· Naughties
· · 2006
· · · December
· · · · 03 (2 entries)

Web Application Security · A pret­ty fierce de­bate has bro­ken out on how to do se­cu­ri­ty for Web-applications (REST, WS-*, what­ev­er). I’m grat­i­fied that it seems to have start­ed in the com­ments to S for Sim­ple. The pro­po­nents are Gun­nar Peter­son and Pete Lacey, and what they have to say is in­ter­est­ing. I think Gun­nar didn’t do a good enough job of fill­ing in one of the bases of his po­si­tion, al­though in pri­vate email he sent me a link to a PDF from eBank­ingSe­cu­ri­ty.­com which is worth a look. The point is that a sig­nif­i­cant pro­por­tion of Win­dows PCs are com­pro­mised with tro­jans and keystroke-loggers and oth­er fla­vors of bad-ware; sig­nif­i­cant enough that the pretty-decent transport-level se­cu­ri­ty pro­vid­ed by TLS is im­ma­te­ri­al. Those of us who are technically-competent and don’t use Win­dows can feel in­di­vid­u­al­ly se­cure, but that doesn’t mean Gun­nar doesn’t have a point.
Wikipedia Churn · There’s been some­thing hap­pen­ing re­cent­ly in my lit­tle cor­ner of Wikipedi­a, and I don’t know if it’s an anoma­ly or ev­i­dence of a trend; so this is raw ran­dom anec­do­tal data. By “my lit­tle corner” I mean the small col­lec­tion of ar­ti­cles that I track via a recent-changes Atom feed, have con­tribut­ed to quite a bit, and feel a lit­tle bit of shared re­spon­si­bil­i­ty for. There’s been a surge of re­cent ed­i­to­ri­al ac­tiv­i­ty, with super-energetic (and ap­par­ent­ly well-informed) new con­trib­u­tors trim­ming and tweak­ing and grow­ing the ar­ti­cles, of­ten sev­er­al times per day. In gen­er­al, while I haven’t been con­vinced that 100% of the changes are im­prove­ments, the qual­i­ty of the ar­ti­cles as a whole is def­i­nite­ly trend­ing up. Al­so, the ran­dom drive-by teenage de­face­ments are get­ting fixed re­al­ly fast. Any­one else see­ing this?
author · Dad · software · colophon · rights
Random image, linked to its containing fragment

By .

I am an employee
of Amazon.com, but
the opinions expressed here
are my own, and no other party
necessarily agrees with them.

A full disclosure of my
professional interests is
on the author page.