As per my blog post on April 9 regarding the SQLSaturday website, the good news is that we’re back online. So far, feedback on the site has been overwhelmingly positive.
I first want to thank everyone for their patience last week: the organizers and sponsors who couldn’t access the site during the downtime, as well as the community members who have been waiting to hear what happened. As with any issue like this, our main priority was to rectify the situation. Therefore, we felt it best to wait until the site relaunched and all security vulnerabilities were fixed before sharing more specific details.
But of course, full transparency is important to us and to you. Now that we’re up and running again, here is the timeline of events that occurred over the past week:
- • On Monday, April 6, we were alerted to a potential security vulnerability that exposed the contact information (address, city, region, and twitter handle) of some sponsors. We immediately removed this information and decided to take down the entire sponsor page for further testing. The security of information regarding our community and sponsors is of the utmost importance to us, so we wanted to conduct a thorough review of the entire website, not just that specific issue.
- • By Monday night, we had decided to take the entire SQLSaturday site offline. We chose this option, rather than a rollback, because at the time, we estimated a rollback effort to be more time-consuming than simply taking the site offline and implementing the fix. In addition, we didn’t want to risk losing any new or changed data. We were able to minimize impact as best we could for the upcoming SQLSaturday events over the weekend of the 11th and 12th by providing access to the admin sites for the Huntington Beach and Madison SQLSaturday events.
- • The morning of Tuesday, April 7, we decided to ask community members for testing support. Our community comprises some of the best and brightest minds in the industry and it made sense to involve the users of the site in further testing.
- • The patch was completed by Tuesday night, making the site ready for testing by volunteers on Wednesday.
- • During the testing on Wednesday, April 8, a second potential vulnerability—an HTML injection vulnerability—was identified. Because of the seriousness of this potential issue, we decided Wednesday afternoon to keep the site offline for another day so that we could thoroughly research and correct the issue and complete final testing. As we began delving into the issue, we discovered that it also existed in the old site. So again, a rollback was not an option.
- • The problem was fixed late Wednesday night.
- • On Thursday, April 9, PASS IT and community-member testing was complete.
- • Satisfied with the security and usability of the site, we relaunched Thursday at 9:30pm EST.
PASS apologizes for this outage and for the difficulties it created for the SQLSaturday organizers, sponsors, speakers, and attendees. We thank those who provided feedback on the issues and the volunteers who stepped in to help test the solutions, particularly K. Brian Kelley (blog | @kbriankelley), Denny Cherry (blog | @mrdenny), and Argenis Fernandez (blog | @DBArgenis). To help prevent a similar issue in the future, we are looking at more extensive QA processes with a specific focus on ensuring site security. Although I believe we made the best possible decisions along this timeline, we will certainly take a different approach to future site revisions, including but not limited to earlier and wider security-based and functional testing by our volunteer experts and progressive change schedules.
Again, thank you for your patience. If you have any further feedback or questions, please email us at firstname.lastname@example.org.
PASS Board of Directors
As many of you may be aware, this week PASS launched the new SQLSaturday website.
Shortly after launching the site we were notified of a security vulnerability which meant that sponsor’s contact details (company or individual name, twitter handle, address, and zip/postal code) were all visible. The intention of this information being available was to streamline the process for sponsors to sign up for an event without having to re-enter their details each time. However, given some of our Sponsors use their home address as contact information there were concerns at having this information publicly available on the site. This information was immediately taken down and out of an abundance of caution we also made the decision to conduct a full assessment to ensure no other issues existed.
This afternoon after rigorous testing by PASS IT and volunteers from the community we are pleased to announce the site is live again.
Further detail on the actions and decisions surrounding this event will be made available in the coming days.
We thank you for your continued patience and understanding throughout this time and look forward to providing an enhanced experience for event organizers, attendees, speakers and sponsors of SQLSaturdays with the new site going forward. Again we would like to thank everyone who was involved in the vision, planning, feedback and testing of the site.
