Article: http://www.engadget.com/2005/06/14/rfid-prevents-power-tool-theft/
Bosch Power Tools has decided to take a step towards preventing power tools from being stolen from constructions sites: they're placing RFID chips in their tools. This is a smart move, seeing as how last year alone the construction industry lost between $300 million and $1 billion to equipment theft.
Construction managers will use a device to scan all the tools at their site, and the tools' tracking information will be transmitted to a database. This is supposed to keep track of a site's equipment and prevent theft. However, I fail to see how this accomplishes the latter. I suppose at the end of each work day, scanning the entire site with a RFID reader would verify that all the equipment is there -- if something is missing, the database will show it because its RFID tag wasn't detected during scanning. So while this system may tell the manager that something was stolen, how does it actually prevent it?
I only see three ways to make this plan work. The first entails a RFID-reading entrance/exit to the construction site, so that if an employee walks off with a tool, an alarm will go off. The second is to have a RFID-reading security camera system that will detect a tool leaving the site and will take a photo of the perpetrator. The third way is to just have the manager scan everyone with a RFID reader as they leave to make sure they don't have any company property on them.
Simply having a database of company assets will not prevent theft -- there needs to be some sort of detection system.
Friday, February 29, 2008
Thursday, February 28, 2008
Putting the students at stake
Article: http://www.news.com/U.K.-student-records-to-sit-in-accessible-database/2100-1029_3-6230380.html?tag=cd.top
The British have developed a database which, starting in September 2008, will hold students' personal data and schooling information, such as exam results. This project applies to students aged 14-19, and the database will be available to schools and employers. The idea is to make it easy for schools and companies to pull up an applicant's records without needing the applicant to go through the trouble of acquiring transcripts, filling out educational information on applications, etc.
I can see how the new system will benefit British students, schools, and employers. As stated before, it will be more convenient for all involved parties. When applying to colleges, for example, the student must currently send copies of his or her transcript as well as applicable exam results. With this new system, that will no longer be necessary because all of those records will be electronically accessible.
However, with convenience comes a price. Is it really ethical to keep all this information in an easily accessible database? There would have to be a control that would prohibit schools and employers from accessing records of students that are not applying to their institution. Also, the U.K.'s record for keeping personal data secure is not all the great. As stated in the article, "In December, nine NHS trusts lost 168,000 patient records. A month before, the details of 25 million child benefit claimants went missing. And information on 3 million learner drivers disappeared during that time." Imagine if the database is the only place where a student's records are stored. If I were one of those students and all my educational records were lost forever, I would more than upset -- acceptance to college depends on that information afterall. Plus, there's the potential of a hacker breaking in and stealing or changing information. A hacker could steal a student's identity, or a student could have a hacker change an exam score to make him look better to a college.
I see where the UK is going with this project, but I don't see how convenience outweighs all the dangers. What's wrong with filling out those few extra lines on an application and requesting a few transcripts to be mailed?
The British have developed a database which, starting in September 2008, will hold students' personal data and schooling information, such as exam results. This project applies to students aged 14-19, and the database will be available to schools and employers. The idea is to make it easy for schools and companies to pull up an applicant's records without needing the applicant to go through the trouble of acquiring transcripts, filling out educational information on applications, etc.
I can see how the new system will benefit British students, schools, and employers. As stated before, it will be more convenient for all involved parties. When applying to colleges, for example, the student must currently send copies of his or her transcript as well as applicable exam results. With this new system, that will no longer be necessary because all of those records will be electronically accessible.
However, with convenience comes a price. Is it really ethical to keep all this information in an easily accessible database? There would have to be a control that would prohibit schools and employers from accessing records of students that are not applying to their institution. Also, the U.K.'s record for keeping personal data secure is not all the great. As stated in the article, "In December, nine NHS trusts lost 168,000 patient records. A month before, the details of 25 million child benefit claimants went missing. And information on 3 million learner drivers disappeared during that time." Imagine if the database is the only place where a student's records are stored. If I were one of those students and all my educational records were lost forever, I would more than upset -- acceptance to college depends on that information afterall. Plus, there's the potential of a hacker breaking in and stealing or changing information. A hacker could steal a student's identity, or a student could have a hacker change an exam score to make him look better to a college.
