As per my blog post on April 9 regarding the SQLSaturday website, the good news is that we’re back online. So far, feedback on the site has been overwhelmingly positive.
I first want to thank everyone for their patience last week: the organizers and sponsors who couldn’t access the site during the downtime, as well as the community members who have been waiting to hear what happened. As with any issue like this, our main priority was to rectify the situation. Therefore, we felt it best to wait until the site relaunched and all security vulnerabilities were fixed before sharing more specific details.
But of course, full transparency is important to us and to you. Now that we’re up and running again, here is the timeline of events that occurred over the past week:
- • On Monday, April 6, we were alerted to a potential security vulnerability that exposed the contact information (address, city, region, and twitter handle) of some sponsors. We immediately removed this information and decided to take down the entire sponsor page for further testing. The security of information regarding our community and sponsors is of the utmost importance to us, so we wanted to conduct a thorough review of the entire website, not just that specific issue.
- • By Monday night, we had decided to take the entire SQLSaturday site offline. We chose this option, rather than a rollback, because at the time, we estimated a rollback effort to be more time-consuming than simply taking the site offline and implementing the fix. In addition, we didn’t want to risk losing any new or changed data. We were able to minimize impact as best we could for the upcoming SQLSaturday events over the weekend of the 11th and 12th by providing access to the admin sites for the Huntington Beach and Madison SQLSaturday events.
- • The morning of Tuesday, April 7, we decided to ask community members for testing support. Our community comprises some of the best and brightest minds in the industry and it made sense to involve the users of the site in further testing.
- • The patch was completed by Tuesday night, making the site ready for testing by volunteers on Wednesday.
- • During the testing on Wednesday, April 8, a second potential vulnerability—an HTML injection vulnerability—was identified. Because of the seriousness of this potential issue, we decided Wednesday afternoon to keep the site offline for another day so that we could thoroughly research and correct the issue and complete final testing. As we began delving into the issue, we discovered that it also existed in the old site. So again, a rollback was not an option.
- • The problem was fixed late Wednesday night.
- • On Thursday, April 9, PASS IT and community-member testing was complete.
- • Satisfied with the security and usability of the site, we relaunched Thursday at 9:30pm EST.
PASS apologizes for this outage and for the difficulties it created for the SQLSaturday organizers, sponsors, speakers, and attendees. We thank those who provided feedback on the issues and the volunteers who stepped in to help test the solutions, particularly K. Brian Kelley (blog | @kbriankelley), Denny Cherry (blog | @mrdenny), and Argenis Fernandez (blog | @DBArgenis). To help prevent a similar issue in the future, we are looking at more extensive QA processes with a specific focus on ensuring site security. Although I believe we made the best possible decisions along this timeline, we will certainly take a different approach to future site revisions, including but not limited to earlier and wider security-based and functional testing by our volunteer experts and progressive change schedules.
Again, thank you for your patience. If you have any further feedback or questions, please email us at email@example.com.
PASS Board of Directors
As many of you may be aware, this week PASS launched the new SQLSaturday website.
Shortly after launching the site we were notified of a security vulnerability which meant that sponsor’s contact details (company or individual name, twitter handle, address, and zip/postal code) were all visible. The intention of this information being available was to streamline the process for sponsors to sign up for an event without having to re-enter their details each time. However, given some of our Sponsors use their home address as contact information there were concerns at having this information publicly available on the site. This information was immediately taken down and out of an abundance of caution we also made the decision to conduct a full assessment to ensure no other issues existed.
This afternoon after rigorous testing by PASS IT and volunteers from the community we are pleased to announce the site is live again.
Further detail on the actions and decisions surrounding this event will be made available in the coming days.
We thank you for your continued patience and understanding throughout this time and look forward to providing an enhanced experience for event organizers, attendees, speakers and sponsors of SQLSaturdays with the new site going forward. Again we would like to thank everyone who was involved in the vision, planning, feedback and testing of the site.
- Tim Ford
PASS Director, SQLSaturdays
April 8, 2015 – At this month’s PASS Board of Directors meeting, held March 12, the discussions revolved primarily around PASS Summit 2015 and the PASS Business Analytics Conference 2015, which will be held in Santa Clara, CA in just a few weeks. We also discussed budgets and initiatives for our chapters, including Virtual Chapters. Read on for the basics of the March meeting.
