Mobile in Maputo...
Wednesday, 1. April 2009, 15:46:58
I am in Maputo, Mozambique, in a W3C workshop about how the Mobile Web (in my mind the web in general) can help the developing world develop.
Interesting times...
Interesting times...
Posts tagged with "security"
Staying secure
Wednesday, 20. June 2007, 23:18:49
Security is an interesting area. Despite having published actual papers on security at real security conferences, I wouldn't class myself as an expert in the area. But I do think it is important, and very interesting. Occasionally I get in trouble for saying that "security on the Web is pretty primitive" or something like that - maybe I should write a bit more about why I think the Web doesn't have a very powerful security system one day, and why that isn't necesasrily a bug, but a feature request.
Still, it is nice to see when an improvement of some sort occurs anywhere in this area - and another one is on the way...
Still, it is nice to see when an improvement of some sort occurs anywhere in this area - and another one is on the way...
Flip sides...
Monday, 9. April 2007, 07:56:16
More books - half a dozen of them, taking me past the halfway mark. Religion, history, politics, fiction, psychology. Some of them I bought on purpose, some of them I would never have bought, and read because "they were there".
The good, the bad, and the really rather ugly (one of these books I would not buy on the prnciple that such authors should not be encouraged), some of the reviews are stretching out. Having accused an author of writing repetitive drivel, maybe I should spend more time editing these reviews - but here they are...
The good, the bad, and the really rather ugly (one of these books I would not buy on the prnciple that such authors should not be encouraged), some of the reviews are stretching out. Having accused an author of writing repetitive drivel, maybe I should spend more time editing these reviews - but here they are...
OzeWAI...
Wednesday, 7. December 2005, 06:58:51
Melbourne is a long way from Oslo. It's warm here (except yesterday when there were storms and it rained a lot).
I'm here for the OzeWAI accessibility conference, where I am speaking (and speaking and speaking). It's one of my favourite conferences - reasonably small, but well known in Australia with good speakers and a lot of very straight talk. In other places people go on about screen reader accessibility, which is, I have to admit, my number one priority for accessibility improvements but a very large piece of work. Here, people have been pointing out to me that most accessibility is not about screen readers, and Opera is already better than the alternatives for most other things. (I know, but I sometimes forget to rest on our laurels and look for the improvements we could be making. It's nice to be reminded though).
I sit in a conference room with real windows - if my talk gets boring people just look at the ducks on the pond outside. I go out into the sun, and talk to people.
Unfortunately Ben Buchanan couldn't come from Queensland (and here I am all the way from Oslo), so his paper was a "telepresentation". A disembodied voice and some slides. And he's not here to chat to. Worse, for me, is that the University hosting the event has apparently blocked off the IRC ports, so we are unable to log the thing live to the Web as we did last year. Blogs or nothing, I'm afraid.
So we can't have what we had last year - a question coming from Ottawa to a presenter who came from Toronto. Sadly there are some other people who were very keen to take part, and questions from New Guinea would have been interesting. Maybe tomorrow they will be less uptight about it.
I'm here for the OzeWAI accessibility conference, where I am speaking (and speaking and speaking). It's one of my favourite conferences - reasonably small, but well known in Australia with good speakers and a lot of very straight talk. In other places people go on about screen reader accessibility, which is, I have to admit, my number one priority for accessibility improvements but a very large piece of work. Here, people have been pointing out to me that most accessibility is not about screen readers, and Opera is already better than the alternatives for most other things. (I know, but I sometimes forget to rest on our laurels and look for the improvements we could be making. It's nice to be reminded though).
I sit in a conference room with real windows - if my talk gets boring people just look at the ducks on the pond outside. I go out into the sun, and talk to people.
Unfortunately Ben Buchanan couldn't come from Queensland (and here I am all the way from Oslo), so his paper was a "telepresentation". A disembodied voice and some slides. And he's not here to chat to. Worse, for me, is that the University hosting the event has apparently blocked off the IRC ports, so we are unable to log the thing live to the Web as we did last year. Blogs or nothing, I'm afraid.
