Several times, we have highlighted OrcsWeb's PCI Compliance Security Services, in addition to the fact that we can provide a PCI Compliant Hosting solution on either our Windows Cloud Server hosting or our Windows dedicated server hosting options. Today I came across a great resource with many frequently asked questions and PCI Compliance myths.

Below I have highlighted five of the myths I believe to be most common for ecommerce merchants. You can click here to view the others.

Myth: I’m a small merchant who only takes a handful of cards, so I don’t need PCI Compliance.
Fact: This is a common misunderstanding with the standard, that small merchants handling only one or a few credit cards a year are exempt from compliance. If you are a merchant and are set up to take credit cards by any mechanism - then you need to be PCI compliant.

Myth: I can wait until my business grows.
Fact: The PCI standard applies to all sizes of business and waiting could be costly. Should you be compromised and not be PCI compliant, the fines and the compensation requirements by the banks (it typically costs between $50 and $90 to replace one card) could be substantial.

Myth: I can wait until my bank asks me to be PCI compliant.
Fact: The dates for merchants to be PCI compliant are long gone. You are responsible for making sure you are in compliance with PCI DSS. Waiting until the bank asks you could be very costly indeed.

Myth: One vendor and product will make us compliant.
Fact: Many vendors offer an array of software and services for PCI compliance. No single vendor or product, however, fully addresses all 12 requirements of PCI DSS. When marketing focuses on one product’s capabilities and excludes positioning these with other requirements of PCI DSS, the resulting perception of a ‘silver bullet’ might lead some to believe that the point product provides ‘compliance,’ when it’s really implementing just one or a few pieces of the standard. The PCI Security Standards Council urges merchants and processors to avoid focusing on point products for PCI security and compliance. Instead of relying on a single product or vendor, you should implement a holistic security strategy that focuses on the ‘big picture’ related to the intent of PCI DSS requirements.

Myth: Outsourcing card processing makes us compliant.
Fact: Outsourcing simplifies payment card processing but does not provide automatic compliance. Don’t forget to address policies and procedures for cardholder transactions and data processing. Your business must protect cardholder data when you receive it, and process charge backs and refunds. You must also ensure that providers’ applications and card payment terminals comply with respective PCI standards and do not store sensitive cardholder data. You should request a certificate of compliance annually from providers.

Looking for additional information? Check out the PCI Compliance Guide for a comprehensive look into all you need to know. As part of your requirements in achieving compliance, PCI compliant hosting is a crucial part. If you would like more information about OrcsWeb’s PCI Compliant Hosting solutions, give us a call at 1-888-313-9421, or email us at sales@orcsweb.com

I think one of the biggest issue people run into when switching to or running Mac OS X is that things are just not named the same as they are on Windows based computers and programs. With such a high user rate of Windows many vendors that you will deal with on a day to day bases use terminology that does not match up to what the Mac OS X users are seeing.

One of these is "SMTP Authentication". This is used by most ISPs and e-mail hosters to force the mail server to require the username\password combination before it will send mail. It will generally allow you to send mail to the same domain name even when it is not working, but will fail when you try to send to any other domain name. 

The issue for Mac OS X users that are using the built in Mail for e-mail services, is there is no setting called "SMTP Authentication" or "Require SMTP Authentication" like you would see in Microsoft Outlook or Outlook Express. This setting is what most ISPs and e-mail hosters will tell you to look for, and you may be stumped when you are unable to find it.

Like so many other features between Mac OS X and Windows the same ability really is there, it is just laid out differently.  Assuming that your mail provider is using basic password authentication, to turn on SMTP authentication for your Mail account you will need to following these steps:

1. Open Mail.
2. From the Mail menu, choose Preferences.
3. Click the Accounts icon.
4. Click the arrow box on the Outgoing Mail Server (SMTP) pop-up list and choose Add Server.
5. In the Outgoing Mail Server field, type in your mail providers SMTP server address (e.g., mail.orcsweb.com).
6. Click the arrow box on the Authentication pop-up list and choose Password.
7. In the User Name field, type your full email address or username.
8. In the Password field, type your e-mail password.
9. Click the OK button.
10. Close the Accounts window.
11. Click the Save button.

Step 6 is the one to really pay attention to. There is where you are actually turning on SMTP authentication. Now you know when someone says to turn on SMTP authentication, and you are using Mail on Mac OS X, where to go and turn that on.

As you may have learned from my post yesterday, I have recently taken the plunge into life on Mac OS X. With this came setting up Microsoft Office:mac Entourage 2004 to work with our Exchange 2007 server. I fought with this for quite some time until browsing over to Rob Baugh's blog post where the answers where held! Thank you Rob!

