Matthew’s Weblog

A friend of mine, Bill, found out that his password had been mailed to him in plaintext from his ’shiny, new 401k’ and he wrote about the disconcerting experience of a financial services company being careless with security. Having worked in a financial services company, I can only say that the troubles he encountered are not that bad… you should have seen some of the sausage in the factory I worked in.

That said, Bill violated a crucial rule of security and he needs to learn it as much as the Schwab folks need to learn their own lessons:

Never, never, never depend on someone else to provide your security.

Bill “used one of his common passwords”… and you shouldn’t have any of those. A common password is a common vulnerability, especially because you can’t know how companies will protect your passwords or your data — as he unfortunately learned. To avoid this, you can use a desktop application (such as the free Password Safe, originating from Bruce Schneier’s Counterpane Labs) or a browser plug-in (such as Password Hasher or Secure Login or any of the other 48 listed on the addons site) or the Mac’s built-in Keychain app so you can generate random passwords and never, never reuse them. Personally, I’ve been using Password Safe for years.

He also offers great tips for websites to make their applications more secure, like not asking for really constant, common, data like mother’s maiden name. The other option is to not answer with an expected response. Mother’s maiden name? Istanbul. Honeymoon location? Jones. And so on…

Never trust someone else’s security.

Technorati Tags: security, password, firefox

Apple’s design strikes again - five words that evoke so much.  I’m surprised (and yet not so much) that Microsoft had to try and emulate them, and that the emulation is laughable.  Why even try?

Thanks to JoelOnSoftware for the writeup…

from a tech reference article…

• once connected open the file:

• /var/ipcop/ovpn/server.conf

Add a line for each XXX subnet you want:

• push “route 192.168.XXX.0 255.255.255.0?

So an interesting contrast in articles yesterday… one column on how Windows Is Free, due to the widespread sharing and ineffectiveness of the registration process, and another column on Software Copyright and Role Models - the impact of software sharing on ethics, morals, and society. The intertwining thread is the Law of Unintended Consequences, where people’s actions have far wider ripples than they anticipate. It really stopped me in my tracks.

I have, in the past, observed unlicensed software being installed. Sometimes, because my own hands were acting on the copied CD. I’ve found it much easier to be in compliance recently because of MSDN access, but now I have kids. I want them to have a computer to use and to play on, and many of their games are Windows-only. Now I have to consider how to move forward.

I’ve purchased computers in the past with Windows installed on them, then blitzed it in order to install Linux. Now I feel like I should have a floating license for that Windows OS, but is that actually fair? I know it’s not legal according to the contracts, but what is really fair? And what do I do to show the kids that I really believe in doing what is right? I work in software development, for goodness sake… you’d think I wouldn’t be conflicted at all.

But all I have are questions right now… no answers.

(At least my Macs are legal, with no questionmarks!

Technorati Tags: Windows, Mac, Linux, ethics

How do you identify troubled projects, and then fix them when you do?  CIO magazine ran a series of articles that give good perspectives into avoiding issues, investigating troubles, and repairing the effort.

Some favorite quotes…

Regarding CXOs who ask for and then ignore feedback:

But don’t pretend to listen if you aren’t going to take action.
Richardson says, “Don’t ignore our feedback if you ask for it. That’s
not empowering. It’s pretending to include us before yanking the carpet
out from under our feet.”

Regarding project issues:

Lack of communication, both formal and informal, is another early
warning sign. If the stakeholders, from team members to users, aren’t
talking to each other, you’ve got a problem.

and

“This is a really tricky cultural thing,” says Raj Kapur, executive vice president of the Center for Project Management,
a software project management consultancy and education firm in San
Ramon, Calif. “Everyone is allergic to bad news.” As a result, it’s all
too easy to develop a culture where bad news is slow to percolate
upward—which deprives management of vital, if unpleasant, information.
“You have to provide an environment where bad news is
accepted,” says Kapur. “That’s critical, and it’s not the job of the
team members. It’s the job of the leader.” And by extension, the CIO.

Deathmarches begin…

One early sign a project is slipping its schedule is teams working a
lot of overtime. This is a particularly important indicator because
assigning or encouraging overtime is the fastest fix the project
manager has, as well as the one that attracts the least attention.

Now, if fixing the issues were as easy as writing about them…

Technorati Tags: development, software, projects, problems

Here’s a great writeup on some of the enterprise management options for Mac environments… if you thought only Windows could be centrally coordinated, this is a very interesting insight into the tools available.

Technorati Tags: mac, enterprise, configuration

a very cool idea that could make life easier… customized OSs, automatically built, that ensure simplification and supportability.  Now if it were just cheaper/easier…

Technorati Tags: rpath, custom+os

A great article on why enterprises should utilize Macs and how they are more cost-effective.

Technorati Tags: apple, mac, TCO

Since the US Automakers aren’t building pure electric cars fast enough, why not skip the system and build a new kind of car company?  And while you’re at it, use some of the newer, high-efficiency (42%!) solar cells to power it…

Technorati Tags: solar, electric+car, power

I hadn’t heard of it, but it sounds like a good idea for a startup.  If you’re giving restricted stock, you give it with an attached right-to-repurchase at $0.01/share, and then the company’s right to repurchase is periodically canceled on fractions of the transaction.

Why good?  (at least as far as I understand it) The dev gets the shares when they’re worth pennies on the dollar and is taxed on that basis, and then any improvement in the price will be taxed as capital gains… better for the dev in the long run.  It’s also a smaller hit to the new company, since the value you’re giving away is minimal.  The only challenge would be using this strategy at an established, publicly-traded company… where the stock may have enough value at the start that it could be a big tax hit for that initial grant.

Technorati Tags: options, payment, vesting, taxes, startup