I see where the UK is going with this project, but I don't see how convenience outweighs all the dangers. What's wrong with filling out those few extra lines on an application and requesting a few transcripts to be mailed?
Wednesday, February 27, 2008
Mac security glitch
Article: http://www.news.com/8301-10784_3-9881870-7.html
As much as I love Apple, even they have their problems...the latest being a security glitch on Mac OS X 10.5 (Leopard) that gives unauthorized users access to the password of the active user account on a Mac. The problem is that once a user logs in, the account password is stored in memory too long (rather than being erased immediately after login is complete), which enables it to be retrieved by an unauthorized person. For example: I could sit in class, log on to my computer, get up to go to the restroom, and someone could retrieve my password from my computer while I'm gone. Then if that person were left alone with my computer, they could log on under my name and do all sorts of damage.
As an owner of a PowerBook, I see this as a serious problem for several reasons. The most obvious reason is that someone can steal a user's password and log in under their user name and impersonate that user. The impersonator would have access to the user's files, some of which may be confidential. But secondly, and perhaps more importantly, if an unauthorized person logs in under that user name, they have access to that user's Keychain, the Mac utility that stores passwords to web sites, wireless networks, and the like. This means that the hacker not only has access to files on the user's computer, but may also be able to access remote information hosted elsewhere. This can be very dangerous.
A programmer in California was the one who reported the problem to Apple, and Apple responded that they would not release a security update just for this issue. So far, Leopard has been Apple's most problematic OS release...and the fact that they will not include a fix to this problem in a timely update surprises me.
As much as I love Apple, even they have their problems...the latest being a security glitch on Mac OS X 10.5 (Leopard) that gives unauthorized users access to the password of the active user account on a Mac. The problem is that once a user logs in, the account password is stored in memory too long (rather than being erased immediately after login is complete), which enables it to be retrieved by an unauthorized person. For example: I could sit in class, log on to my computer, get up to go to the restroom, and someone could retrieve my password from my computer while I'm gone. Then if that person were left alone with my computer, they could log on under my name and do all sorts of damage.
As an owner of a PowerBook, I see this as a serious problem for several reasons. The most obvious reason is that someone can steal a user's password and log in under their user name and impersonate that user. The impersonator would have access to the user's files, some of which may be confidential. But secondly, and perhaps more importantly, if an unauthorized person logs in under that user name, they have access to that user's Keychain, the Mac utility that stores passwords to web sites, wireless networks, and the like. This means that the hacker not only has access to files on the user's computer, but may also be able to access remote information hosted elsewhere. This can be very dangerous.
A programmer in California was the one who reported the problem to Apple, and Apple responded that they would not release a security update just for this issue. So far, Leopard has been Apple's most problematic OS release...and the fact that they will not include a fix to this problem in a timely update surprises me.
Monday, February 25, 2008
You're being watched...
Article: http://www.washingtonpost.com/wp-dyn/content/article/2007/12/21/AR2007122102544_pf.html
A lot of people criticize the government for becoming more and more invasive of American citizens' privacy. Now the government is taking it to another level. The FBI is expanding their criminal database to hold a wider variety of biometric data -- fingerprints, palm prints, iris patterns, face shapes, scars, and even people's ways of walking and talking. The government claims that this will make it easier to identify criminals.
The Defense Department has already been using a database of fingerprints, irises, and faces of Iraqis and foreigners with access to U.S. military bases for the past 2 years. The Department of Homeland Security also has a database of fingerprints and has been performing iris scans at select airports. The FBI's venture is called "Next Generation Identification." It will basically be a one-stop shop for the government's identification needs. All sorts of biometric data will be held in one single database.
