Details

Kingsley Uyi Idehen
Lexington, United States

Subscribe

Post Categories

Subscribe

E-Mail:

Recent Articles

Display Settings

articles per page.
order.
Driving Lanes on the Web based Information Super Highway

Post absorption of Web 3G commentary emanating from the Talis blog space. Ian Davis appears to be expending energy on the definition of, and timeframes for, the next Web Frontier (which is actually here btw) :-)

Daniel Lewis also penned an interesting post in response to Ian's, that actually triggered this post.

I think definition time has long expired re. the Web's many interaction dimensions, evolutionary stages, and versions.

On my watch it's simply demo / dog-food time. Or as Dan Brickley states: Just Show It.

Below, I've created a tabulated view of the various lanes on the Web's Information Super Highway. Of course, this is a Linked Data demo should you be interested in the universe of data exposed via the links embedded in this post :-)

The Web's Information Super Highway Lanes

1.0

2.0

3.0

Desire

Information Creation & Retrieval

Information Creation, Retrieval, and Extraction

Distillation of Data from Information

Meme

Information Linkage (Hypertext)

Information Mashing (Mash-ups)

Linked Data Meshing (Hyperdata)

Enabling Protocol

HTTP

HTTP

HTTP

Markup

HTML

(X)HTML& various XML based formats (RSS, ATOM, others)

Turtle, N3, RDF/XML, others

Basic Data Unit
Resource (Data Object) of type "Document"
Resource (Data Object) of type "Document"
Resource (Data Object) that may be one of a variety of Types: Person, Place, Event, Music etc.

Basic Data Unit Identity

Resource URL (Web Data Object Address)

Resource URL (Web Data Object Address)

Unique Identifier (URI) that is indepenent of actual Resource (Web Data Object) Address.

Note: An Identifier by itself has no utility beyond Identifying a place around which actual data may be clustered.

Query or Search

Full Text Search patterns

Full Text Search patterns

Structured Querying via SPARQL

Deployment

Web Server (Document Server)

Web Server + Web Services Deployment modules

Web Server + Linked Data Deployment modules (Data Server)

Auto-discovery

<link rel="alternate"..>

<link rel="alternate"..>

<link rel="alternate" | "meta"..>, basic and/or transparent content negotiation

Target User
Humans
Humans & Text extraction and manipulation oriented agents (Scrappers)
Agents with varying degrees of data processing intelligence and capacity
Serendipitous Discovery Quotient (SDQ) Low Low High

Pain

Information Opacity

Information Silos

Data Graph Navigability (Quality)

# PermaLink Comments [0]
03/04/2008 23:16 GMT-0500 Modified: 03/04/2008 18:17 GMT-0500
More Ajax Security

The Recent security Ajax security alert have attracted comments from:

Shelley Powers via her post titled: More Ajax Security and many others.

In anticipation of the obvious concerns of many Javascript based developers, Ondrej Zara (lead developer of the OpenLink Ajax Toolkit) has written a post titled: OAT and JS Hijacking, that explains the security aspects our Javascript Toolkit in relation to this alert

# PermaLink Comments [0]
04/04/2007 12:16 GMT-0500 Modified: 04/04/2007 19:49 GMT-0500
The Future Of The Internet

The Future Of The Internet: "

While the framework of governance continues to evolve there is a widespread belief that along with the growth of the internet, more and more problems such as spam, viruses and 'denial of service' attacks that can cripple large websites shall begin to be felt. It seems reasonable to assume that the number of devices on the network will continue to multiply in new and unforeseen ways. So researchers are starting from the assumption that communications chips and sensors will eventually be embedded in almost everything, from furniture to cereal boxes - 'hundreds of billions of such devices'. While today's internet traffic is generally initiated by humans- as they send e-mails, click on web links, or download music tracks- in future, the vast majority of traffic may be 'machine to machine' communications: things flirting with other things – all ready to be connected wirelessly, and will move around.

