Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Tuesday, September 8, 2009
"Anonymous" data
Just one more reason to be very careful about what information you put on the internet. Most people think gender, zip code and birthdate won't give much away. Most people are wrong.
Wednesday, July 15, 2009
Clouds can be Dangerous
Agree or not with TechCrunch's decision to publish some data from some Twitter documents they received, I think the most important thing to note is what they say about using gmail and other cloud services
"It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question. It’s not our fault that Twitter stored all of these documents and sensitive information in the cloud and had easy-to-guess passwords and recovery questions. We’ve been sitting in the office for eight hours now debating what the right thing to do is in this situation. We’ve spoken with our lawyers. We’ve spoken with Twitter. And we’ve heard what our readers have to say. All of that factors in to our decision on what to post or not to post."
I have been wondering how many people will need to get burned and to what degree before they start taking this sort of thing seriously. Given that Google's entire business model is selling targeted advertising, they have an incentive to collect as much data about you as possible. You would think for this reason alone people would be wary of dumping too much stuff into Google's hands. The annoyance factor would get to be outrageous, I would think. That's not even considering that Google has to be a HUGE target for any sort of cracker that wants to track down any kind of information. I'm sure they do their very best to keep everything as locked down as possible, but it's really hard to compromise the information if it isn't there to be compromised in the first place.
"It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question. It’s not our fault that Twitter stored all of these documents and sensitive information in the cloud and had easy-to-guess passwords and recovery questions. We’ve been sitting in the office for eight hours now debating what the right thing to do is in this situation. We’ve spoken with our lawyers. We’ve spoken with Twitter. And we’ve heard what our readers have to say. All of that factors in to our decision on what to post or not to post."
I have been wondering how many people will need to get burned and to what degree before they start taking this sort of thing seriously. Given that Google's entire business model is selling targeted advertising, they have an incentive to collect as much data about you as possible. You would think for this reason alone people would be wary of dumping too much stuff into Google's hands. The annoyance factor would get to be outrageous, I would think. That's not even considering that Google has to be a HUGE target for any sort of cracker that wants to track down any kind of information. I'm sure they do their very best to keep everything as locked down as possible, but it's really hard to compromise the information if it isn't there to be compromised in the first place.
Sunday, May 10, 2009
Thank you Microsoft
Look, a lot of us in this industry bash Microsoft and in many cases rightfully so. But this weekend I was doing some work for a friend who has a client that has a site running IIS, SQL Server and PHP. I did the prototype of what I'm working on in PHP and mySQL on my laptop and then had to port the database layer over to SQL Server. This app is far from rocket science, so I wasn't worried in the least about doing the first version against mySQL. So I downloaded SQL Server, installed it on my laptop after hitting many Next> buttons, updated my code to use the standard mssql module that comes with PHP and then started testing. That's when the problems started. I did the usual googling and came up with somethings I had forgotten to do on the install, like enable TCP/IP in the Configuration Manager and other assorted bookkeeping stuff. But after that and getting other clients to connect successfully, the PHP app kept having issues connecting, never mind doing any actual work. I had done a ton of research, tried everything I found and then some, and finally gave up trying to use the standard PHP module.
Since in my regular job I work almost exclusively with Microsoft technology, I am mostly up to date on what they do. I know as of late they've been doing some work to help support a lot of web and open source technology out there. So I was wondering if maybe, just maybe, then had a PHP client. They have a database client for java, after all. So I figured what the hell and found the SQL Server driver for PHP 1.0. After downloading the file, I think it was just over an hour from extracting the files to the PHP extensions directory until I had a working version on SQL Server. I've had somewhat similar experiences lately with flickr and facebook tools found on codeplex.
The one thing that made this very painless is everything I needed to get this installed and configured was all in one place. The help file was actually helpful and told me what I needed to know to get things going. I didn't have ot hit half a dozen websites in order to figure out I needed to have the SQL Server 2005 native client driver installed. It just told me. Granted it was annoying to have to uninstall the 2008 driver and download and install the 2005 driver, but given a co-workers recent experiences with setting up ubercart, this was completely painless. He spent HOURS going from site to site, getting modules, downloading updates, installing dependencies when the modules he installed didn't come with everything he needed, etc. I'm glad it wasn't me. I probably would have given up. Personally I find this the most frustrating part about the open source community. I don't understand how projects like this gain the traction they do. They're hard to set up and hard to keep updated because in many ways these things are like a house of cards. I use some open source tools (python being by far my favorite) but, by and large, I find the lack of good documentation (by good I mean useful. I've found a LOT of documentation on most things, but generally it isn't worth the electrons spent rendering them on my screen) to be a HUGE hurdle to overcome. There is no reason I should have to spend hours and hours searching for documentation that still doesn't fix the problem. In general the open source community doesn't understand why people don't use their products more. How can they keep flocking to "Micro$oft Windoze" and their other schlock when there are cheaper and superior alternatives available???? Well, I think documentation is about 70% of the answer to that question. And the usual response is that open source projects are, in a lot of cases, done by people for free in their spare time and, let's face it, I do not know a single developer that likes writing documentation that is for end users. Well, if you don't like doing that, people aren't going to be able to use your product, no matter how superior it might be in a technological sense.