- Tim Ford
PASS Director, SQLSaturdays
April 6, 2015--Over the past few weeks, we’ve been alerting people to something exciting: our new SQLSaturday website redesign. It’s now faster and easier than ever to manage, speak at, sponsor, or attend a SQLSaturday event! After a great deal of effort by our staff and community volunteers for months (years, actually) the update is finally here—we hope you’ll stop by and take a look! The redesign will significantly improve the SQLSaturday experience for attendees, speakers, and event and chapter leaders.
For starters, the new site makes it easier than ever to manage your SQLSaturday event or your Speaker Profile. One of the changes we’ve made is to tie in PASS accounts, so that leaders and speakers don’t need to juggle multiple account logins.
Speakers now have a universal Speaker Profile that is associated with their PASS accounts and can be applied across events. This change and others make it easier for speakers to manage and track abstract submissions, upload presentations, and get feedback about their sessions.
If you’re an event leader, you can now use your PASS account to access the Admin site—which has also received a facelift. The site features a cleaner, easier-to-use dashboard that will help to simplify the process of managing an event, including allowing you to associate an event with a chapter.
We’ve also improved the Session Management UI, which now supports a wider variety of session lengths as well as color-coding of tracks and rooms. Plus, you can add keynotes, rest breaks, and raffle draws as non-session items.
SQLSaturday attendees will benefit from the mobile-friendly redesign as well. Use your PASS account to manage your registrations, download SpeedPASS, pay for lunches, and deliver event feedback.
Sponsorship is an even more winning proposition, with a new slider and improved sign-up form that saves sponsors time and effort. (Sponsors will need to complete a one-time upload of new logo graphics to meet our improved display requirements, but beyond that, improvements will be effortless.)
We’re excited to hear what you think about the changes. If you have feedback or questions, we hope you’ll reach out to us at ITSupport@sqlsaturday.com.
Director, PASS SQLSaturday
March 3, 2015 – Hello fellow SQL Community Members! It's been a great year for PASS and a banner year for SQLSaturday in particular! By the time you read this post, we will have announced our 100th SQLSaturday event for this fiscal year. By comparison, it took us 1,480 days to complete our first 100 events. Event 200 came 510 days later, followed by event 300 after another 572 days. Thanks to the global growth of PASS and SQLSaturday and the determination and passion of our community and our organizers, we hit this last benchmark in record time.
Take some time right now to give yourselves a well-deserved pat on the back. I'll wait...
Now that we've reached this milestone and as we look to the future of SQLSaturday, I think it's time to make a small change. This adjustment will help to provide a more environmentally sustainable program while enabling our individual organizers to buy promotional items that won't expire at the end of each year. Here's the plan: We're doing away with the numbering scheme that we've traditionally used for individual events. Instead, we're going to identify individual SQLSaturdays by the name of the city or region in which they are hosted. For example, the next time we produce a SQLSaturday in Kalamazoo, we'll call it just that – SQLSaturday Kalamazoo – rather than SQLSaturday Kalamazoo #501. Behind the scenes, we'll still use the same URL constructs and numbering (for internal purposes), but we'll market each event sans numbers. This means that we can re-use undistributed materials from year-to-year, and we can order in larger quantities for lower per-unit prices. This change allows for one of the things I love to preach about when I speak at SQLSaturdays: consistency.
I'm sure that some of you might have different ideas on the matter… perhaps ideas that lay somewhere between what I'm proposing and the status quo. The PASS Board of Directors really wants your input in the matter. We're planning on making this change mid-year, so if you want to make your voice heard, whether to let us know that you agree with the plan or to propose an alternative, reach out to the SQLSaturday Team at email@example.com, using the Subject line "SQLSaturday Renaming Plan."
I think the time has come for this minor marketing change, and I want to offer up full transparency. I have the privilege to help guide the program, but it's our amazing local organizers who continue to push us forward with such a successful program day in and day out! Please let us know here at the Board and PASS HQ what you think – and help shape the future of PASS and SQLSaturday.