So we can't have what we had last year - a question coming from Ottawa to a presenter who came from Toronto. Sadly there are some other people who were very keen to take part, and questions from New Guinea would have been interesting. Maybe tomorrow they will be less uptight about it.
Lost chalk and cheese delivers
Sunday, 27. November 2005, 16:50:21
I have lost my bag a couple of times recently in travelling. It happens, but the difference in circummstances was just incredible. In one case I was totally appalled, and in the other I was very impressed.
The first time was flying US Airways. I had been marked on their random selection of passengers to watch (you can see this on your boarding cards), so every time I went through security on that ticket I got the full extra treatment. Taken off to one side and checked super-"thoroughly" (unfortunately despite taking a lot more of my time they didn't actually do a very good job :-( ). The final part of the flight was meant to be Puerto Rico to Madrid via Philadelphia. Unfortunately the flight out of Puerto Rico was a couple of hours late. (Surprisingly, given the appallingly disorganised check-in system, they had the plane ready to depart almost on time. But then something held us on the tarmac for a couple of hours). The result was that I missed my Madrid flight, and had to spend a night in Philadelphia.
They offered a $10 voucher for food at a hotel, and accommodation in the hotel itself. Only problem was, there was nowhere to spend the $10 voucher at the hotel. So I simply didn't eat until the next day. $10 for a 20-hour layoer isn't really that great anyway, in a hotel where a coffee costs $4.
I looked up their site and discovered that while it is horribly unhelpful, the one thing they say is that they will reroute delayed passengers, if flights are available (read "cheaper than your original"). So the next morning I went to the airport. I was not able to do what I was returning to Europe for, and my next stop would have been Boston, so I asked to be re-routed directly. The first helpful person I dealt with in the entire journey did indeed manage to change my flight. At the last minute he even asked me if I had any baggage checked, which I did. He looked at my ticket and baggage check, but I had already been told that getting my bag out of the container was a process of manually looking for it that the airline would prefer not to do.
When I arrived in Boston, my luggage had indeed not made it. The people at the luggage desk said that it was possible it hadn't been taken off the flight.
The security implications of that are quite a worry. A passenger who is marked down for extra surveillance changes route, to avoid catching a trans-atlantic flight. But their luggage is simply left on the plane. This is, as far as I know, illegal. It is certainly a fundamental failure of security process, at the most basic level. Disrespect for passengers, safety, the airline itself, and the security regulations that have supposedly been strengthened since US Airways was chosen as a target airline on 11 september 2001 (presumably because at that time they were not very good at security) on this scale was, to me, incomprehensible.
My bag was last heard of in Madrid. It definitely did arrive there. The next thing that US Airways told me was that the bag was lost. They asked me for an address to send a claim form, and offered me a toothbrush and some soap. They did not actually have a form at the lost luggage office that I could fill in, or so they claimed. Given the apparent aversion to providing any other kind of helpful service, I actually believed them.
That was apparently the entirety of their efforts to retrieve the bag. I have received no further compensation, they do not know where my bag is, they have not contacted me, and they apparently do not even have a system that I can use to contact them from outside the US. They took an amazingly bad decision through pure laziness (they had 8 hours from when I changed flights to when the plane that would fly ot Madrid arrived - the first time they could start loading it), swept it under the carpet along with the things I needed, and have seemingly decided to pretend it never happened. Meanwhile I was left in Boston in February, in a blizzard, with nothing but the clothes I had on the plane, and a toothbrush. 0 points out of 10 for efficiency, service, security.
A total failure on every level is hard to achieve - it requires a culture where virtually nobody cares about what they are doing. Which makes me wonder if it extends to things like aircraft maintenenance and safety training - other airlines have been known to simply not do maintenance in tight economic circumstances. Either way, I do not want to be relying on US Airways for anything again.
