Donald Rumsfeld was the United States Secretary of Defense from 2001 to 2006 under President Bush. He is known for many things, but will always be remembered for his statement of an old truism, as quoted -
© 2014, Christopher Ambler
By now you're aware that there's yet another security bug, this time in "bash," a "shell" used on many servers. For the non-geeks, the gist of the issue is that a very common and absolutely necessary part of the operating system could, in some reasonable circumstances, allow a malicious user to run any code they want on a server to which they should not have access. This is, of course, a bad thing. The bug, now identified, has been fixed and system operators are rushing to patch their systems with newer versions that don't exhibit the flaw.
It's been over 25 years, so I think I can come clean. I knew of such a bug when I was in college that gave me 100% read access to any file on any system. I couldn't modify them, and this bug didn't let me execute arbitrary code, but if I noticed that you had a file in your home directory called "ChrisIsADoodyHead.txt," I could read it. Even if it was in a closed-off directory and locked down, itself. While I never had a need to, I could have looked at all of your code for the computer science class we shared and cheat on my homework. And I mean every file on the file system.
I could read all of your email.
After about a year, the bug was discovered, and I was actually beta testing a version of UNIX (SCO - remember SCO?) that had it and I reported it. It took about another year to move through production and be deployed. Remember, these were the days before automatic patching. Most installs were done from a stack of floppy disks and new versions came out yearly. Maybe quarterly, at best.
The point I'm making is twofold. First, these bugs are everywhere and will always be around. Don't be shocked when they're reported. They happen, they get fixed, and the next one comes along. You're going to get burned by them. And yes, evil douchebags are going to exploit them to, say, illegally download nude pictures of celebrities. There's no victim-blaming when I say that you should acknowledge this reality and do what you can to protect yourself.
And my second point, which is the takeaway here, and the reason I've "come clean" after 25 years to make the point: These bugs are in the wild and known right now. Please stop and think about that. Someone, somewhere, is almost surely reading or copying your stuff if it's online. These bugs don't live in obscurity until someone discovers them and immediately fixes them. Someone finds them and uses them for years until someone else discovers them in a more public way. Remember the speculation and then confirmation that the NSA was exploiting a bug for years before it was ever discovered in public? You don't need to take my word for this.
And please don't shoot the messenger.
Full disclosure: I never shared this bug with anyone else in college as far as I remember. I never found anything illegal, and only once found something that, if disclosed, could have caused problems (someone was cheating something seriously in a number of classes). I never said anything. I honestly can't remember ever seeing anything on anyone that was even remotely bad. Email, back then, also was only something shared among geeks, for the most part. There was pretty-much no private social online usage. I mostly poked around administrative stuff. This being a time before digital photography, I never even saw any nude selfies :-) Some people may not believe this disclosure, and I'm okay with that.
MoviePass (https://www.moviepass.com/) is making some news today. In a nutshell, pay a flat monthly fee and you can see a movie a day. Of course nobody's going to do that in the real world, but as noted by TechCrunch:
By subscribing to the company’s service, moviegoers can watch one movie a day — up to 30 movies in a month. While few movie buffs have the time to watch a movie a day, the service, which clocks in at roughly $30 a month, is a pretty great deal for even the casual fan. In New York, tickets are about $15, so after two trips to the movies in a month, the subscription would pay for itself.
That works for me. I don't live in a $15 zone, but three movies a month would break this even for me at the quoted price of $35/month.
The only problem, I think, is that I'd hit a movie every weekend if I could - I find them great entertainment; a good way to relax the brain for a couple hours - but my family doesn't enjoy them quite as much as I do. I think a movie-a-month is about my wife's speed. So that's the only reason I'm not buying right now.
Now if they also could do a flat fee on the terribly overpriced popcorn and dessicated hot dogs, I'd jump.
I think the higher-ups at Facebook are just now realizing that they're facing their first real crisis. Diaspora likely gave them about a half-day of indigestion and then some good laughs. But Ello is the real deal when it comes to a threat.
That said, I predict it will not succeed as a Facebook replacement. Indeed, their founder insists that it's not intended to be such. Is that hipsterism? Probably. But he's probably also right. While they're getting 30k+ signups per hour, people are going to react like they did to Google+ - that is, they'll sign up, play a little, find that it has nothing that Facebook doesn't already have, and usage will drop off. Ello has significantly fewer features that people want. If Google+ didn't get traction, Ello won't, either.
Yes, people want to migrate from Facebook because of their policies, but this threat is likely going to be the catalyst that forces Facebook to back down on the real name issue.
For this reason, I think Facebook will weather this storm.
Now... want to know the issue that Ello could press that just might win it for them? Your feed. You don't want "top stories," you want everything, in order, without someone telling you what they think is relevant. You want to see it all and make that decision for yourself. That's Ello's concept of Friends/Noise and it makes sense. It's the one thing that Facebook won't back down about, and Ello could press this point.
Then again, Google+ didn't win that argument with "Circles." So maybe that won't work after all. But I think Circles were before the relevance issue came to a head.
Time will tell. But at least I'm on record so I can say I called it ;)