This is a touchy subject. On the one hand, it could be a good thing. I'm all for nailing criminals quickly and efficiently. Having such an advanced database of biometric data could also deter crime if criminals know that there is little chance they can get away with it. As the article stated, it would be useful for the military to identify terrorists from afar.
On the other hand, this database can be considered an invasion of privacy. According to one official, "A traveler may walk down an airport corridor and allow his face and iris images to be captured without ever stepping up to a kiosk and looking into a camera." Many people would see this as a "Big Brother" type of act and a severe invasion of privacy, like you're always being watched. However, an argument can be made that as long as you are an upstanding citizen, uninvolved in crime, you have no reason to fear such technology. The face- and iris-scanning is only meant to catch criminals who are walking among us.
An interesting point made in the article concerns data security. If someone steals your credit card, you can cancel it and get a new one with a new number. But with biometric data, you can't simply change it. A Silicon Valley technology forecaster brings up the point, "If someone steals and spoofs your iris image, you can't just get a new eyeball." There's also the fact that the identification technology hasn't been perfected and it is very possible to falsely identify people as criminals. If the government wants to implement this system, it has a lot more work to be done on it first.
Tuesday, February 19, 2008
This gives a whole new meaning to the word 'manicure'
Article: http://optics.org/cws/article/research/22612
Japan has done it again. Always ahead of the curve when it comes to emerging technology, Japanese scientists have developed a femtosecond laser system that can write data on to a human fingernail. An "optical microscope containing a filtered xenon arc lamp" is then used to read the data. It has only been tested on small pieces of fingernail, so now they are perfecting a system that will work effectively on a fingernail that is still attached to a finger.
This is a pretty cool technology. At the moment, I can only see it being used for identification purposes. Right now we use fingerprint readers, but maybe in a few years they will be swapped out for fingernail readers. This would be quite an upgrade in technology, because fingerprint readers are not nearly as advanced as their newer counterparts. A person's fingerprint must be stored in a database somewhere in order for the reader to recognize it. It looks in the database for a match and allows the person access based on what it finds in the database. But with this new fingernail technology, a database would actually be stored on the nail itself. The reader would simply read the identity stored on the fingernail, look up this person in the database, and determine access privileges.
In the more distant future, I can see everyone walking around with flash drives embedded in their fingernails. Hey, at least you would never have to worry about forgetting it at home. There are a couple of issues that need addressing, however. Are the lasers used with this new technology really safe to use on humans? And what about cost effectiveness...fingernails completely replace themselves every six months, which means someone who uses this technology on a regular basis has to have it redone every six months. It seems this could be pretty costly. Plus, it could just be another Big Brother technology used to invade people's privacy. But regardless, the idea that someone has developed a database technology so advanced is fascinating.
Japan has done it again. Always ahead of the curve when it comes to emerging technology, Japanese scientists have developed a femtosecond laser system that can write data on to a human fingernail. An "optical microscope containing a filtered xenon arc lamp" is then used to read the data. It has only been tested on small pieces of fingernail, so now they are perfecting a system that will work effectively on a fingernail that is still attached to a finger.
This is a pretty cool technology. At the moment, I can only see it being used for identification purposes. Right now we use fingerprint readers, but maybe in a few years they will be swapped out for fingernail readers. This would be quite an upgrade in technology, because fingerprint readers are not nearly as advanced as their newer counterparts. A person's fingerprint must be stored in a database somewhere in order for the reader to recognize it. It looks in the database for a match and allows the person access based on what it finds in the database. But with this new fingernail technology, a database would actually be stored on the nail itself. The reader would simply read the identity stored on the fingernail, look up this person in the database, and determine access privileges.
In the more distant future, I can see everyone walking around with flash drives embedded in their fingernails. Hey, at least you would never have to worry about forgetting it at home. There are a couple of issues that need addressing, however. Are the lasers used with this new technology really safe to use on humans? And what about cost effectiveness...fingernails completely replace themselves every six months, which means someone who uses this technology on a regular basis has to have it redone every six months. It seems this could be pretty costly. Plus, it could just be another Big Brother technology used to invade people's privacy. But regardless, the idea that someone has developed a database technology so advanced is fascinating.