Recently I flew to North Carolina, from Oslo. It was one of those trips with two dfferent tickets. I flew SAS Oslo-Copenhagen-New York, and then I had a short time to clear customs, change terminals and check in to a different airline for another flight.
My flight out of Oslo was delayed about 15 minutes, which meant I had to go directly to the second flight, arriving as one of the last passengers after they had announced the flight was closed. On arrival at New York I was called over the Public Address, and informed that my luggage hadn't arrived. They asked me to go to the Luggage desk when I celared customs, which I did. (I have never seen this before - my previous experiences have always been that when it didn't turn up I had to wait half an hour to check, then go to the desk myself).
I was shocked by their courtesy and professionalism. After the US airways experience I am less than normally easygoing about my luggage, and I have lower expectations. But with no prompting they gave me enough cash to cover my immediate needs, asked me where I owuld be staying and where I lived normally, for a temporary and a permanent phone number (US Airways were not even capable of reccording a non-US number), and checked when and where I would be going next in the unlikely event they couldn't deliver my luggage in the next 3 days.
The efficiency was amazing. I had plenty of time to make the connection, I had cash in my pocket, I had an overnight kit (T-shirt, proper toiletries), they had been incredibly polite, helpful and proactive, and I had a website address where I could track my baggage.
Since I was flying to a different city, I expected it would take a while to get my bag. I was called at 9pm, and happened not to be where I was staying, so the delivery driver offered to come back later. He had trouble finding the place, had trouble getting hold of me, but he made the effort and my bag was delivered sometime after 1 am, with all the courtesy and efficiency that one expects at 10am on a quiet day.
SAS, thank you. Missing a tight connection can occur. Knowing that I would be waiting for my bag, ensuring that I could promptly get on with what I was doing, and that I got it as soon as possible, is a credit to the organisation and to the actual people involved. I have forgotten the names of the people at US Airways who were so useless. I don't know the names of the people who were so helpful and courteous at SAS, but to each annd every one of you, many thanks. It is a little extra effort that minimised the incovenience to a pleasant experience.
The first time was flying US Airways. I had been marked on their random selection of passengers to watch (you can see this on your boarding cards), so every time I went through security on that ticket I got the full extra treatment. Taken off to one side and checked super-"thoroughly" (unfortunately despite taking a lot more of my time they didn't actually do a very good job :-( ). The final part of the flight was meant to be Puerto Rico to Madrid via Philadelphia. Unfortunately the flight out of Puerto Rico was a couple of hours late. (Surprisingly, given the appallingly disorganised check-in system, they had the plane ready to depart almost on time. But then something held us on the tarmac for a couple of hours). The result was that I missed my Madrid flight, and had to spend a night in Philadelphia.
They offered a $10 voucher for food at a hotel, and accommodation in the hotel itself. Only problem was, there was nowhere to spend the $10 voucher at the hotel. So I simply didn't eat until the next day. $10 for a 20-hour layoer isn't really that great anyway, in a hotel where a coffee costs $4.
I looked up their site and discovered that while it is horribly unhelpful, the one thing they say is that they will reroute delayed passengers, if flights are available (read "cheaper than your original"). So the next morning I went to the airport. I was not able to do what I was returning to Europe for, and my next stop would have been Boston, so I asked to be re-routed directly. The first helpful person I dealt with in the entire journey did indeed manage to change my flight. At the last minute he even asked me if I had any baggage checked, which I did. He looked at my ticket and baggage check, but I had already been told that getting my bag out of the container was a process of manually looking for it that the airline would prefer not to do.
When I arrived in Boston, my luggage had indeed not made it. The people at the luggage desk said that it was possible it hadn't been taken off the flight.
The security implications of that are quite a worry. A passenger who is marked down for extra surveillance changes route, to avoid catching a trans-atlantic flight. But their luggage is simply left on the plane. This is, as far as I know, illegal. It is certainly a fundamental failure of security process, at the most basic level. Disrespect for passengers, safety, the airline itself, and the security regulations that have supposedly been strengthened since US Airways was chosen as a target airline on 11 september 2001 (presumably because at that time they were not very good at security) on this scale was, to me, incomprehensible.