The Economist has a related article titled Reinventing the Internet. Asking the question if a can a ‘clean slate’ redesign of the internet can ever be implemented.
Few solutions float around:
- One is ‘trust-modulated transparency’. The network's traffic-routing infrastructure shall judge the trustworthiness of packets of data as they pass by and deliver only those deemed trustworthy & dubious packets might be shunted aside for screening. The whole system would be based on a ‘web of trust’, in which traffic flows freely between devices that trust each other, but is closely scrutinized between those that do not.
- Another idea is a new approach to addressing, called ‘internet indirection infrastructure’ - It would overlay an additional addressing system on top of the internet-protocol numbers now used to identify devices on the internet. This would make it easier to support mobile devices, and would also allow for ‘multicasting’ of data to many devices at once, enabling the efficient distribution of audio, video and software. With Activenets or metanets, devices at the edge of the network could then dynamically reprogram all the routers along the network path between them to use whatever new protocol they wanted.
While the research is still on there some hopes of making some progress on the technical front – but It may well transpire that the greatest impediment to upgrading the internet will turn out to be political disagreements like this , this, over how it should work, rather than the technical difficulty of bringing it about.
The OECD hosted a workshop titled The Future of the Internet in Paris on 8 March 2006. Some of the presentations look good and a few of them make a compelling reading.



Category :, , "

(Via Sadagopan's weblog on Emerging Technologies,Thoughts, Ideas,Trends and Cyberworld.)

# PermaLink Comments [0]
03/29/2006 18:26 GMT-0500 Modified: 06/22/2006 08:56 GMT-0500
Solutions to allow XMLHttpRequest to talk to external services

Solutions to allow XMLHttpRequest to talk to external services: "

Over on XML.com they published Fixing AJAX: XmlHttpRequest Considered Harmful.

This article discusses a few ways to get around the security constraints that we have to live with in the browsers theses days, in particular, only being able to talk to your domain via XHR.

The article walks you through three potential solutions:

  1. Application proxies. Write an application in your favorite programming language that sits on your server, responds to XMLHttpRequests from users, makes the web service call, and sends the data back to users.
  2. Apache proxy. Adjust your Apache web server configuration so that XMLHttpRequests can be invisibly re-routed from your server to the target web service domain.
  3. Script tag hack with application proxy (doesn't use XMLHttpRequest at all). Use the HTML script tag to make a request to an application proxy (see #1 above) that returns your data wrapped in JavaScript. This approach is also known as On-Demand JavaScript.

I can't wait for Trusted Relationships within the browser - server infrastructure.

With respect to Apache proxies, these things are priceless. I recently talked about them in relation to Migrating data centers with zero downtime.

What do you guys think about this general issue? Have you come up with any interesting solutions? Any ideas on how we can keep security, yet give us the freedom that we want?

(Via Ajaxian Blog.)

Well here is what I think (actually know):

Our Virtuoso Universal Server has been sitting waiting to deliver this for years (for the record see the Virtuoso 2000 Press Release). Virtuoso can proxy for disparate data sources and expose disparate data as Well-Formed XML using an array of vocabularies (you experience this SQL-XML integration on the fly every time you interact with various elements of my public blog).

Virtuoso has always been able to expose Application Logic as SOAP and/or RESTful/RESTian style XML Web Services. This blog's search page is a simple demo of this capability.

Virtuoso is basically a Junction Box / Aggregator / Proxy for disparate Data, Applications, Services, and BPEL compliant business processes. AJAX clients talk to this single multi-purpose server which basically acts as a conduit to content/data, services, and processes (which are composite services).

BTW - there is a lot more, but for now, thou shall have to seek in order to find :-)

# PermaLink Comments [1]
11/11/2005 21:01 GMT-0500 Modified: 07/21/2006 07:23 GMT-0500
Gates, Jobs, & the Zen aesthetic

Another great post that I have deliberately captured in full due to the semantic value of its links as part of my ongoing contribution to the broader self-annotating effort taking place across the web. See theLinkblog, Summary, and Archive (new addition) aspects of this "point of presence" :-)

Gates, Jobs, & the Zen aesthetic: "

Jobs_question2_2As a follow up to yesterday's post on Bill Gates' presentation style, I thought it would be useful to examine briefly the two contrasting visual approaches employed by Gates and Jobs in their presentations while keeping key aesthetic concepts found in Zen in mind. I believe we can use many of the concepts in Zen and Zen aesthetics to help us compare their presentation visuals as well as help us improve our own visuals. My point in comparing Jobs and Gates is not to poke fun but to learn.

