web comments edit

I regularly read various IT-related newsletters published by Lockergnome. Normally I’d recommend them as a great place for both newbies and experienced folks alike to keep abreast of technology and trends.

Unfortunately, since they’ve changed their site and the way they generate their content, their editorial ability seems to be lacking. I just read the January 8 issue of the IT Professional newsletter and found an article someone submitted regarding computer and network security (SECURITY: Feasibility Of Standards).

The writer pretty much makes blanket statements about how cookies are bad and JavaScript is bad and Java is bad… and it irritates me that stuff like that gets published in a spot where newbies read it and then get the idea that security means being paranoid and disabling the technology rather than educating themselves.

I tried to write in to the author of the article, but his mail server seems to be down (or he provided a bad email address on his web site). So I wrote in to the content editor (or supposed content editor) of the newsletter.

Below is what I sent him: Just read Howie’s column on security in Lockergnome. For the most part I agree with everything he put forth - very good points on all but two topics: cookies and javascript. (I’d have sent this directly to Howie, but his mail serve seems to be down.)

So we’re on the same page, let me paste in what I read him as saying:

1) Is Your Browser Set To Allow Cookies? Why? Well, gee, if I go to this game site, they automatically plug in my username and password. Very nice. I hope you know better than to believe that cookies only do this! There ARE good cookies, and most of them are time savers. But most are either nothing special or downright miserable!

2) Is Javascript and/or Java enabled on your browser? Do you randomly surf the Web? Would you ever know if a script or java program was executing or implanting garbage on your PC?

Yeah, eventually. When you need to reboot and strange things start to happen!

The web has become a much more accessible platform for application development and delivery than it was even a few years ago. Being a web developer by trade for almost 8 years now (and an application developer for much longer than that), I’ve followed these developments with eagerness and anticipation of the next huge development to come around (and when it does, making use of it).

Unfortunately, what I’ve found is that there seem to be two types of people when it comes to the web being an application platform: the paranoid, who seem to sow fear, uncertainty, and doubt when it comes to the web; and the open-minded, who are probably a bit too liberal when it comes to how they work within the web. I’ll admit I tend toward the liberal side, and normally I let things like this slide by, but when someone makes pretty bold statements like this in a forum like Lockergnome that newbies trust, I have to take issue. Let’s look at each of the statements in turn.

Cookies:

Howie says that most cookies are “nothing special or downright miserable.” He also gives the impression (though it’s not directly said) that all the good cookies do is fill in your name on a form. I know that he, with the experience he claims on his PuterGeek site, is smarter than that, but the newbies out there reading your stuff don’t have a context like the more experienced folks. Cookies, in many cases nowadays, are what make web applications function - period. Due to the stateless nature of the web, many times you can’t write a robust application without assuming there be some sort of state maintenance. Can you get around that? Sometimes, using hidden form fields and so on. What about disconnected or mobile users? Gets more tricky.

He also makes the statement that he “hope [the reader] know[s] better than to believe cookies only” fill in forms. Sure they do. In the context of his statement, though, he makes it sound like they primarily have malicious abilities beyond the filling-in-of-forms. That’s a problem, especially when you start reaching audiences like less-than-educated network admins (like I had at a company I used to work for) who start filtering cookies out at the proxy level because they believe they’re huge security risks.

I guess my thoughts are when talking about security and cookies, it’s necessary to tell people that cookies may potentially be used to TRACK you, but they can’t siphon information out of your computer like your name or email address. They can’t steal anything that you didn’t provide in the first place. I still talk to users who think cookies can magically figure out your credit card information. Reading a statement like his, implying that cookies should probably be disabled entirely, only contributes to that mindset, and I think that’s not such a Good Thing.

Javascript:

This is another of those things where the newbie, I feel, is going to read this as “all Javascript or Java is bad.” There are actually many commercial web-based applications (Microsoft SharePoint Portal Server or Windows SharePoint Services are two I can think of off hand) that simply won’t function unless you have Javascript enabled. For the Windows-based users, that’s why there are “security zones” - so you can define who you trust and who you don’t, and what you trust each person to run on your computer. A blanket statement like you’ll only know if Java or Javascript is running “when you need to reboot and strange things start to happen” is a FUD statement if I’ve ever read one. Are there malicious script kiddies out there? Sure. Are there more constructive ways to warn people about configuring security on their browser? You bet.