My bag was last heard of in Madrid. It definitely did arrive there. The next thing that US Airways told me was that the bag was lost. They asked me for an address to send a claim form, and offered me a toothbrush and some soap. They did not actually have a form at the lost luggage office that I could fill in, or so they claimed. Given the apparent aversion to providing any other kind of helpful service, I actually believed them.
That was apparently the entirety of their efforts to retrieve the bag. I have received no further compensation, they do not know where my bag is, they have not contacted me, and they apparently do not even have a system that I can use to contact them from outside the US. They took an amazingly bad decision through pure laziness (they had 8 hours from when I changed flights to when the plane that would fly ot Madrid arrived - the first time they could start loading it), swept it under the carpet along with the things I needed, and have seemingly decided to pretend it never happened. Meanwhile I was left in Boston in February, in a blizzard, with nothing but the clothes I had on the plane, and a toothbrush. 0 points out of 10 for efficiency, service, security.
A total failure on every level is hard to achieve - it requires a culture where virtually nobody cares about what they are doing. Which makes me wonder if it extends to things like aircraft maintenenance and safety training - other airlines have been known to simply not do maintenance in tight economic circumstances. Either way, I do not want to be relying on US Airways for anything again.
Recently I flew to North Carolina, from Oslo. It was one of those trips with two dfferent tickets. I flew SAS Oslo-Copenhagen-New York, and then I had a short time to clear customs, change terminals and check in to a different airline for another flight.
My flight out of Oslo was delayed about 15 minutes, which meant I had to go directly to the second flight, arriving as one of the last passengers after they had announced the flight was closed. On arrival at New York I was called over the Public Address, and informed that my luggage hadn't arrived. They asked me to go to the Luggage desk when I celared customs, which I did. (I have never seen this before - my previous experiences have always been that when it didn't turn up I had to wait half an hour to check, then go to the desk myself).
I was shocked by their courtesy and professionalism. After the US airways experience I am less than normally easygoing about my luggage, and I have lower expectations. But with no prompting they gave me enough cash to cover my immediate needs, asked me where I owuld be staying and where I lived normally, for a temporary and a permanent phone number (US Airways were not even capable of reccording a non-US number), and checked when and where I would be going next in the unlikely event they couldn't deliver my luggage in the next 3 days.
The efficiency was amazing. I had plenty of time to make the connection, I had cash in my pocket, I had an overnight kit (T-shirt, proper toiletries), they had been incredibly polite, helpful and proactive, and I had a website address where I could track my baggage.
Since I was flying to a different city, I expected it would take a while to get my bag. I was called at 9pm, and happened not to be where I was staying, so the delivery driver offered to come back later. He had trouble finding the place, had trouble getting hold of me, but he made the effort and my bag was delivered sometime after 1 am, with all the courtesy and efficiency that one expects at 10am on a quiet day.
SAS, thank you. Missing a tight connection can occur. Knowing that I would be waiting for my bag, ensuring that I could promptly get on with what I was doing, and that I got it as soon as possible, is a credit to the organisation and to the actual people involved. I have forgotten the names of the people at US Airways who were so useless. I don't know the names of the people who were so helpful and courteous at SAS, but to each annd every one of you, many thanks. It is a little extra effort that minimised the incovenience to a pleasant experience.
Security Blankets
Tuesday, 22. November 2005, 22:56:46
Note: My security work has mostly been in dealing with service architectures and intrusion detection (and partly in bars, which is surprisingly similar in most of the basic concepts and approaches). I haven't got a monopoly on making mistakes, so I intend to revisit and edit this any time I learn something should be changed... (Also, it's not really necessary to be a heavy security and web geek to understand the ideas in here, I hope. Whether that makes them intreresting or not is another question).
