|
|
Friday, August 02, 2002 |
The road to managed code
On June 6, Microsoft posted security bulletin MS02-026, titled "Unchecked Buffer in ASP .Net Worker Process." Tongues immediately began to wag. Wasn't .Net supposed to prevent this sort of thing? It's true that managed code avoids the buffer overflows that trigger so many security snafus. But the ASP .Net engine, a .Net component, is not itself written wholly in managed code, and the security flaw was in an unmanaged function. Work was "currently under way," the bulletin said, "to migrate all functions over to the .Net Framework." That migration is an epic journey that makes the trip from 16-bit to 32-bit code look like a weekend jaunt. [full story at InfoWorld.com]
11:38:00 PM
|
|
Flash Communication Server MX
Flash MX and the FlashComm server together deliver event-driven peer networking, streaming-media services, a productive scripting environment that targets networked teams of people, and powerful components that embody the essential tools of collaboration. We've seen all these ingredients before, but Macromedia has combined them to create something different and new: a killer framework for the rapid development of collaborative software. [full story at oreillynet.com]
11:18:17 PM
|
|
More on translucent databases
A few weeks back I mentioned Peter Wayner's new book on Translucent Databases. Simson Garfinkel writes about it at more length in this oreillynet.com article:
For example, what if a police department needs to build a database of sexual-assault victims that lets them identify trends but hides personal information? You could use a translucent database where the first column is the hash of the victim's name, and the second column is a hash of their full address, and the third column is a hash of their block and street. You can now group incidents together by grouping entries with identical block hashes; you can see if the incidents refer to the same person by checking to see if those hashes are different.
What's great about Peter's approach is that it's really quite low-tech. Just straightforward Java code that generates SQL statements that make judicious use of MySQL's MD5 function. It's the kind of thing that's hard to think of, but easy to do.
11:16:29 PM
|
|
Changing Radio upstream locations: bug and workaround
I'm finally moving this weblog to an InfoWorld address, probably on Monday. As a test, I upstreamed to that location tonight, by checking the box here and filling in the form. Everything transferred fine. But then, when I unchecked the box -- because I wanted to revert back to radio.weblogs.com/0100887 until the final cutover -- I ran into a problem. Radio kept on uploading to the new place, and wouldn't forget it and go back to the old place.
Thanks to Lawrence Lee and Jake Savin for the workaround:
http://radio.userland.com/stories/storyReader$14904
Here's the scary thing. I ended up calling Jake, and he talked me through the fix before I got Lawrence's email with the URL of the writeup. After Jake dictated the fix and I typed it into my QuickScript window, it occurred to me to ask if Jake was reading this stuff not from a screen, but rather from the inside of his eyeballs. Yup. He was. Yikes!
11:06:43 PM
|
|
Homeland Insecurity
The September issue of the Atlantic Monthly has a remarkable special report called Homeland Insecurity (not yet excerpted online). It features none other than Bruce Schneier. I am delighted to see Schneier's philosophical transformation -- from crypto-infatuated fortress builder to pragmatic watchguard -- detailed in a mainstream magazine. People who would never have read Secrets and Lies will read this excellent article, and I hope will ponder Schneier's message:
- Security technologies are brittle
- When they fail, they fail catastrophically
- Human judgment needs to govern the security process
The article concludes with a description of Counterpane's command center:
Highly trained and well paid, these people brought to the task a quality not yet found in any technology: human judgement, which is at the heart of most good security. Human beings do make mistakes, of course. But they can recover from failure in ways that machines and software cannot. The well-trained mind is ductile. It can understand surprises and overcome them. It fails well.
Mixing long stretches of inactivity with short bursts of frenzy, the work rhythm of the Counterpane guards would have been familiar to police officers and firefighters everywhere. As I watched the guards, they were slurping soft drinks, listening to techno-death metal, and waiting for something to go wrong. They were in a protected space, looking out at a dangerous world. Sentries around Neolithic campfires did the same thing. Nothing better has been discovered since. Thinking otherwise, in Schneier's view, is a really terrible idea.
5:58:44 PM
|
|
© Copyright 2002 Jon Udell.
|
|