Business Analytics and the PASS Community Vision
The Board heard about and discussed various logistics of the upcoming PASS Business Analytics Conference, which happens April 20–22. As you might expect, hosting a major event entails a multitude of tasks and details, from speaker and abstract evaluation, scheduling, lodging and venue choices, sales, feedback, and so on. As such events draw closer, the Board and other PASS personnel focus even more closely on ensuring that everything is in place to deliver a stellar experience for attendees and speakers alike.
In addition, Denise McInerney, PASS Vice President of Marketing and SQL Server MVP, emphasized that this conference is a pivotal piece in PASS’s vision to support the entire data community, including data analysts and Excel users, as it navigates new developments and constant changes in technology, tools, and strategies. Denise gave the Board an overview of her recent interview with Excel TV, in which she discussed the role of Excel in the conference as well as her own journey as a data professional. We all acknowledged the importance of communicating PASS’s vision and the opportunities that it presents to the data community via all the means at our disposal, be it through conferences, chapter or online events, or social media.
Chapters and Virtual Chapters
Next, Director of PASS Global Chapters Grant Fritchey gave the Board an update on PASS’s chapters and virtual chapters. A pre-approval for the FY2016 budget funds earmarked for the chapter and virtual chapter referral program and complimentary registrations was voted on, and approved. Referral program details and complimentary codes have now been sent to Chapters and will be sent to Virtual Chapter leaders within the week. If you haven’t received yours by EOD Friday April 10, please reach out to Carmen.Buchmann@sqlpass.org or Elizabeth.Jeffs@sqlpass.org.
Summit Abstract Evaluation Review
Lastly, Amy Lewis, Director of PASS Programs, gave us an overview of the new abstract-evaluation service that PASS made available for Summit 2015 submissions. We looked at feedback from the committee regarding how many abstracts were reviewed, the average time spent on each, and the strengths and challenges of the process. We discussed the possibilities of offering the service again for Summit 2016. We also applauded the efforts and commitment of the review committee as we head into speaker and session selection.
We’ll check in again next month with a recap of our April meeting. In the meantime, remember, the Board is always interested in hearing your questions, comments, and ideas.
– Thomas LaRock
April 6, 2015--Over the past few weeks, we’ve been alerting people to something exciting: our new SQLSaturday website redesign. It’s now faster and easier than ever to manage, speak at, sponsor, or attend a SQLSaturday event! After a great deal of effort by our staff and community volunteers for months (years, actually) the update is finally here—we hope you’ll stop by and take a look! The redesign will significantly improve the SQLSaturday experience for attendees, speakers, and event and chapter leaders.
For starters, the new site makes it easier than ever to manage your SQLSaturday event or your Speaker Profile. One of the changes we’ve made is to tie in PASS accounts, so that leaders and speakers don’t need to juggle multiple account logins.
Speakers now have a universal Speaker Profile that is associated with their PASS accounts and can be applied across events. This change and others make it easier for speakers to manage and track abstract submissions, upload presentations, and get feedback about their sessions.
If you’re an event leader, you can now use your PASS account to access the Admin site—which has also received a facelift. The site features a cleaner, easier-to-use dashboard that will help to simplify the process of managing an event, including allowing you to associate an event with a chapter.
We’ve also improved the Session Management UI, which now supports a wider variety of session lengths as well as color-coding of tracks and rooms. Plus, you can add keynotes, rest breaks, and raffle draws as non-session items.
SQLSaturday attendees will benefit from the mobile-friendly redesign as well. Use your PASS account to manage your registrations, download SpeedPASS, pay for lunches, and deliver event feedback.
Sponsorship is an even more winning proposition, with a new slider and improved sign-up form that saves sponsors time and effort. (Sponsors will need to complete a one-time upload of new logo graphics to meet our improved display requirements, but beyond that, improvements will be effortless.)
We’re excited to hear what you think about the changes. If you have feedback or questions, we hope you’ll reach out to us at ITSupport@sqlsaturday.com.
Director, PASS SQLSaturday