Simplicity
A key tenet of the Zen aesthetic is kanso or simplicity. In the kanso concept beauty, grace, and visual elegance are achieved by elimination and omission. Says artist, designer and architect, Dr. Koichi Kawana, 'Simplicity means the achievement of maximum effect with minimum means.' When you examine your visuals, then, can you say that you are getting the maximum impact with a minimum of graphic elements, for example? When you take a look at Jobs' slides and Gates' slides, how do they compare for kanso?

'Simplicity means the achievement of maximum effect with minimum means.'
— Dr. Koichi Kawana

Naturalness
The aesthetic concept of naturalness or shizen 'prohibits the use of elaborate designs and over refinement' according to Kawana. Restraint, then, is a beautiful thing. Talented jazz musicians, for example, know never to overplay but instead to be forever mindful of the other musicians and find their own space within the music and within the moment they are sharing. Graphic designers show restraint by including only what is necessary to communicate the particular message for the particular audience. Restraint is hard. Complication and elaboration are easy...and are common.

The suggestive mode of expression is a key Zen aesthetic. Dr. Kawana, commenting on the design of traditional Japanese gardens says:

'The designer must adhere to the concept of miegakure since Japanese believe that in expressing the whole the interest of the viewer is lost.'
— Dr. Koichi Kawana

In the world of PowerPoint presentations, then, you do not always need to visually spell everything out. You do not need to (nor can you) pound every detail into the head of each member of your audience either visually or verbally. Instead, the combination of your words, along with the visual images you project, should motivate the viewer and arouse his imagination helping him to empathize with your idea and visualize your idea far beyond what is visible in the ephemeral PowerPoint slide before him. The Zen aesthetic values include (but are not limited to):

  • Simplicity
  • Subtlety
  • Elegance
  • Suggestive rather than the descriptive or obvious
  • Naturalness (i.e., nothing artificial or forced),
  • Empty space (or negative space)
  • Stillness, Tranquility
  • Eliminating the non-essential

Gates and Jobs: lessons in contrasts
Take a look at some of the typical visuals used by Steve Jobs and those used by Bill Gates. As you look at them and compare them, try doing so while being mindful of the key concepts behind the traditional Zen aesthetic.

Zen_master
Above. Does it get more 'Zen' than this? 'Visual-Zen Master,' Steve Jobs, allows the screen to fade completely empty at appropriate, short moments while he tells his story. In a great jazz performance much of the real power of the music comes from the spaces in between the notes. The silence gives more substance and meaning to the notes. A blank screen from time to time also makes images stronger when they do appear.

Also, it takes a confident person to design for the placement of empty slides. This is truly 'going naked' visually. For most presenters a crowded slide is a crutch, or at least a security blanket. The thought of allowing the screen to become completely empty is scaring. Now all eyes are on you.

Complicated_bill2

Above. Gates here explaining the Live strategy. A lot of images and a lot of text. Usually Mr. Gates' slides have titles rather than more effective short declarative statements (this slide has neither). Good graphic design guides the viewer and has a clear hierarchy or order so that she knows where to look first, second, and so on. What is the communication priority of this visual? It must be the circle of clip art, but that does not help me much.

Dr. Kawana says that 'to reach the essence of things, all non-essential elements must be eliminated.' So what is the essence of the point being made with the help of this visual? Are any elements in this slide non-essential? At its core, what is the real point? These are always good questions to ask ourselves, too, when critiquing our own slides.

Jobs_intel_1
Above. Here Jobs is talking to developers at the WWDC'05 about the transition from the Power PC RISC chips to Intel. Sounds daunting, but as he said (and shows above) Apple has made daunting major shifts successfully before. (He also said sheepishly earlier in the the presentation, that every version of OSX secretly had an Intel version too...so this is not a new thing. The crowd laughed.).

A note on having an 'open style'
One thing that would help Mr. Gates is an executive presentations coach and a video camera. One unfortunate habit he has is constantly bringing his finger tips together high across his chest while speaking. Often this leads to his hands being locked together somewhere across his chest. This gesture makes him seem uncomfortable and is a gesture reminiscent of The Simpsons' Mr. Burns. By contrast, Steve Jobs has a more open style and at least seems comfortable and natural with his gestures.