Once getting this to work, I have been quite happy with how well it has performed. Keep in mind that my laptop is running Mac OS X with Entourage, but I still run Windows Vista with Outlook 2007 on my desktop and my phone has Windows Mobile Smartphone Edition. I am able to keep all three of these synced up as well as OWA with no problem. My Contacts, Calendar and Email all just show up on each.

There are a few features that are missing such as access to server side rules (although they still work great) and server side categories. If you are Mac OS X only, you would hardly notice, but for me I just set my categories sometime when I am using Outlook 2007. I am excited with the next version of Entourage, but for now I am quite pleased.

Recently I have become a bit of the technology "black sheep" at ORCS Web with my move to a Black MacBook. Due to some internally written software, I was originally required to run Windows Vista on it just about full time (could have run XP, but chose Vista). With my recent move out of the webteam, I've moved fully over to Mac OS X--as this software is no longer needed.

I've made the move to Mac OS X not because I am a "Mac head" and will fight to the death that it is a superior operating system, but for a couple of other reasons. The first reason being that it just runs better then Windows does on my MacBook. I get better battery life and it does not get as hot. This of course is understandable, as it was not made to run Vista nor was Vista made to run on the MacBook--but it was pretty sweet seeing how well it worked. The second reason that I have made this jump is to just learn a new set of tools, a new OS, and a new perspective.

Just this past weekend I started writing my first Mac OS X based program. On the Windows side of things I have been programming\scripting in VB Script and C and then VB.NET and most recently made the move over to writing all my programs (more like "gadgets") in C#. Of course both VB.NET and C# have been from Visual Studio 2005 (and a bit in 2008 beta versions). My first program on the Mac was a tutorial from Apple on Cocoa (Apple's Objective-C based programming environment) using Xcode and Interface Builder. It was truly a beginners tutorial and very step by step, but I learned the fundamentals of programming on the Mac. It was a pleasant experience once I knew what tools to use where. I was not use to having one program for the UI and another for the back-end (although they are highly integrated) but was impressed with Interface Builder.

This has taken my "learning a new platform" to the next level, and I believe will make me better at all things I do--computer-wise anyway.  Along with learning this new platform and set of tools requires you to learn how to make the two worlds "play nice" with each other. One of the key things for me at ORCS Web is connecting to our Windows based (all of them are) servers. The great Mac Business Unit over at Microsoft just released to us the Microsoft Remote Desktop Connection Client for Mac 2.0 (Beta). It has some enhancements over the old Remote Desktop Connection that you can see from the download page. You are supposed to be able to run multiple connections now, although I have not yet figured out how.

The Mac Business Unit there at Microsoft is supposed to be releasing a new version of the Office for Mac sometime in the near future. While they seem to be very tight lipped about when and what it will consist of, I know I will be a happy camper when they are released.
 

The most recent version of the ASP.NET AJAX Control Toolkit came with a new control called SlideShow. This is a nifty little control that extends the ASP.NET image control into an AJAX slideshow. It uses a web service call to retreive the images of the slideshow. This web service call just returns an array of "AjaxControlToolkit.Slide".

So in the example that comes with the toolkit, there are four or five hard coded images in the array. This really is not very useful in a real life scenario. Most of the time if you are displaying a slideshow, these images will need to be filled dynamically either through a database, or my flavor of choice, from the file system.

What I wanted to be able to do was just add an image to my assigned photos directory, and have it automatically show up in my slideshow. No admin section, no file uploader, and no database.

To do this I create a class called 'PhotoGallery' with a public shared function called 'GetSlides'. GetSlides returns as an array of "AjaxControlToolkit.Slide". This function goes out to my file system, returns all the files in the given directory, and adds them to the array. It really is that simple.

I am sure there is a bit simplier way to do this, as far as the array. You can download my VB.NET class below.

[ DOWNLOAD CODE ]

I have just recently started using PowerShell. While this blog will not be where you want to go to learn PowerShell, as I pick up little pearls here and there, I will try to share them with small samples and quick PowerShell scripts. I am no PowerShell expert, so if you find any errors, please let me know. 

Today's Pearl: 

If you are returning a set of results and you want to filter those results by text contained in one of the fields there are two ways I found you can do this. The first is using a Field.Contains(“search text”) –eq “true” and the other (thanks Scott) is doing a Field –match “search text”. 