Thursday, February 14, 2008
Like we really need more bad drivers in this world...
Article: http://www.navigadget.com/index.php/2007/05/16/gps-enabled-rear-view-mirrow-knows-where-speed-cameras-are/
Radar detectors are illegal in Virginia (and surprisingly, VA and D.C. are the only ones that outlaw them), but I'm sure that doesn't stop people from using them. The scary thing about them is that they can make it easier for people who drive bad anyway, to drive worse. And by bad I mean "in a life threatening manner." To make matters worse, now there is a GPS enabled rear-view mirror that checks your vehicle's position against a database of traffic cameras, so now bad drivers will know which lights are "safe" to run. You can connect it to a radar detector and be the ultimate road demon.
This has got to be one of the most unethical uses of a database. There are some good things about it, however. The database also stores known "accident black spots," areas where accidents frequently occur. When you approach one, the mirror warns you so you can be extra careful. The mirror also helps eliminate blind spots and is coated in a way that enhances night vision, two great safety features. But these safety features don't save the mirror from being classified as unethical or unsafe. The idea of a traffic camera is to deter red light-runners. Red light-runners cause thousands of accidents and deaths every year. But if a mirror can use a database of these cameras (which should not be publicly available) to warn a driver that they are approaching one and should therefore not attempt to run the light, traffic cameras are suddenly rendered useless. Drivers once deterred may now run red lights more often because they won't have to worry about being unexpectedly caught by cameras.
Just imagine if someone used this mirror along with a radar detector. Not only would they avoid being caught by safety cameras, they would also be able to speed without fear of being pulled over. All the dangerous drivers out there would feel invincible and drive even more dangerously. I imagine that Virginia will eventually outlaw these GPS mirrors...as for the other states, if they haven't outlawed radar detectors yet, I doubt they will outlaw the mirror -- the radar detector is more dangerous, in my opinion.
Radar detectors are illegal in Virginia (and surprisingly, VA and D.C. are the only ones that outlaw them), but I'm sure that doesn't stop people from using them. The scary thing about them is that they can make it easier for people who drive bad anyway, to drive worse. And by bad I mean "in a life threatening manner." To make matters worse, now there is a GPS enabled rear-view mirror that checks your vehicle's position against a database of traffic cameras, so now bad drivers will know which lights are "safe" to run. You can connect it to a radar detector and be the ultimate road demon.
This has got to be one of the most unethical uses of a database. There are some good things about it, however. The database also stores known "accident black spots," areas where accidents frequently occur. When you approach one, the mirror warns you so you can be extra careful. The mirror also helps eliminate blind spots and is coated in a way that enhances night vision, two great safety features. But these safety features don't save the mirror from being classified as unethical or unsafe. The idea of a traffic camera is to deter red light-runners. Red light-runners cause thousands of accidents and deaths every year. But if a mirror can use a database of these cameras (which should not be publicly available) to warn a driver that they are approaching one and should therefore not attempt to run the light, traffic cameras are suddenly rendered useless. Drivers once deterred may now run red lights more often because they won't have to worry about being unexpectedly caught by cameras.
Just imagine if someone used this mirror along with a radar detector. Not only would they avoid being caught by safety cameras, they would also be able to speed without fear of being pulled over. All the dangerous drivers out there would feel invincible and drive even more dangerously. I imagine that Virginia will eventually outlaw these GPS mirrors...as for the other states, if they haven't outlawed radar detectors yet, I doubt they will outlaw the mirror -- the radar detector is more dangerous, in my opinion.
Tuesday, February 12, 2008
Automated gas
Article: http://www.news.com/Dutch-unveil-robot-to-fill-car-gas-tank/2100-11394_3-6229060.html
The Dutch have created a robot called the "TankPitstop." It is a robotic arm attached to a gas pump that fills your gas tank the same way an attendant would, back in the day of full-service gas stations. In order for it to operate correctly, it uses sensors and a database that stores vehicle dimensions and contours, as well as gas cap designs and fuel types. It must register the car on arrival and match it to its database in order to fuel it.