Gates_bullets
Above. Mr. Gates needs to read Cliff Atkinson's Beyond Bullet Points, ironically published by Microsoft Press. Atkinson says that '...bullet points create obstacles between presenters and audiences.' He correctly claims that bullets tend to make our presentations formal and stiff, serve to 'dumb down' our points, and lead to audiences being confused...and bored. Rather than running through points on a slide, Atkinson recommends presenters embrace the art of storytelling, and that visuals (slides) be used smoothly and simply to enhance the speaker's points as he tells his story. This can be done even in technical presentations, and it can certainly be done in high-tech business presentations.

The 'Microsoft Method' of presentation?
The approach we've seen in Microsoft's last public presentation we can label the 'Microsoft Method.' This method is not different than the norm, in fact it is a perfect example of what Seth Godin and others call 'Really Bad PowerPoint.' Here's the rub: A great many professionals see the absurdity of this approach, even a great many professionals on the campus of Microsoft in Redmond. But change will continue to be slow, especially when the executives of the company which produces the most popular slideware program in the world use the program in the most uninspiring, albeit typical way.

Bullet_by_ozzie_2 Pocket_ozzie
Above. Chief technology Officer, Ray Ozzie follows the 'Microsoft Method' too. (Left) Bullet No.3: '...interfaces through...interfaces'? (Right) Fundamental presentation rule: Do not stick your hands in your pockets. Informality is fine, but this is inappropriate even in the USA (and especially in cultures outside the U.S.).

Refrain: It all matters!
We've talked about many presentation methods here at Presentation Zen, methods that are different than the 'normal' or the 'expected' but also simple, clear, and effective. Who wants to be 'average,' 'typical,' or 'normal'? Ridderstrale & Nordstorm say it best in Funky Business: 'Normality is the route to nowhere.' I'm not suggesting you 'present different' for the sake of being different. I am saying that if you move far beyond what is typical and normal in the context of presentation design, you will be more effective and different and memorable. Maybe Microsoft can afford lousy PowerPoint presentations, but you and I can't. For 'the rest of us,' it all matters.

Can we learn from a Japanese garden?
GardenLooking for inspiration in different places? Find a book on Japanese gardens (like this one from my friend, designer Markuz Wernli Saito) or visit one in your area (if you are lucky enough to have one). You can learn a bit here about the Zen aesthetic and Japanese gardens in this article by Dr. Kawana. Living here in Japan I have many chances to experience the Zen aesthetic, either while visiting a garden, practicing zazen in a Kyoto temple, or even while having a traditional Japanese meal out with friends. I am convinced that a visual approach which embraces the aesthetic concepts of simplicity and the removal of the nonessential can have practical applications in our professional lives and can lead ultimately to more enlightened design.
"

(Via Presentation Zen.)

# PermaLink Comments [0]
11/08/2005 23:48 GMT-0500 Modified: 06/22/2006 08:56 GMT-0500
Microsoft Gadgets, Start.com and Innovation

Microsoft Gadgets, Start.com and Innovation: "

A lot of the comments in the initial post on the Microsoft Gadgets blog are complaints that the Microsoft is copying ideas from Apple's dashboard. First of all, people should give credit where it is due and acknowledge that Konfabulator is the real pioneer when it comes to desktop widgets. More importantly, the core ideas in Microsoft Gadgets were pioneered by Microsoft not Apple or Konfabulator.

From the post A Brief History of Windows Sidebar by Sean Alexander

Microsoft 'Sideshow*' Research Project (2000-2001)

While work started prior, in September 2001, a team of Microsoft researchers published a paper entitled, 'Sideshow: Providing peripheral awareness of important information' including findings of their project.
...
The research paper provides screenshots that bear a striking resemblance to the Windows Sidebar. The paper is a good read for anyone thinking about Gadget development. For folks who have visited Microsoft campuses, you may recall the posters in elevator hallways and Sidebar running on many employees desktops. Technically one of the first teams to implement this concept

*Internal code-name, not directly related to the official, ‘Windows SideShow™’ auxiliary display feature in Windows Vista. >

Microsoft ‘Longhorn’ Alpha Release (2003)

In 2003, Microsoft unveiled a new feature called, 'Sidebar' at the Microsoft Professional Developer’s Conference. This feature took the best concepts from Microsoft Research and applied them to a new platform code-named, 'Avalon', now formally known as Windows Presentation Foundation...

