Sunday, February 5, 2012

Celebrating Your Mistakes


Why You Should Celebrate Your Mistakes

Post written by Leo Babauta

When you make a mistake, big or small, cherish it like it’s the most precious thing in the world. Because in some ways, it is.

Most of us feel bad when we make mistakes, beat ourselves up about it, feel like failures, get mad at ourselves.

And that’s only natural: most of us have been taught from a young age that mistakes are bad, that we should try to avoid mistakes. We’ve been scolded when we make mistakes — at home, school and work. Maybe not always, but probably enough times to make feeling bad about mistakes an unconscious reaction.

Yet without mistakes, we could not learn or grow.

If you think about it that way, mistakes should be cherished and celebrated for being one of the most amazing things in the world: they make learning possible, they make growth and improvement possible.

By trial and error — trying things, making mistakes, and learning from those mistakes — we have figured out how to make electric light, to paint the ceiling of the Sistine Chapel, to fly.

Mistakes make walking possible for the smallest toddler, make speech possible, make works of genius possible.

Think about how we learn: we don’t just consume information about something and instantly know it or know how to do it. You don’t just read about painting, or writing, or computer programming, or baking, or playing the piano, and know how to do them right away.

Instead, you get information about something, from reading or from another person or from observing usually … then you construct a model in your mind … then you test it out by trying it in the real world … then you make mistakes … then you revise the model based on the results of your real-world experimentation … and repeat, making mistakes, learning from those mistakes, until you’ve pretty much learned how to do something.

That’s how we learn as babies and toddlers, and how we learn as adults. Trial and error, learning something new from each error.

Mistakes are how we learn to do something new — because if you succeed at something, it’s probably something you already knew how to do. You haven’t really grown much from that success — at most it’s the last step on your journey, not the whole journey. Most of the journey was made up of mistakes, if it’s a good journey.

So if you value learning, if you value growing and improving, then you should value mistakes. They are amazing things that make a world of brilliance possible.

Celebrate your mistakes. Cherish them. Smile.

Embracing change


In search of a timid trapeze artist

Good luck with that, there aren't any.

If you hesitate when leaping from rope to another, you're not going to last very long.

And this is at the heart of what makes innovation work in organizations, why industries die, and how painful it is to try to maintain the status quo while also participating in a revolution.

Gather up as much speed as you can, find a path and let go. You can't get to the next rope if you're still holding on to this one.

-Seth Goden

Friday, February 3, 2012

Linchpin Manifesto

Yes. Now. I am an artist. • I take initiative • I do the work, not the job. • Without critics, there is no art. • I am a Linchpin. I am not easily replaced. • If it’s never been done before, even better. • The work is personal, too important to phone in. • The lizard brain is powerless in the face of art. • I make it happen. Every day. • Every interaction is an opportunity to make a connection. • The past is gone. It has no power. The future depends on choices I make now. • I own the means of production—the system isn’t as important as my contribution to it. • I see the essential truth unclouded by worldview, and that truth drives my decisions. • I lean into the work, not away from it. Trivial work doesn’t require leaning. • Busywork is too easy. Rule-breaking works better and is worth the effort. • Energy is contagious. The more I put in, the more the world gives back. • It doesn’t matter if I’m always right. It matters that I’m always moving. • I raise the bar. I know yesterday’s innovation is today’s standard. • I will not be brainwashed into believing in the status quo. • Artists don’t care about credit. We care about change. • There is no resistance if I don’t allow it to defeat me. • I embrace a lack of structure to find a new path. • I am surprising. (And often surprised). • I donate energy and risk to the cause. • I turn charisma into leadership. • The work matters. • Go. Make something happen.

Thursday, February 2, 2012

PCI Compliance related to legacy environments

PCI


One of the biggest headaches that Information Security Officers face is dealing with compliance surrounding legacy computing environments. Modern system architectures contain more progressive and disseminated areas which fall into modularity design. This makes it easier to "separate" modules from one another so data transfer and process communication do not become part of a QSA's scope.

Due to numerous co-mingled factors related to software modules on legacy platforms, the separation strategy is sometimes impossible. Legacy development processes and infrastructure tended to keep everything "on one box." For example, an IBM midrange AS/400 system containing two decades of homegrown RPG code with minimal COTS investment can only partially subscribe to the concept of separation. If a QSA does not believe there are adequate access controls in place (kind mind, many legacy systems were developed before many standard information security and audit/control objectives were published), they may start placing other parts of the system in scope which have nothing to do with payment card data, yet just by being in the "flow path" of data they are automatically included. Finding mitigating controls can even be more difficult to remove these from the QSA's "scope rope", as many IAM (identity & access management) tools do not operate well in environments with hundreds of custom created applications.

Breaking out and fully separating the credit card processing functions from legacy systems is typically the best answer. Many merchant banks now support the concept of tokenization and building or using an MSP (managed service provider) for payment gateway services is a great way to accomplish fast time to market and shifting of liability. Cost savings from an ROI perspective can be found from the removal of operational duties spent in supporting payment card services in legacy environments along with a reduction in maintenance and encryption services and/or software.