So I wanted to take a minute to say thank you to the people at Microsoft for putting these types of tools together and for the community that surrounds CodePlex and other similar sites. As a company that is generally viewed as closed and being competitive to a fault, it is nice to see that this is pretty much a caricature of the organization. They obviously have their issues, but I think they are really beginning to realize that if they are ultimately going to not only survive, but thrive, that they need to embrace and support a lot of the other good work going on out there. There are, of course, plenty of selfish reasons to do this, but there are just as many reasons not to do this and it is probably easier not to.
In general I think this is starting to be a return to what made Microsoft the dominant software company on the planet. When office and Windows were first born, they had a LOT of competition and, as others have pointed out, one of the things that made Microsoft software good back in the day is that they went to great lengths to interoperate with other software out there. Excel worked well with Lotus files and Word was able to read and write WordPerfect files, for example. Not to mention DOS and Windows being able to run on a wide assortment of machines. Maybe not well all the time, but well enough.
Since in my regular job I work almost exclusively with Microsoft technology, I am mostly up to date on what they do. I know as of late they've been doing some work to help support a lot of web and open source technology out there. So I was wondering if maybe, just maybe, then had a PHP client. They have a database client for java, after all. So I figured what the hell and found the SQL Server driver for PHP 1.0. After downloading the file, I think it was just over an hour from extracting the files to the PHP extensions directory until I had a working version on SQL Server. I've had somewhat similar experiences lately with flickr and facebook tools found on codeplex.
The one thing that made this very painless is everything I needed to get this installed and configured was all in one place. The help file was actually helpful and told me what I needed to know to get things going. I didn't have ot hit half a dozen websites in order to figure out I needed to have the SQL Server 2005 native client driver installed. It just told me. Granted it was annoying to have to uninstall the 2008 driver and download and install the 2005 driver, but given a co-workers recent experiences with setting up ubercart, this was completely painless. He spent HOURS going from site to site, getting modules, downloading updates, installing dependencies when the modules he installed didn't come with everything he needed, etc. I'm glad it wasn't me. I probably would have given up. Personally I find this the most frustrating part about the open source community. I don't understand how projects like this gain the traction they do. They're hard to set up and hard to keep updated because in many ways these things are like a house of cards. I use some open source tools (python being by far my favorite) but, by and large, I find the lack of good documentation (by good I mean useful. I've found a LOT of documentation on most things, but generally it isn't worth the electrons spent rendering them on my screen) to be a HUGE hurdle to overcome. There is no reason I should have to spend hours and hours searching for documentation that still doesn't fix the problem. In general the open source community doesn't understand why people don't use their products more. How can they keep flocking to "Micro$oft Windoze" and their other schlock when there are cheaper and superior alternatives available???? Well, I think documentation is about 70% of the answer to that question. And the usual response is that open source projects are, in a lot of cases, done by people for free in their spare time and, let's face it, I do not know a single developer that likes writing documentation that is for end users. Well, if you don't like doing that, people aren't going to be able to use your product, no matter how superior it might be in a technological sense.
So I wanted to take a minute to say thank you to the people at Microsoft for putting these types of tools together and for the community that surrounds CodePlex and other similar sites. As a company that is generally viewed as closed and being competitive to a fault, it is nice to see that this is pretty much a caricature of the organization. They obviously have their issues, but I think they are really beginning to realize that if they are ultimately going to not only survive, but thrive, that they need to embrace and support a lot of the other good work going on out there. There are, of course, plenty of selfish reasons to do this, but there are just as many reasons not to do this and it is probably easier not to.
In general I think this is starting to be a return to what made Microsoft the dominant software company on the planet. When office and Windows were first born, they had a LOT of competition and, as others have pointed out, one of the things that made Microsoft software good back in the day is that they went to great lengths to interoperate with other software out there. Excel worked well with Lotus files and Word was able to read and write WordPerfect files, for example. Not to mention DOS and Windows being able to run on a wide assortment of machines. Maybe not well all the time, but well enough.
Subscribe to:
Posts (Atom)