This is quite an interesting application of a database. While the robot has sensors, they are useless if there is no database to match the sensor readings against. I imagine it works like this: the vehicle pulls up to the pump, and the robot first uses the sensors to determine the make, model, and year of the car so it can find it in the database. Then it determines what fuel type to use. Then it looks up the gas cap design. Finally, using the vehicle's stored dimensions and contours, it removes the gas cap and begins fueling the tank.
There are a few important issues to consider here. Even though the robot stores vehicle dimensions in the database so it can avoid scratching or dinging the car while fueling, there is always room for mistakes. I would be a little weary of letting it fuel the tank of my brand new BMW (this is a scenario in my very VERY distant future, ha) if there's a chance it could malfunction and put a bunch of dings and scratches on my new car.
Another big issue is with customized cars. Many people buy cars and customize them by adding body skits, spoilers, and the like. I would think that if one of these cars pulled up to a robotic gas pump, the sensors would not be able to find a match in the database due to the specs of the car being different from the registered factory specs. Even if it was able to detect it, there would be a bigger chance of the robotic arm scratching the back of the car during fueling due to the car's modifications. I guess these people would just have to make due with getting out of the car and fueling it themselves.
Gas is also becoming more and more expensive and our supply is diminishing quickly. Many experts say that we will run out of gas in as little as 10 years. If this is the case, would it really be economical to implement these costly robots at gas stations, only to become obsolete a few years later? I think not.
Technologically speaking, this is a neat idea...but I don't foresee it ever becoming widespread. Realistically speaking, are we really THAT busy or lazy that we can't even get out of our cars for 2 minutes to pump our own gas?
The Dutch have created a robot called the "TankPitstop." It is a robotic arm attached to a gas pump that fills your gas tank the same way an attendant would, back in the day of full-service gas stations. In order for it to operate correctly, it uses sensors and a database that stores vehicle dimensions and contours, as well as gas cap designs and fuel types. It must register the car on arrival and match it to its database in order to fuel it.
This is quite an interesting application of a database. While the robot has sensors, they are useless if there is no database to match the sensor readings against. I imagine it works like this: the vehicle pulls up to the pump, and the robot first uses the sensors to determine the make, model, and year of the car so it can find it in the database. Then it determines what fuel type to use. Then it looks up the gas cap design. Finally, using the vehicle's stored dimensions and contours, it removes the gas cap and begins fueling the tank.
There are a few important issues to consider here. Even though the robot stores vehicle dimensions in the database so it can avoid scratching or dinging the car while fueling, there is always room for mistakes. I would be a little weary of letting it fuel the tank of my brand new BMW (this is a scenario in my very VERY distant future, ha) if there's a chance it could malfunction and put a bunch of dings and scratches on my new car.
Another big issue is with customized cars. Many people buy cars and customize them by adding body skits, spoilers, and the like. I would think that if one of these cars pulled up to a robotic gas pump, the sensors would not be able to find a match in the database due to the specs of the car being different from the registered factory specs. Even if it was able to detect it, there would be a bigger chance of the robotic arm scratching the back of the car during fueling due to the car's modifications. I guess these people would just have to make due with getting out of the car and fueling it themselves.
Gas is also becoming more and more expensive and our supply is diminishing quickly. Many experts say that we will run out of gas in as little as 10 years. If this is the case, would it really be economical to implement these costly robots at gas stations, only to become obsolete a few years later? I think not.
Technologically speaking, this is a neat idea...but I don't foresee it ever becoming widespread. Realistically speaking, are we really THAT busy or lazy that we can't even get out of our cars for 2 minutes to pump our own gas?