– Tim Ford
PASS Director, SQLSaturday
Oct. 14, 2014 – Hello, PASS Community! It seems like it was just a couple months ago that we were meeting up for PASS Summit 2013 – I can’t believe it was actually a year ago. I’m looking forward to seeing you all again in person in Seattle next month.
As part of our Summit agenda, we always dedicate time to meet with our community organizers, including Chapter and Virtual Chapter Leaders, Regional Mentors, and SQLSaturday organizers. As Director of the SQLSaturday portfolio, I wanted to share some of what we’ll be discussing around SQLSaturday on Community Day at Summit, which is Tuesday, Nov. 4, as well as in the Community Zone throughout the week.
Kicking off the annual SQLSaturday Round Table will be a Q&A with the SQLSaturday leadership team, consisting of myself and our passionate Community Evangelists, Karla Landrum and Carmen Buchman. You can review the agenda here, and please bring all your questions and suggestions. We’re following up this year with some activities that go even further in supporting PASS’s mission statement:
Empower data professionals who leverage Microsoft technologies to connect, share, and learn
through networking, knowledge sharing, and peer-based learning.
We'll be hosting a new panel featuring some of our most experienced SQLSaturday organizers from around the world sharing their knowledge and tips and tricks for putting on successful events.
We’ll also be reviewing exciting updates to the SQLSaturday website, coming your way by the end of 2014. Working from your SQLSaturday website wish list – which we’ve cultivated over the past few years – as well as with a Community Focus Group, we’ve taken your feedback and ideas and put a great amount of time and consideration into building a more functional and modern web experience for SQLSaturday organizers and attendees alike. We can’t wait to show off the current version at Summit. You can find a list of all the wish list items that we’re integrating into the next SQLSaturday website here. We’ll also be emailing it along with a full Round Table meeting agenda to all SQLSaturday organizers for review in advance.
In addition, PASS Community Evangelists and SQLSaturday organizers from around the world will be available in the Community Zone Wednesday-Friday to answer all your questions – whether you’re looking for a SQLSaturday to attend or want to learn how to host one yourself. Check out the Community Zone Spotlight schedule to see when to stop by and meet with organizers from your area.
Our team is working hard to make these meetings as informational, transparent, and successful as possible, so we can quickly answer your questions, respond to any issues or concerns, and spend more time discussing how we can improve our future events. As owner of the SQLSaturday portfolio as well as a PASS Director-at-Large, I can’t wait to connect with all our passionate SQLSaturday organizers, volunteers, speakers, and attendees, share what we’re doing today to enhance everyone’s experience, and learn how we can better support SQLSaturday efforts around the world.
Don’t forget to wear your favorite SQLSaturday shirt Wednesday at Summit, and I’ll see you in Seattle!
– Tim Ford
PASS Director of SQLSaturday
March 7, 2014 – I wanted to thank everyone for all the great feedback we received on the PASS SQLSaturday goals. I know many of you are excited about the undertaking of the new SQLSaturday website.
There have been a few questions around open-sourcing the site that I’d like to address. Rebuilding the site – accessed by tens of thousands of SQL Server professionals a year – is a major IT project and needs to be undertaken in a controlled and concentrated environment. In concept, open-sourcing the site is an interesting idea, but in terms of execution, we’re simply not in a position to make that happen. The site will be created in the DNN environment in order to facilitate content management functionality for the 80+ volunteer organizers who put on events on a yearly basis.
We started the community feedback process back in the fall with roundtable discussions at PASS Summit and an open meeting with those who expressed interest in providing feedback. We are currently building out wireframes for the site and will share a prerecorded webinar in the next week or so for anyone interested in reviewing. In an effort to keep the feedback process as manageable as possible, we will set up a feedback site for a select group of representative SQLSaturday community individuals from around the world to help us shape this new and improved SQLSaturday website. If you are interested in putting your name forward to be part of this feedback group, please contact us via email with “SQLSat website feedback” in the subject line.
– Tim Ford
SQLSaturday Director, PASS Board