Microsoft Windows Vista PDC Release (2005)

While removed from public eye during the Longhorn plan change in 2004, a small team was formed to continue to incubate Windows Sidebar as a concept, dating back to its roots in 2000/2001 as a research exercise. Now Windows Sidebar will be a feature of Windows Vista. Feedback from customers and hardware industry dynamics are being taken into account, particularly adding support for DHTML-based Gadgets to support a broader range of developer and designer, enhanced security infrastructure, and better support for Widescreen (16:10, 16:9) displays. Additionally a new feature in Windows Sidebar is support for hosting of Web Gadgets which can be hosted on sites such as Start.com or run locally. Gadgets that run on the Windows desktop will also be available for Windows XP customers – more details to be shared here in the future.

So the desktop version of 'Microsoft Gadgets' is the shipping version of Microsoft Research's 'Sideshow' project. Since the research paper was published a number of parties have shipped products inspired by that research including MSN Dashboard, Google Desktop and Desktop Sidebar but this doesn't change the fact that the Microsoft is the pioneer in this space.

From the post Gadgets and Start.com by Sanaz Ahari

Start.com was initially released on February 2005, on start.com/1 – since then we’ve been innovating regularly (start.com/2, start.com/3, start.com and start.com/pdc) working towards accomplishing our goals:

  • To bring the web’s content to users through:
    • Rich DHTML components (Gadgets)
    • RSS and behaviors associated with RSS
    • High customizability and personalization
  • To enable developers to extend their start experience by building their own Gadgets

Yesterday marked a humble yet significant milestone for us – we opened our 'Atlas' framework enabling developers to extend their start.com experience. You can read more it here: http://start.com/developer. The key differentiators about our Gadgets are:

  • Most web applications were designed as closed systems rather than as a web platform. For example, most customizable 'aggregator' web-sites consume feeds and provide a fair amount of layout customization. However, the systems were not extensible by developers. With start.com, the experience is now an integrated and extensible application platform.
  • We will be enriching the gadgets experience even further, enabling these gadgets to seamlessly work on Windows Sidebar

The Start.com stuff is really cool. Currently with traditional portal sites like MyMSN or MyYahoo, I can customize my data sources by subscribing to RSS feeds but not how they look. Instead all my RSS feeds always look like a list of headlines. These portal sites usually use different widgets for display richer data like stock quotes or weather reports but there is no way for me to subscribe to a stock quote or weather report feed and have it look the same as the one provided by the site. Start.com fundamentally changes this model by turning it on its head. I can create a custom RSS feed and specify how it should render in Start.com using JavaScript which basically makes it a Start.com gadget, no different from the default ones provided by the site.

From my perspective, we're shipping really innovative stuff but because of branding that has attempted to cash in on the 'widgets' hype, we end up looking like followers and copycats.

Marketing sucks.

"

(Via Dare Obasanjo aka Carnage4Life.)

Posted for historic annotation purposes (re. Widgets as Microsoft didn't copy Apple here at all; Apple just packaged this better at the expense of Konfabulator as already noted above). And yes, Marketing sucks big time!!
# PermaLink Comments [0]
09/16/2005 17:54 GMT-0500 Modified: 06/22/2006 08:56 GMT-0500
Standards Contempt Revisited

My entire time in the IT industry has been spent primarily trying to develop, architect, test, mentor, evangelize, and educate about one simple subject: Standards Appreciation!

The trouble with "Standards Appreciation" is that vendors see standards from the following perspectives primarily:

  1. Yet another opportunity to lock-in the customer
  2. If point 1. fails then undermine the standard vociferously (an activity that takes many covert forms; attack performance, security, and maturity)
  3. Developers don't like standards (the real reason for this is to-do lists and timeframes in most cases)

Korateng Ofusu-Amaah providesinsightful perspective on the issues above, in a recent "must read" blog post about how this dysfunctionalityplays out today in the realm of HTML Buttons and Forms. Here are some notebable excerpts:

"Instead my discourse devolved into a case of I told you so, a kind of Old Testament view of things instead of the softer New Age stylings that are in vogue these days. Sure there was a little concern for the users that had been hurt by lost data, but there was almost no empathy for the developers who had to lose their weekends furiously reworking their applications to do the right thing especially because it appeared that they would rather persist in trying to do the wrong thing.

The sentiment behind that mini tempest-in-a-teapot however was a recognition of the fact that those who have been quietly evangelizing the web style were talking about the wrong thing and to the wrong people."

...