Friday, February 8, 2008
Skyhook gives power to the people
Article: http://www.intomobile.com/2008/01/22/help-skyhook-map-wifi-hotspots-make-iphone-google-maps-my-location-more-accurate.html
Last week I did a journal entry based on Skyhook Wireless’ Wi-Fi-based navigation for the iPhone and iPod Touch. This week, I found another article pertaining to the same topic, but this article brings up a new discussion. Now, people now have the opportunity to help Skyhook add hotspots to their database by submitting their own data.
As I brought up before in my last article about Skyhook, Wi-Fi navigation is not as reliable as GPS navigation because it only works if you are located near a hotspot that is in the company’s database. While the company has mapped 70% of the country’s hotspots, that still leaves a lot of areas out of the loop. I experimented with the navigation feature on the iPod Touch that is on display at the Best Buy I work at. When I clicked the button to find my location, it found Best Buy’s hotspot right away…but when I tried getting directions from Best Buy to several different locations, including ODU, it came up with nothing. Obviously, the Hampton Roads area has not been sufficiently mapped. This is where the users come in – we can now send our own hotspot information to Skyhook so they can add it to their database, which in turn makes the service more accurate and usable.
It takes a little time to gather the information they need. You have to find the MAC address of your wireless access point, and you have to find the latitude and longitude of the street address where the access point is located. This requires a little tweaking in Google Maps.
As it stands now, you pretty much have to live in a big city like New York or Boston to get ideal use out of the Wi-Fi navigation feature. So this plan sounds like a great idea to make Wi-Fi navigation more accurate and useful to everybody. But it brings up the question of data integrity…if just anyone can submit hotspot data to the database, couldn’t they send false information? If many people sent incorrect data, the navigation service would be rendered useless. Hopefully Skyhook will not just blindly accept submissions. But on the other hand, I highly doubt they’ll be able to verify all submissions either. I’m curious to see how long this idea will carry on and how successful it will be.
Last week I did a journal entry based on Skyhook Wireless’ Wi-Fi-based navigation for the iPhone and iPod Touch. This week, I found another article pertaining to the same topic, but this article brings up a new discussion. Now, people now have the opportunity to help Skyhook add hotspots to their database by submitting their own data.
As I brought up before in my last article about Skyhook, Wi-Fi navigation is not as reliable as GPS navigation because it only works if you are located near a hotspot that is in the company’s database. While the company has mapped 70% of the country’s hotspots, that still leaves a lot of areas out of the loop. I experimented with the navigation feature on the iPod Touch that is on display at the Best Buy I work at. When I clicked the button to find my location, it found Best Buy’s hotspot right away…but when I tried getting directions from Best Buy to several different locations, including ODU, it came up with nothing. Obviously, the Hampton Roads area has not been sufficiently mapped. This is where the users come in – we can now send our own hotspot information to Skyhook so they can add it to their database, which in turn makes the service more accurate and usable.
It takes a little time to gather the information they need. You have to find the MAC address of your wireless access point, and you have to find the latitude and longitude of the street address where the access point is located. This requires a little tweaking in Google Maps.
As it stands now, you pretty much have to live in a big city like New York or Boston to get ideal use out of the Wi-Fi navigation feature. So this plan sounds like a great idea to make Wi-Fi navigation more accurate and useful to everybody. But it brings up the question of data integrity…if just anyone can submit hotspot data to the database, couldn’t they send false information? If many people sent incorrect data, the navigation service would be rendered useless. Hopefully Skyhook will not just blindly accept submissions. But on the other hand, I highly doubt they’ll be able to verify all submissions either. I’m curious to see how long this idea will carry on and how successful it will be.
Thursday, February 7, 2008
Oracle patches: more harm than good?
