Help Me to Help You

Dr. Gary Chapman’s book, “The Five Love Languages,” is a well-known tome on five ways that humans tend to express and experience love for one another. Of the five, one is “Acts of Service.” That is, doing things for other people. As it is in life and relationships, so it is in business. Often, helping others through actions can provide benefits not only for the recipient, but also for the helper.

Continue reading
Tags:

When It Comes To Equality, I'm Just Selfish

I’m going to start off with a story, which, I promise, is relevant. I am a proponent of marriage equality. I can be flippant about it and note that I feel that everyone should get to experience the pain of marriage, but that’s not fair to my wife, who is one of the greatest people I know. I actually have my reasons for being in favor, which I will get to shortly. But first the story.

Continue reading

He Knows, You Know...

Donald Rumsfeld was the United States Secretary of Defense from 2001 to 2006 under President Bush. He is known for many things, but will always be remembered for his statement of an old truism, as quoted -

Continue reading

It's been 25 years, I guess I can come clean

By now you're aware that there's yet another security bug, this time in "bash," a "shell" used on many servers. For the non-geeks, the gist of the issue is that a very common and absolutely necessary part of the operating system could, in some reasonable circumstances, allow a malicious user to run any code they want on a server to which they should not have access. This is, of course, a bad thing. The bug, now identified, has been fixed and system operators are rushing to patch their systems with newer versions that don't exhibit the flaw.

It's been over 25 years, so I think I can come clean. I knew of such a bug when I was in college that gave me 100% read access to any file on any system. I couldn't modify them, and this bug didn't let me execute arbitrary code, but if I noticed that you had a file in your home directory called "ChrisIsADoodyHead.txt," I could read it. Even if it was in a closed-off directory and locked down, itself. While I never had a need to, I could have looked at all of your code for the computer science class we shared and cheat on my homework. And I mean every file on the file system.

I could read all of your email.

After about a year, the bug was discovered, and I was actually beta testing a version of UNIX (SCO - remember SCO?) that had it and I reported it. It took about another year to move through production and be deployed. Remember, these were the days before automatic patching. Most installs were done from a stack of floppy disks and new versions came out yearly. Maybe quarterly, at best.

The point I'm making is twofold. First, these bugs are everywhere and will always be around. Don't be shocked when they're reported. They happen, they get fixed, and the next one comes along. You're going to get burned by them. And yes, evil douchebags are going to exploit them to, say, illegally download nude pictures of celebrities. There's no victim-blaming when I say that you should acknowledge this reality and do what you can to protect yourself.

And my second point, which is the takeaway here, and the reason I've "come clean" after 25 years to make the point: These bugs are in the wild and known right now. Please stop and think about that. Someone, somewhere, is almost surely reading or copying your stuff if it's online. These bugs don't live in obscurity until someone discovers them and immediately fixes them. Someone finds them and uses them for years until someone else discovers them in a more public way. Remember the speculation and then confirmation that the NSA was exploiting a bug for years before it was ever discovered in public? You don't need to take my word for this.

And please don't shoot the messenger.

Full disclosure: I never shared this bug with anyone else in college as far as I remember. I never found anything illegal, and only once found something that, if disclosed, could have caused problems (someone was cheating something seriously in a number of classes). I never said anything. I honestly can't remember ever seeing anything on anyone that was even remotely bad. Email, back then, also was only something shared among geeks, for the most part. There was pretty-much no private social online usage. I mostly poked around administrative stuff. This being a time before digital photography, I never even saw any nude selfies :-) Some people may not believe this disclosure, and I'm okay with that.

The move to SSL

Some of you (okay, two of you) may have noticed that this blog is now 100% on SSL. If you try to get to any page here normally, you will find that you're redirected to the HTTPS version of the page.

No, this doesn't mean I'll be adding e-commerce any time soon (well, if the logo that my incredibly talented friend Shawn is working on for me is a hit, maybe I'll offer t-shirts :-)). What it means is that web sites being secure simply as a matter of course resonates with me. There's no compelling reason for this site to be SSL, but there's no reason not to.

And with Google's announcement that SSL sites will get more search engine love, there's a benefit. Google's plan is clear - offer some value for web site owners to go SSL and it will become more comfortable for everyone. Enacting social and technical change through positive reinforcement. I can get behind that.

Changing to HTTPS means a lot of the previous likes and shares won't track, but that's okay. With good change sometimes comes a little pain.