"..As application developers we should ask for better forms, we should be demanding of browser makers things like XForms or Web Forms 2.0 to make sure that we can go beyond the kind of stilted usability that we currently have. Our users would appreciate our efforts in that vein but for now, they know what to expect. Until then application developers should push back when we are told to "do the wrong thing".

There is an unfortunate mindset trend at the current time that espouses: "Sloppiness" is good, and "Simple" justifies inadequacy at all times. Today, the real focus of most development endeavours is popularity first and coherance (backward compatibility, standards compliance, security, scalability etc.) a distant second, if you can simply make things popular then that justifies the sloppiness (acquisition, VC money, Blogosphere Juice etc.). Especially as someone else will ultimately have to deal with thepredictable ramifications of the sloppiness.

Standards are critical to the success of IT investment within any enterprise, but standards are difficult to design, write, implement, and then comprehend; due to the inherent requirement for abstraction -it's atop down, as opposed to bottom up, process.

Vendors will never genuinely embrace standards, until IT decision makers demand standards compliance of them, by demonstrating a penchant for smelling out "leaky abstractions" embedded within product implementations. Naturally, this requires a fundamental change of mindset for most decision makers.It means moving away from the"this analyst said...", "I heard that company X is going to deliver....", "I read that .....", "I saw that demo..."approach to product evaluation, to a more knowledgeable evaluation processthat seeks out the What, Why, and How of any prospective IT solution.

Knowledge empowers all of the time. It's a gift that stands the test of time once you invest some time in its acquisition (unfortunately this gift isn't free!). Ignorance with all its superficial seduction (free and widely available!), is temporary bliss at best, and nothing butheartache over time.

# PermaLink Comments [0]
05/12/2005 15:11 GMT-0500 Modified: 06/22/2006 08:56 GMT-0500
Mac OS X and its potential impact on Windows

We are at an interesting crossroads in the computer industry (IMHO) . Apple is about to unleash Tiger (ETA: one week from now), and this operating system release could end up being the crucial round of the titanic battle between Apple and Microsoft. The battle which startsat the Operating System level reminds me of the"Rumble In The Jungle" (circa. 1974, Kinshasa, Zaire); Apple in the role of Ali (aka "The Greatest" who was the overwhelming underdog at time) and Microsoft in the role of George Foreman (who at the time was logically invincible).

The shakesperian tale of Macbeth also comes to mind as depicted in the excerpt below:

".... Macbeth goes to visit the witches in their cavern. There, they show him a sequence of demons and spirits who present him with further prophecies: he must beware of Macduff, a Scottish nobleman who opposed Macbeth's accession to the throne; he is incapable of being harmed by any man born of woman; and he will be safe until Birnam Wood comes to Dunsinane Castle. "

Having used all the major operating systems on a serious basis for a number of years in a variety ofmodes;user, developer, and administrator. I have always felt that a RISC based UNIX operating system (of BSD genealogical branch extraction), if somehow combined with a user interface that is superior to Windows,would ultimatelyunravel the Windows Desktop Monopoly. Thatoperating system exists today in the form of Mac OS X (its lastest Tiger release simply kicks the differential up a notch).

Back to the Macbeth correlation:

"Birnam Woods coming to Dunsinane" is the metaphoric equivalent of desktop users and first time computer users being forced (by the scourge of virus and spyware) to revaluate Windows as the only choice for productive desktop computing. What would you recommend to "Aunt Milly" when she tells you she wants to get on the Internet? Especially if "Aunt Milly" isn't living with you?

"Man not born of a woman" is no different to saying: UNIX with a superior user interface to Windows!

I don't think you need me to tell who play the characters of Macbeth and Macduff in this drama :-)

The Windows security vulnerabilities quagmire (google juice on this phrase is currently 6,620 pages)has basically created an inflection of monumental proportions adversely affecting Windows and creating great visibility and evaluation building opportunities for Mac OS X ("once usersexperience aMac they don't come back to Windows!").

Paul Murphy of cio-today.comhas also written a great articlesheds light on theoften overlooked hardware aspect to the security problem for WindowsHere is a poignant excerpt:

Software and Hardware Vulnerabilities

At present, attacks on Microsoft's Windows products are generally drawn from a different population of possible attacks than those on Unix variants such as BSD, Linux and Solaris. From a practical perspective, the key difference is that attacks on Wintel tend to have two parts: A software vulnerability is exploited to give a remote attacker access to the x86 hardware and that access is then used to gain control of the machine.

