David S. Read

Yet another vendor attempts to reduce application security to something that can be purchased.

“How to Hacker-Proof Your Web Applications,” was the amusing subject of an email I received recently.  I’m sure that it wasn’t meant to be amusing.  I suppose I just have a strange sense of humor.

The source of the email was a company that I consider to be reputable, though this could lead me to reconsider that opinion.  I won’t single out the organization since hyperbole apparently continues to be a requirement to sell most anything.

I have to wonder though, does anyone actually read a subject line like that and then open the email fully expecting to be presented with a product or service that does what the subject states?  I certainly hope not.  Let’s explore the meaning of the message and then we’ll see if the email content led me to such a nirvana.

“Your Web Applications” covers every piece of software I have that presents a web interface.  This includes my traditional HTTP/HTML-based applications as well as web services.  These applications may be based on a variety of technologies such as .NET, Java, PERL and Ruby.  They include third-party libraries and frameworks.  Further, they are hosted on some form of hardware running some operating system.  Clearly this claim applies to a wide and deep world of application infrastructures and architectures.

“Hacker-Proof” means that no attacker will be able to successfully exploit the applications.  That is quite a promise.  By opening this email I’m going to find out what is necessary to prevent all successful exploits for my entire set of web facing applications?  This is great news! (more…)

During the past several months I’ve had an interesting experience working with Brainbench.  As you may know, Brainbench (a part of Previsor) offers assessment tests and certifications across a wide range of subjects.  They cover many technical and non-technical areas.  I have taken Brainbench exams myself and I have seen them used as a component within a hiring process.  However, I did not understand how these exams were created.

That mystery ended for me late last year when I received an email looking for technologists to assist in validating a new exam that Brainbench was creating to cover Spring version 2.5.  Being curious about the test creation process I applied for the advertised validator role.  I was pleasantly surprised when they contacted me with an offer for the role of test author instead.

I will not delve into Brainbench’s specific exam creation approach since I assume it is proprietary and want to be sure I respect their intellectual property.  What I found was a very well-planned and thorough process.  Having a background in education and a strong interest in teaching and mentoring, I know the challenge of creating a meaningful assessment.  In the case of their approach, they focus on an accurate and well-considered exam.

I believe that I am quite knowledgeable regarding Spring.  I have used many of its features for work and personal projects.  The philosophies supported by the product (encouraged, not prescribed) address many areas of coding that help reduce clutter, decouple implementations, and simplify testing.  As a true fan of Spring’s feature set, I found it challenging to decide which aspects were most important when assessing an individual’s knowledge of the overall framework. (more…)

In a recent blog post, Tony Kontzer is discussing a San Francisco Chronicle article about Jaron Lanier.  The article discusses Jaron’s concern regarding limitations imposed on people by virtual reality and Web 2.0 structures.  The article mentions that some people have labeled Jaron a “Luddite”.  Tony goes on to say that the term isn’t a bad one and that Luddites serve an important role, balancing the Pollyanna vision of technology’s value against its potential risks.

Although I agree with Tony’s defense of Jaron’s position, I think the “Luddite” term is being misused in Jaron’s case.  In fact, I disagree with an assessment that Jaron’s comments, as well as the well-articulated theme of his book, “You Are Not a Gadget,” equate to those of a technology Luddite.

Let us consider a definition.  Merriam-Webster includes in their definition of Luddite, “one who is opposed to especially technological change.”  However, Jaron’s point is not one that opposes technological change.  Instead, he is concerned that specific uses of technology and underlying limitations within the virtual (digital) world limit our human interaction and experience.  The limiting factors are imposed by computers and software.

Jaron’s thought process, bringing in examples from both his technology and musical backgrounds, does a great job of describing how computer programs constrain us.  Developers have experienced frustration when extending functionality as they try to add features to an existing program.  Separate from the technologists’ issues, and this is key, computer hardware and software limitations also impose boundaries and set expectations for people who interact with computers.

It is this latter aspect, the unintentional or intentional limiting of people’s uniqueness due to the design and implementation of software, that concerns Jaron. I emphatically agree with him on this point!  I believe that most of us would accept that the setting arbitrary boundaries around self-expression and creativity in the physical world can lower the quality of life for people.  If the digital world does likewise might we end up in the same place?

(more…)