Article: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9057226&pageNumber=2
You would think that with all the security issues there are when it comes to the Internet and networks, everyone would want to keep their systems up-to-date with the latest security patches. I know I always install them, on both my PC and my Mac. But suprisingly, a survey has found that two-thirds of Oracle DBAs do not install any Oracle security patches--EVER--no matter how critical the update may be. Some of them are even explicitly told by the security department to install the patches, and they STILL don't do it. Why would DBAs not want to fix vulnerabilities in their databases? The first thing that came to my mind was, "Are they just being lazy?" Here are the reasons that the DBAs themselves give:
1. Fear of a negative outcome on the system as a whole
2. Some vendors do not certify Oracle patches to work with their applications
3. Updates have to be done in chronological order; you cannot install a new patch until you install the previous one
The first reason is plausible I suppose. In my Systems Design class, we learned about client-server systems. In these systems (especially two-tier systems), the applications are often programmed for that specific database. If any changes are made to the database structure, it can negatively affect application performance. To install a security patch, it would first need to be tested against the applications that use that database. In many organizations there are a large number of applications and databases, and testing the patch on all of them would take months and cause downtime. For most companies, downtime is not an option.
The second reason is also valid. If a vendor does not certify a patch to work with their application, they can deny the company technical support. It would be the equivalent of voiding the warranty on your new car stereo installation because when it started having problems later on, you let your friend try to fix it instead of taking your car back to the company who installed it.
The third reason really shouldn't have even been mentioned. It's true that you can't install a patch without installing the ones before it, so if you fall behind, you're stuck. But does that even matter in this case? The DBA wouldn't install the update anyway for the two reasons discussed above. If anything, citing this "reason" makes the surveyed DBAs seem lazy or slow. At least the other two make it seem like they've got reasonable cause to avoid security updates.
While I can understand why DBAs would want to avoid system complications and "voiding warranties", I do not feel it is ethical to bypass Oracle security updates. They are there for a reason. What if confidential data gets out due to a vulnerability that could have been fixed, had the DBA installed the patch? What if a system crash resulted from not installing a patch? I think that while installing these updates may be time consuming and inconvenient, they need to be done--period.
You would think that with all the security issues there are when it comes to the Internet and networks, everyone would want to keep their systems up-to-date with the latest security patches. I know I always install them, on both my PC and my Mac. But suprisingly, a survey has found that two-thirds of Oracle DBAs do not install any Oracle security patches--EVER--no matter how critical the update may be. Some of them are even explicitly told by the security department to install the patches, and they STILL don't do it. Why would DBAs not want to fix vulnerabilities in their databases? The first thing that came to my mind was, "Are they just being lazy?" Here are the reasons that the DBAs themselves give:
1. Fear of a negative outcome on the system as a whole
2. Some vendors do not certify Oracle patches to work with their applications
3. Updates have to be done in chronological order; you cannot install a new patch until you install the previous one
The first reason is plausible I suppose. In my Systems Design class, we learned about client-server systems. In these systems (especially two-tier systems), the applications are often programmed for that specific database. If any changes are made to the database structure, it can negatively affect application performance. To install a security patch, it would first need to be tested against the applications that use that database. In many organizations there are a large number of applications and databases, and testing the patch on all of them would take months and cause downtime. For most companies, downtime is not an option.
The second reason is also valid. If a vendor does not certify a patch to work with their application, they can deny the company technical support. It would be the equivalent of voiding the warranty on your new car stereo installation because when it started having problems later on, you let your friend try to fix it instead of taking your car back to the company who installed it.
The third reason really shouldn't have even been mentioned. It's true that you can't install a patch without installing the ones before it, so if you fall behind, you're stuck. But does that even matter in this case? The DBA wouldn't install the update anyway for the two reasons discussed above. If anything, citing this "reason" makes the surveyed DBAs seem lazy or slow. At least the other two make it seem like they've got reasonable cause to avoid security updates.
While I can understand why DBAs would want to avoid system complications and "voiding warranties", I do not feel it is ethical to bypass Oracle security updates. They are there for a reason. What if confidential data gets out due to a vulnerability that could have been fixed, had the DBA installed the patch? What if a system crash resulted from not installing a patch? I think that while installing these updates may be time consuming and inconvenient, they need to be done--period.