In contrast, attacks on Unix generally require some form of initial legal access to the machine and focus on finding software ways to upgrade priveleges illegally.

Consider, for example, CAN-2004-1134 in the NIST vulnerabilities database:

Summary: Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.

Published Before: 1/10/2005

Severity: High

The vulnerability exists in Microsoft's code, but the exploit depends on the rigid stack-order execution and limited page protection inherent in the x86 architecture. If Windows ran on Risc, that vulnerability would still exist, but it would be a non-issue because the exploit opportunity would be more theoretical than practical.

Linux and open-source applications are thought to have far fewer software vulnerabilities than Microsoft's products, but Linux on Intel (Nasdaq: INTC - news) is susceptible to the same kind of attacks as those now predominantly affecting Wintel users. For real long-term security improvements, therefore, the right answer is to look at Linux, or any other Unix, on non x86 hardware.

One such option is provided by Apple's (Nasdaq: AAPL - news) BSD-based products on the PowerPC-derived G4 and G5 CPUs. Linus Torvalds, for example, apparently now runs Linux on a Mac G5 and there are several Linux distributions for this hardware -- all of which are immune to the typical x86-oriented exploit.

This may even been the nullifier of that age old argument about porting Mac OS X to the x86 in order to broaden its adoption potential?

Mac OS X is certainly a breath of fresh air for anyone who needs to simply get stuffdone with theirdesktops and notebooks.

Tags: | | |
# PermaLink Comments [2]
04/21/2005 20:25 GMT-0500 Modified: 07/21/2006 07:24 GMT-0500
Why Is Every Information Leak Worse Than Originally Thought?

Why Is Every Information Leak Worse Than Originally Thought? While there have been an incredible number of stories about data leaks over the past couple of months, one interesting thing is that in so many cases, the companies involved later come out and admit that the problem was much worse than they first admitted. That happened with ChoicePoint and LexisNexis, who both had to come out a second time and admit that the original data breach they discussed wasn't as limited as they had believed. The latest is that the DSW Shoe Warehouse database that was stolen included information (including credit cards) on many, many more people than originally stated. So rather than 100,000 credit cards out there, we're talking 1.4 million. What's unclear, however, is why this is happening. Is it that these companies are so clueless and unable to manage their own data that they don't realize how badly they've leaked data until they do further investigations? Or is that the companies are still trying to hide the nature of the losses until later (maybe spreading them out a bit)? Either way, you'll notice that no one ever seems to correct the damages in the other direction...

[via Techdirt]
It would be interesting to see the make up of the IS infrastructure behind these companies. If such information was possible I would have much better context for a broader understanding of my suspicions (outlined in previous comments).
Data is everything! I just wish there was a better appreciation and comprehension of the subject of Data Access.
# PermaLink Comments [0]
04/19/2005 22:54 GMT-0500 Modified: 06/22/2006 08:56 GMT-0500
Payroll hole exposes dozens of companies

Payroll hole exposes dozens of companies Flaw in PayMaxx Web site exposed the financial information of customers' workers, the payroll-services firm acknowledges.

Unfortunately we have more of this come! The combinaton ofbackend Database Engineand Application Layer Data Access technologychoices play a major role in these kinds of security vulnerabilities . Databases used to confined to access from dumb terminals and PCs within the enterprise. Today, these same databases are exposed to the Internet in a myriad of ways, and a physical firewall and password protection alone one cut it, not in an increasingly social oriented cyberspace. Social Engineering is a major aspect of hacking!
Hosted applications are currently the rage; there are many benefits, but there are also some serious security vulnerabilties that will "dope slap" those organizationsthat carelessly head down this route. You have to take a look at the underlying architecture driving the systems in question.
Anyway, you can track past and future commentary relating to databases, data access, and securityusing thisdynamic blogquery. Naturally, I expect content exposed from the query URI to grow, and to ultimately integrate content from other sources around the blogosphere.
Tags:
# PermaLink Comments [0]
03/01/2005 23:24 GMT-0500 Modified: 06/22/2006 08:56 GMT-0500
<< | 1 | 2 | 3 | 4 | 5 | >>
Powered by OpenLink Virtuoso Universal Server
Running on Linux platform
The posts on this weblog are my personal views, and not those of OpenLink Software.