Security on the Web is pretty important. At Opera we work hard on in, and according to Secunia (who watch over this area pretty carefully we are normally better than either Internet Explorer or Mozilla/Firefox at not exposing ourselves to new attacks, and at fixing problems fast and effectively.
The early Web didn't really address security - it left it to a seperate layer (primarily SSL - the https URIs that you often see are the most obvious example) that was developed as the need arose, and could be put in place because of the clean seperation of layers. For many years the US government stopped this being available to the whole world, but as newer and better systems became available they could be dropped into place. This seperation of layers is an important theoretical principle, with some practical benefits - you can be surer of your security when it is not bound up with every other function that you are developing, and testing is more straightforward.
As the Web has become more complex and dynamic, to offer more useful services, new types of security requirement have appeared. When pages were static, or had a simple form that could talk to the server that gave it to you, SSL was fine. "XSS" (cross site scripting) actually appeared with forms that would pretend to be one site but were really talking to another, giving, say, your address and phone number to badguys.com instead of to niceFolks.org. Technologies like Frames and Javascript, as well as offering new possibilities, made it easier for a site to pretend to be something else, and even to use a real site as a kind of "trojan horse" to fool the user into trusting it.
At the same time users have learned more about how the Web works, and browsers have developed ways of helping them check that they are not being tricked. The little yellow bit in the Opera address bar tells you who owns the site you are connected to, and how good the security is (on a scale of 0 to 3). Browsers also block the most obviously dangerous cross-site access. In general, a script from dodgyDevelop.com cannot access your information on myBank.com unless the site itself has a copy of the script that it delivers because it trusts it. When these blocks are not in place you can get the kind of problems Jim Ley has noted recently in development projects.
(Development is like this - the trick is to release a service in a way that doesn't expose other risks by getting the layers right. One of the common processes is to use expert crackers to find bugs before releasing software - this is standard QA. In the Open Source world, the theory is that so many people look at the work that problems are picked up and solved. In some cases this works well, in others not, according to the actual results).
Although this security approach is helping to keep us from being caught out by a malicious attack, it comes at a price. The idea of the Web is that you can use a service you find. Of course you need to know, when anyone in the world can offer a service, whether you can trust it. This is not new to the Web. Most people are already wary about b eing offered millions of dollars by someone they don't know who says they were stolen in a far-off country, and many are wary of giving money to people who claim to be collecting for some good cause, but can't show who they are. Trust networks are things people have in the real world, but interfaces and systems for building them on the Web are not yet mainstream, and are not necessarily simple to create at the moment. So we live with the cross-site restrictions as a simple answer, winning something and losing something.
In accessibility, I have had a long-running discussion with my good friend John Foliot about how to deal with making keyboard access better for people who need it. A key disagreement we have is on whether it is better to get rid of existing content along with broken implementations, or whether we should take an architecture that is clearly flawed, and adapt it in ways that let us keep using the existing web, at the price of taking longer to work towards the system we would like. In that case I believe that the value of the existing Web is high, and we should keep it, since we can minimise the practical cost.
In this case, the security model is not yet built into the specifications that describe how the services themselves can be built. It seems to me that we are better keeping it out - making sure that we can change the model we have now for a better one (both in actual security and in minising the downsides of the implementation) as soon as it is readily available. The idea of writing the security model we should be using into the specifications for the formats we use strikes me as wrong on two levels.
In other words, I am worried that we are giving ourselves the relatively comforting protection of a security blanket instead of growing up and thinking about real security as adults who decide for themselves what to trust.
Comments are actively sought here. This is complex stuff, and more brains working on it is a good thing IMHO.
Security on the Web is pretty important. At Opera we work hard on in, and according to Secunia (who watch over this area pretty carefully we are normally better than either Internet Explorer or Mozilla/Firefox at not exposing ourselves to new attacks, and at fixing problems fast and effectively.
