Just like what Cormac McCarthy meant when he said, ‘It isn’t what the horse can see that bothers him. He’s only worried by what he can’t see.’

And so it was the unseen of the saharasandals website that bit me in the ass. And what bothers me is that I should have caught it.

Let me explain.

We started the saharasandals website on etsy. We found their interface and tools very inflexible so we decided to move and create our own website from scratch.

I stayed out of the new website design and let my very capable grad student daughter pick the hosting site and do all the design work. And she did a great job.

Last November my daughter was overextended and I needed some changes made to the website so the work fell on me. I made a couple of small additions and in poking around I discovered that you had to request to the hosting entity for SSL.

Hmm. I knew SSL was a Layer 5/6 security protocol but that was about it as I am basically an OSI Layer 1-4 guy even though I have had lots of experience working with and testing things like security appliances.

Without going into a lot of detail, SSL – Secure Socket Layer – is what more or less puts the S into HTTPS and makes the whole channel (and transaction) secure. While I might have been cognizant of this in some abstract way (and knew it was important), I never hitched that proverbial wagon to our own endeavors other than to alert my daughter to contact the entities she had hosted with to get them to add SSL.

She sent them an email with the request and we both thought no more about it. And quite frankly, one would think that by the mere virtue of purchasing an eCommerce site that somehow the hosting entities understood the the importance of providing some levels of transactional securities.

It took a couple of months after the move to realize that sales had fallen. I should be embarrassed to say that I didn’t connect the dots. But I am not a sales guy. I am not a website guy. I am not an eCommerce guy. I am just a guy who likes leather and wants to make the best handmade sandals in the world.

But I am also the go to guy, the buck stops here guy, and I should have done my do diligence and tested the ordering mechanism. But I didn’t; after all we were still getting some sales.

Thankfully I got an email from an old client in Belgium last week who wanted to buy 3 more pair of sandals but said he couldn’t do it until our website was secure. He said that his browser reported that our website was not secure. Huh?

I found a tool onlineĀ  – https://www.whynopadlock.com – that allows you to test a website for security and ran it against our saharasandals website and sure enough, SSL was never enabled.

So the lessons to be learned here are: Lose the complacency and take ownership (even if it isn’t your core competency). And even though websites – for me – have always existed as some notional abstraction doesn’t excuse me from the fact that I have a personal knowledge as to how software has functional moving parts that can be tested.

PS – But somehow I still managed to obfuscate what I knew with the hoodoo-voodoo that the very nature of sales was mysterious (and who could understand it?).

Advertisements