This morning's news includes an item about Internet bank Cahoot, run by the Abbey. Internet banking is something I know a little about, and listening to Tim Sawyer, head of Cahoot, had alarm bells ringing.
A wonderful quote posted on the BBC has Tim saying "We did not fail as an organisation because there was no risk of financial loss...". I wonder if Cahoot customers agree? Or the Data Protection Act?
After my previous post I got a number of comments back, one pointing me at a company (allegedly) involved in this, and the term "Pollution Attack" which describes one of the two attacks I described in the previous post.
I also discovered this article about the structure of KaZaA which I found interesting. It also mentions pollution attacks and the use of published lists of known genuine files and their content hashes. This uses the Sig2Dat tool to generate a KaZaA hash for any file.
The success of un-restricted file-swapping services such as the original Napster and, more recently ED2K, Source Exchange, Kad and the odd other rely on two key points for their success. If the music industry really want to stop piracy it should be surprisingly easy...
The Effect of Sound Tools for Developers
When we want to develop sound software, you know the stuff when you see it, great interface, fast response, really solid, the importance of tooling people up correctly is beyond measure. We (Developers) all know that, but often development organisations find it difficult to argue the point and justify the tools they need.
Consider this (they're all real)...
In my current role I've been working on a number of framework style components that allow developers to focus on the specifics of the task in hand and, hopefully, ignore the generic and common plumbing and orchestration. One of the frameworks is a reporting framework, the other an exception handling framework. One of the things we've been trying to avoid is inheritance where other methods would be better, but type compatibility and inheritance of some functionality appears to be the best model for some of what we're doing at least. Which raised a big debate about Fragile Base Class problems*. Of course, one of the guys piped up with the Open/Closed Principle, but was trumped by a reference to Liskov's Substitution Principle and so the talking shop went on...
Ivan Moore and Rachel Davies are talking about Gumtion Traps again, which caused me to realise that every time I encounter a gumption trap in my work I start talking about them. It inevitably ends up as either:
a) the other party has heard about and undertsands Gumption Traps and we start listing our number one traps or
Back in 2001 I wrote about the differences of PKI and passwords after speaking at Secure Summit. Bruce Schneier talks about the situation in Internet Banking today, with most still using simple passwords.
This makes perfect sense because, still, certificates are vulnerable to theft and brute force attack.
Professionalism is defined by the dictionaries as the "expertness characteristic of a professional" or the "pursuit of an activity as an occupation". We often talk about the quality of what we do and measure the professionalism of our work against others - although we often use different terms the overall meaning is Alice's work is more professional than Bob's.
So in Software, what is professionalism about?
Testing Meme Propagation In Blogspace: Add Your Blog!. --
This posting is a community experiment that tests how a meme, represented by this blog posting, spreads across blogspace, physical space and time. It will help to show how ideas travel across blogs in space and time and how blogs are connected. It may also help to show which blogs are most influential in the propagation of memes. The dataset from this experiment will be public, and can be located via Google (or Technorati) by doing a search for the GUID for this meme (below).