The early Web didn't really address security - it left it to a seperate layer (primarily SSL - the https URIs that you often see are the most obvious example) that was developed as the need arose, and could be put in place because of the clean seperation of layers. For many years the US government stopped this being available to the whole world, but as newer and better systems became available they could be dropped into place. This seperation of layers is an important theoretical principle, with some practical benefits - you can be surer of your security when it is not bound up with every other function that you are developing, and testing is more straightforward.
As the Web has become more complex and dynamic, to offer more useful services, new types of security requirement have appeared. When pages were static, or had a simple form that could talk to the server that gave it to you, SSL was fine. "XSS" (cross site scripting) actually appeared with forms that would pretend to be one site but were really talking to another, giving, say, your address and phone number to badguys.com instead of to niceFolks.org. Technologies like Frames and Javascript, as well as offering new possibilities, made it easier for a site to pretend to be something else, and even to use a real site as a kind of "trojan horse" to fool the user into trusting it.
At the same time users have learned more about how the Web works, and browsers have developed ways of helping them check that they are not being tricked. The little yellow bit in the Opera address bar tells you who owns the site you are connected to, and how good the security is (on a scale of 0 to 3). Browsers also block the most obviously dangerous cross-site access. In general, a script from dodgyDevelop.com cannot access your information on myBank.com unless the site itself has a copy of the script that it delivers because it trusts it. When these blocks are not in place you can get the kind of problems Jim Ley has noted recently in development projects.
(Development is like this - the trick is to release a service in a way that doesn't expose other risks by getting the layers right. One of the common processes is to use expert crackers to find bugs before releasing software - this is standard QA. In the Open Source world, the theory is that so many people look at the work that problems are picked up and solved. In some cases this works well, in others not, according to the actual results).
Although this security approach is helping to keep us from being caught out by a malicious attack, it comes at a price. The idea of the Web is that you can use a service you find. Of course you need to know, when anyone in the world can offer a service, whether you can trust it. This is not new to the Web. Most people are already wary about b eing offered millions of dollars by someone they don't know who says they were stolen in a far-off country, and many are wary of giving money to people who claim to be collecting for some good cause, but can't show who they are. Trust networks are things people have in the real world, but interfaces and systems for building them on the Web are not yet mainstream, and are not necessarily simple to create at the moment. So we live with the cross-site restrictions as a simple answer, winning something and losing something.
In accessibility, I have had a long-running discussion with my good friend John Foliot about how to deal with making keyboard access better for people who need it. A key disagreement we have is on whether it is better to get rid of existing content along with broken implementations, or whether we should take an architecture that is clearly flawed, and adapt it in ways that let us keep using the existing web, at the price of taking longer to work towards the system we would like. In that case I believe that the value of the existing Web is high, and we should keep it, since we can minimise the practical cost.
In this case, the security model is not yet built into the specifications that describe how the services themselves can be built. It seems to me that we are better keeping it out - making sure that we can change the model we have now for a better one (both in actual security and in minising the downsides of the implementation) as soon as it is readily available. The idea of writing the security model we should be using into the specifications for the formats we use strikes me as wrong on two levels.
- Using a new format specification will mean copying the security information into that specification. This seems like a bad approach
- More seriously, it makes it harder to replace the model with a better one, since it needs to be teased out of the specification, and in the worst case replaced with a new set of specifications, something that takes a very long time to put in place.
In other words, I am worried that we are giving ourselves the relatively comforting protection of a security blanket instead of growing up and thinking about real security as adults who decide for themselves what to trust.
Comments are actively sought here. This is complex stuff, and more brains working on it is a good thing IMHO.
Latest blog posts
Tags
Widgets and things
-
A fly!
It's silly, it's simple, it's gross, and it's cool
-
Widget Bits
Dumb demos of simple things widgets can do.
Try a faster and more secure Web browser. Download Opera
Charles McCathieNevile is blogging on My Opera
My Opera is a blog and photo sharing community with millions of members.
Join now to follow Charles McCathieNevile's blog and get your own.
WIDGETIZEHelp | Disclaimer | Terms of service | Web analytics powered by HitsLink