I’m sorry if I seem to have run off at the virtual mouth here. I just find that, as I develop applications of my own and support both customers internal and external to my company, I run into people who call me up and complain that applications aren’t as “dynamic” or “functional” as they could be (or USED to be) and it always turns out they read an article like this and decided it was a great idea to disable scripting, cookies, and any other dynamic behaviors. I don’t think disabling the technology entirely is the key - I think it’s knowing who to trust and working accordingly. And that’s the point I feel was missing from the whole thing.

Thanks for your time, -T

General Ramblings comments edit

Cabin fever has officially set in (seems I’m not the only one - Greg’s had it, too). I’m working at home - again - and not having set foot outside the apartment for the fourth day in a row is working its desctruction on me. Jenn was able to make it to the corner store last night - barely - to get us some food, but the store was entirely out of eggs and almost out of milk, so they’re screwed, too, being without stock.

Overnight everything iced up again and while I feel like I should just go into work for the social bit of it, I’m sitting in my dining room right now watching someone who’s stuck in the apartment complex parking lot spinning their wheels on the ice… no thanks. They’re not even running busses around here. No way can I make it to work.

I’ve added a new category - Geek Moments - to start handling the tech-related postings I have. I’ve already posted one today about the new features in ASP.NET. Woohoo!

Well, I should actually get some work done. Some time around midday I’m going to call Comcast and get my damn cable modem thing going. I can’t be having this dial up thing anymore.

personal comments edit

This is my third day in a row that I’ve been stuck working from home over a 56kbps dial-up connection and a software VPN. This sucks ASS. I’ve figured out that if I work entirely over Remote Desktop, then it cuts down on my bandwidth problem - just RD into my workstation at work and then let the bandwidth there do the walking - but working in 256 colors (to conserver bandwidth on my end) and waiting for connections to establish is seriously killing me. I used to justify not getting a cable modem because we never got online at home due to our computer being too slow. Now that I’ve got a faster computer we seem to be on it (and online) a lot more often.

In fact, I just finished with an IM chat with my boss (and good friend, Greg) who provided a few helpful recommendations, and I just bought me a Linksys WRT54G Wireless-G Router so I can network the cable modem service when I get it. He knows how to do that (and secure it) and will help me out. Plus, at Amazon it was like $17 cheaper than everywhere else, and had an additional $10 rebate. Ordering it through my own site, I will get a 5% kickback on my own purchase, and using my Yahoo! Visa card, I’ll get 1% back there. So, like, a great deal. Now all I have to do is call Comcast.

Jenn is stuck at home today, too, which really sucks since she’s not getting paid and can’t work from home. No good a-tall.

I’m starting to get stir-crazy. I haven’t been outside the apartment in three days and I need to go somewhere. I don’t know how my grandparents do it - just sitting around their apartment day after day, never really going anywhere or doing anything.

In other sort-of-work-related-news, I’ve almost finished writing a web part for SharePoint Portal Server 2003 and/or Windows SharePoint Services that will allow users to display RSS feeds in a templated fashion. I was looking at using Tim Heuer’s RSS Feed Reader web part, but our requirements (i.e., my company’s requirements) necessitated a few additional configuration abilities, so I ended up writing my own. I think when I’ve got it up and running, I may open a GotDotNet workspace for it and release the source code. Maybe let the open source thing do a little work for me - have people contribute to it or at least provide ideas for enhancements. Might be fun.

Now that I’m thinking about it, I should probably split it off into its own assembly. (I have other web parts in the same assembly right now.) If that doesn’t make any sense to you, don’t worry about it.

Reading over what I’ve written so far, I realize that this is the sort of thing that goes through my head a lot of the time - how to program or configure things, how to solve problems in code, etc. - and that further makes me realize that some (perhaps many) of the people coming in here aren’t going to understand what any of that means or why it’s “cool.” Or, at least, cool to me. I think I’ve written about that before - that some of my geek-out moments are less accessible than my general ramblings. Huh. Maybe I should start a second blog for my geekiness, or at least add a new category like “Geek Moments” or something where I can blast out crap that folks other than me don’t care about. Something to chew on.

In the meantime, I should probably get to work. I’ve gotta write some documentation for my RSS Reader web part and ping Microsoft Developer Support for some code they’re supposed to have provided me but didn’t. Or, more accurately, code they did provide me with that didn’t fulfill the requirements I gave them. Plus I need some additional caffeine in my bloodstream. I’m draggin’ this morning.

media, music comments edit

I finished copying all of my CDs into AAC (MP4) format. The grand total:

7357 tracks 21.3 days 55.62 GB

That’s a lot of stuff!