Wednesday, February 6, 2008
Myspace tries to save itself
Article: http://www.foxbusiness.com/markets/industries/media/article/myspace-launches-platform-developers_465016_15.html
The Myspace vs. Facebook war has been going on for some time now. I believe Facebook was around first, then Myspace came along and its popularity skyrocketed. Nowadays, however, Myspace is declining in popularity and Facebook seems to be taking over. I know many people who have accounts at both sites, and many that have deleted their Myspace altogether and switched to Facebook.
Some say this is partly due to Facebook's application feature that allows users to develop and share custom applications for use on their profiles. Applications range from quizzes (e.g. "Which celebrity are you most like?") to games (e.g. Oregon Trail) to personal databases of movies you've recently seen, which you can share with friends and review together.
Now Myspace is trying to get in on the action in attempts to gain back its market share. It has launched a platform for developers to create applications similar to those on Facebook.
Will applications save Myspace? Probably not. Myspace has gotten a bad rep for all the child abductions or harassment it has brought on, as well as annoying spam in mailboxes, hackers that steal users' passwords and leave malicious comments on their friends' pages, and malicious pages that put viruses on your computer. Facebook has not had much of a problem with any of these things. Myspace apps will also open the door for more security threats, as the apps are allowed access to your profile information. I could see a skilled hacker developing some application that looks innocent, but collects personal information from anyone who uses it. Or even worse, an application that allows the developer to hack into Myspace's database and steal even more confidential information.
I myself do not use many applications on Facebook. I find that they clutter your page when you have too many, which gets annoying. Also, many applications require you to forward a message to your friends (soliciting them to also sign up for the application) in order to "install" it on your page. Getting 10 of these requests per day in my Facebook mailbox gets rather annoying, and I usually end up rejecting all of them not because I'm uninterested in the app, but mostly because I'm annoyed by all the requests. It's technically not spam, since you can only receive them from your friends, but it's annoying nevertheless.
In my opinion, applications are not the real cause for Facebook's rising popularity and Myspace's gradual demise. I can't quite put my finger on a particular reason, maybe it's a combo of many things. All I know is, Myspace needs to do much more than this if it wants to win the war.
The Myspace vs. Facebook war has been going on for some time now. I believe Facebook was around first, then Myspace came along and its popularity skyrocketed. Nowadays, however, Myspace is declining in popularity and Facebook seems to be taking over. I know many people who have accounts at both sites, and many that have deleted their Myspace altogether and switched to Facebook.
Some say this is partly due to Facebook's application feature that allows users to develop and share custom applications for use on their profiles. Applications range from quizzes (e.g. "Which celebrity are you most like?") to games (e.g. Oregon Trail) to personal databases of movies you've recently seen, which you can share with friends and review together.
Now Myspace is trying to get in on the action in attempts to gain back its market share. It has launched a platform for developers to create applications similar to those on Facebook.
Will applications save Myspace? Probably not. Myspace has gotten a bad rep for all the child abductions or harassment it has brought on, as well as annoying spam in mailboxes, hackers that steal users' passwords and leave malicious comments on their friends' pages, and malicious pages that put viruses on your computer. Facebook has not had much of a problem with any of these things. Myspace apps will also open the door for more security threats, as the apps are allowed access to your profile information. I could see a skilled hacker developing some application that looks innocent, but collects personal information from anyone who uses it. Or even worse, an application that allows the developer to hack into Myspace's database and steal even more confidential information.
I myself do not use many applications on Facebook. I find that they clutter your page when you have too many, which gets annoying. Also, many applications require you to forward a message to your friends (soliciting them to also sign up for the application) in order to "install" it on your page. Getting 10 of these requests per day in my Facebook mailbox gets rather annoying, and I usually end up rejecting all of them not because I'm uninterested in the app, but mostly because I'm annoyed by all the requests. It's technically not spam, since you can only receive them from your friends, but it's annoying nevertheless.
In my opinion, applications are not the real cause for Facebook's rising popularity and Myspace's gradual demise. I can't quite put my finger on a particular reason, maybe it's a combo of many things. All I know is, Myspace needs to do much more than this if it wants to win the war.
Subscribe to:
Posts (Atom)