So if you wanted to see all of the System Event logs that have cmd.exe is the message you could get this using either of these methods: 

Get-EventLog system | where { $_.Message.Contains("cmd.exe") -eq "true" }

or…

Get-EventLog system | where { $_.Message -match "cmd.exe" }

Either of these can be used in the negative form just as easily:

Get-EventLog system | where { $_.Message.Contains("cmd.exe") -eq "false" }

Get-EventLog system | where { $_.Message -notmatch "cmd.exe" }

That’s it! The –match and –notmatch are probably the easier of the two to use, although I am sure there is a reason for each of them that I am not aware of. Hopefully things like this will come to be part of my knowledge as I know more.

Update:

Okay, I just learned that -match and -nomatch are regular expression comparison operators. Another set comparison operators you could use are -like and -notlike. These are the wildcard comparison operators. It could be used like so:

Get-EventLog system | where { $_.Message -like "*cmd.exe*" }

Very cool post today at nikhilk.net about using Script# to be able to author sidebar gadgets in C#. Check it out:

http://www.nikhilk.net/Entry.aspx?id=153

It is finally here. The official release of ASP.NET AJAX 1.0.

http://ajax.asp.net

Update: As always, ScottGu has some great information about this release on his blog.

If you are trying to embed Flash video files (.FLV) into your Flash site, you may be wondering how to get those .FLV files to play. You will need to make sure to add the mime type for the .FLV (video/x-flv). If you do not do this, you will receive an "inaccessible file" error.

In today’s search driven world most every website owner is aware of the major search engine and even tries to modify its contents to have a higher ranking on a particular search engine.

How the major search engines are able to search through millions of documents on the internet is that they have automated programs that browse the internet day and night grabbing your pages, images, and files and storing them back at their datacenters. These automated programs are often known as robots (also know as crawlers or spiders).

These robots are good and make the internet a better place. By allowing them to get to your site you might be opening a door for hundreds or thousands of people to find your website that might not have had any other way to find you. One issue we run into with robots though is that they get everything that they have access to, and if we don’t take special measures that might be most everything on your websites. Search engines need the core content on your site, but they don’t usually need all of your images or other documents that have no need to show up in a search engine. Another disadvantage to the spiders hitting sections of your site they don't need is it can clog up your log files making them larger than necessary and difficult to parse.

Here’s where the robots.txt file comes in. A majority of the robots first look for a text file called robots.txt in your site's root directory before browsing your website. This file tells the robot where it is allowed to go and where it is not. With just a few examples you should be able to write a robots.txt file to meet your needs.

The first thing we have to do is tell which robot we are talking to. Each robot has a name defined as a user-agent. A list of robots can be found here at www.robotstxt.org. After defining the robot we are talking to we will give it some rules.

If we have a website with “images”, “scripts”, and “about” directories and we didn’t want Google to browse the “images” or “script” directory but still browse the “about” directory our robots.txt might look like this:

      User-agent: Googlebot
      Disallow: /images
      Disallow: /scripts

If we want to block all search engines from these directories we will use an asterisk (*) as a wildcard. We may also want just Google to be able to browse our images so they show up in the Google images search (this can keep the thousands of small unknown robots from using our bandwidth by still allowing access where needed). Our robots.txt might look something like this:

      User-agent: *
      Disallow: /images
      Disallow: /scripts

      User-agent: Googlebot
      Allow: /images

Another common scenario would be if you have a rogue robot that you don't care to browse your site at all but you still want to block your “images” and “script” directories from all other robots. Your robots.txt would look something like this:

      User-agent: e-collector
      Disallow: /

      User-agent: *
      Disallow: /images
      Disallow: /scripts

Robots.txt really is that simple. If you know what you want to block, allow, and the user-agent for the robots that you want to guide around your site you are good to go. One of the great things is that since it is just simple text and all sites needs all robots to be able to read it, you can take a look at the robots.txt for any site that has one. Some fun ones to look at are:

          http://www.microsoft.com/robots.txt
          http://myspace.com/robots.txt
          http://www.cnet.com/robots.txt
          http://google.com/robots.txt
          http://asp.net/robots.txt

Try it for yourself. Go to your favorite website and then go to /robots.txt and see what their robots.txt looks like.

It is important to realize that not all spiders will obey the commands, it is just an industry standard recommendation. Do not concider your robots.txt file to be bulletproof. Scott Forsyth says, "It will be obeyed if they want to obey it."

There are some other options for the robots.txt but these are your most common scenarios. More information can be found by going to your favorite search engine and searching for “robots.txt” (or start here: http://www.robotstxt.org/wc/robots.html).