Disqus

It seems everyone is talking about disqus these days so I have added it to my blog.

Updated Digg stats

There is a new article on ReadWriteWeb now featuring updated Digg graphs that I gave them, "The Decline and Fall of Tech on Digg". (If you have just come from there please check out friendbinder)

phpMyAdmin 2.11.5 / PMASA-2008-1

phpMyAdmin 2.11.5 has been released today which contains the fix to a security bug I reported, details are in the security announcement.

More Digg stats

As a follow up to my last entry, Tech stories percentage dropping on Digg", I thought I would do some more digg stats.
First up is the digg stories by number of popular stories rather than percentages:I also looked at what Technology is made up of. It perhaps not surprising that a lot of the news is about Apple (dark blue) or Linux (light blue), with the generic "Industry News" making up the majority:
and here is the same data by percentage:
I wanted to get some of the data for submissions though it seems I can't get data from the API for that from before the 30th December, last year.

Tech stories percentage dropping on Digg

There was a story on Mashable today about the number of tech stories on Digg dropping, though the method they used was by looking at wayback machine results. However since Digg have all this information available in their API, we can get a much more accurate picture of what has happened. So here is a graph of the percentage of stories in each 'Container'. Each data point is for a full week of stories, so this should cover every story since the 1st of January 2006 until the 3rd of February 2008. (click on the image to view it full size)

Loss of 25m child benefit records

I couldn't quite believe it when I heard that HM Revenue and Customs have 'lost' 25 million child benefit records. It does seem that the data was password protected, but that presumably means something like a zip file or MS Excel password, then this is akin to losing a suit case with millions of pounds in it and then mentioning it had one of those tiny suit case padlocks on it.

It should be clear to any organization, that handles this kind of data, especially in this volume, that security is of paramount importance. Here some the security measures I think should have been in place and would have prevented this from happening:

• No one should be able to download large portions of the data without special procedures for data security being enforced (say more than 1,000 records)
• Any data that is transfered should be encrypted with strong cryptography. The key(s) to this encryption should be sent separately to the data and only after the data is acknowledged to arrived safely.
• All data of this type should be sent by a secure transportation company such as Securicor.
• If at all possible the data should never leave the secure site where it is normally resident
  
• If anyone requests data the bare minimum that they require should be provided with no extra fields.
• Anyone who goes anywhere near this kind of data should be given comprehensive security training.
  

Even if all but one of these measures were to fail, this breach would still not have happened.

The sad fact is that any security professional or group should have been able to tell them this (and whole lot more for other scenarios), but for some reason HM Revenue and Customs didn't take this type of advice or maybe didn't implement it properly.

Before this story surfaced I had already been very skeptical of the ID cards project. It would be very hard to keep this data safe. If the data were ever lost it would be a lot more serious than what has been lost in this case, both in the number of people and the amount of data about each person. I am now even more skeptical since it seems the government can't even handle quite basic data security concepts like the ones I have outlined.

What is Oracle's Linux strategy?

On the 25th of October 2006 Oracle announced it's 'Oracle Enterprise Linux' program, which essentially takes RedHat's work from RedHat Enterprise Linux and recompiles it to make Oracle Enterprise Linux. This has of course been done before and is perfectly legal. It has been done before for free in the form of CentOS and others. Oracle's main selling point seemed to be a reduction in support costs, though many people pointed out that at the time, this is small potatoes compared to Oracle's massive costs (Enterprise Edition costs $40,000 per CPU), so what was the point?

Recently Mark Shuttleworth was quoted as saying "They are hiring too many people just to deliver patches. My assumption is that they are on track to fork and build their own distribution." Now you have to wonder if they really want to get into distribution race to compete with RedHat and Novell (the most established enterprise players).

Oracle don't have much experience selling operating systems, so, what I think they are doing instead is creating a platform that the Oracle Database and other applications can run on.

I imagine most big companies have local staff that know Oracle and they put it on whatever machines they normally use for that type of thing be that Linux, Solaris, Windows or something else. These companies then have all the staff and infrastructure to maintain it.

In smaller companies, what they do seems less clear to me, they might not have a full time Oracle person or even a systems person. Given these types of failings they might go with something they think they can handle such as Microsoft's SQL server or MySQL.

As an alternative in these smaller companies Oracle could provide a complete software stack with a configured OS, Oracle and management facilities. Oracle could then maintain this system remotely (for a fee) for the company. The advantage of this approach is that Oracle can push their products to anyone who can afford them regardless of what local staffing they have.

The other problem they would avoid with this approach is, trying to get fixes against MS Windows. With Linux they know they can develop a fix in house and push it directly to the customer, if they need to, but with Windows they need to wait on Microsoft to provide a fix which probably takes a long time. Also Microsoft competes with them in the same market so they have no reason to co-operate particularly well. This would not be problem if these small companies were using Linux, but it seems a lot of small businesses use Windows exclusively. If Oracle provides and manages the Linux box, then it can sell to these companies that would otherwise be using Windows, as all the customer needs to know is that it is the Oracle Box and Oracle will fix it if it breaks.

Vertical integration is the term for this I think.