of seconds as opposed to minutes) left evidence showing everything but their home phone, name and mug-shot!  You've just got to know where to look for the evidence and know how to use it once you find it!  And if the breech was severe enough to involve the police, one may even get the missing pieces.  Nevertheless, without the authorities there's enough direct evidence to track the culprit down and if the ISP will cooperate, you'll see some immediate action.  No lawyers. No Courts. Only the satisfaction in knowing you found the bad guys and the ISP cancelled their service.

The pitfall here is the "bad guy" can be back up and running as soon as he subscribes to another ISP's service unless you've involved law enforcement agencies and they have taken the person "offline" in more than a digital sense.  Unfortunately this is a VERY rare occurrence.

Many business owners have a somewhat cavalier attitude toward their web sites in that they do not realize it is a direct reflection on their street-side business.  So, they think; "Oh well, I'll fix the site in a few days or remove the forum SPAM messages when they get around to it or clean up their guest book entries when the mood strikes.  Then, they'll make absolutely no effort to prevent the same vandalism from happening again.

Case in point:  One of our local TV stations (KWES-TV) utilizes a forum board for "viewer comments".  Not too long ago a SPAMMER literally filled one or two topics with porn images and they were left "undiscovered" for several days.  In fact they were not removed until I notified the folks at the station.  I also asked that my account on the forum board be stricken, along with all my posts.  It's no wonder the forum there is horribly under used.

Here again, in the "cavalier attitude" department, the laws of the land and the law enforcement agencies just don't seem to "Get It" in terms of one's web site.  Only when government secrets or a gazillion names and social security numbers are stolen does legal actions begin to happen.  Nevertheless, there are "things" that can be done by You!

In Part II of Your Business' Security I'll spell out a few preventative and or counter measures that can be taken.  Although primarily geared toward a web site, there are certainly some parallel actions for your street-side business.

...Or dealing with two legged cockroaches.

Security breeches take on a variety of values and may be as innocuous as a piece of UCE/SPAM email or a full-on assault of either one's street-side business or web site in the form of theft of goods or data.

Needless to say, if the breech is of the aforementioned type whether happening on the web or on the street, you've got some very serious security problems and should consider some professional help.

As with real life cockroaches, vandals can enter through the smallest of opening and they spend a great deal of time just Looking for such portals.  Fortunately, these little "openings" are much easier to plug on a web site than the street-side counterpart where the exterior is open and unguarded.  Also, a little plain ol' common sense goes a LONG WAY in the prevention department!

A key point to keep in mind is the statement above; "...The smallest of openings...".  There can be absolutely No Porosity in your security access procedures.  No detail is too small.

On the web, the most vulnerable places of any web site is "Post Data" forms of one type or another.  These include email forms, guest books, forum boards and or any other form that requires a visitor to submit information to your web site.  EACH blank field that requires an input is a potential "entry point"!  Even forms that use "type=hidden" form fields for known data input are not immune!

Needless to say, good form field validation is REQUIRED:  Preferably NOT using javascript which can be turned Off by the cockroach, leaving your data entry totally unprotected.  And NO, the old "mailto:YourEmailAddress@YourISP.com" is NOT an alternative... The very Worst thing you can do!

The second preventative measure is to identify the cockroach and start your own "database" of information.  Be it a notebook with photos, descriptions and dates or a plain text file... Anything will work as long as you know who to look for.  Talk to other businesses in your neighborhood.  Share information!  The same goes for web site owners.  There's a ton of information available by just aquiring an IP address and perusing your server's access_log files.  You'll learn that is your number one tool.  Remember the everything but a name, phone number and mug-shot comment earlier?  The access_log files contain all the information one might need to nail the cockroach to the wall.

Don't keep your "database" of information locked up in the back-room... Keep it where you and or your employees can have ready access to that information and give employees the authority to stomp the roaches when they walk through the door.  Well, OK... Give your employees the authority to politely ask the known roach to get his or her ass out of your store.

On the web site:  Restricting one's access can be accomplished in a variety of ways.  The easiest and most effective/efficient (for unix server users) is a good .htaccess file in the root directory.  This is the equivalent of "greeting the roach" at the front door only it's faster, seldom "misses" and almost impossible to defeat (when done right).

Lastly, business owners must undergo a complete Attitude Adjustment toward potential customers and visitors to their web sites.  Remember, cockroaches are sneaky little bastards and they sometimes disguise themselves as people.  There's a HUGE misconception that visitors are always right... And they're given chance after chance to correct their "mistakes", especially when visiting web sites.  Bull Shit!  More often than not, those aren't "Mistakes", they're "Attempted Exploits" and should be treated as such.

If your form field has a notation along the lines of "Do not use HTML" or "Do Not Send URLs..." yet a "visitor" insists on doing such... Probably a genuine cockroach and they don't need to see a nice "error message".  Just boot 'em off your site!

The same applies to your street-side business!  If that "customer" comes to your store with a can of spray paint bulging from his pocket... Or, if he's recognized as a known vandal... Why on Earth would you allow him a second opportunity?!

Remember, it's YOUR store.