Friday Summary: October 8, 2010By Adrian Lane
Chris Pepper was kind enough to forward this interview with James Gosling on the Basement Coders blog earlier in the week. I seldom laugh out loud when reading blogs, but his “Java, Just Free It” & “Set Java Free” t-shirts that were pissing off Oracle got me going. And the “Google is kind of a funny company because a lot of them have this peace love and happiness version of evil” quote had me rolling on the floor. In fact I found the entire article entertaining, so I recommend reading it all the way through if you have a chance. James Gosling is an interesting guy, and for someone I have never met, he has had more impact on my career than any other person on the planet.
Around Christmas 1995 I downloaded the Java white paper. At the time I was a porting engineer for Oracle, so my job was to get Oracle and Oracle apps to run on different flavors of Unix. The paper hit me like a ton of bricks. It was the first time I had seen a really good object model, one which could allow good object oriented techniques. But most importantly, being a porting engineer, Java code could run anywhere without the need to be ported. The writing was on the wall that my particular skill set would be decreasing in value every day from then on. As soon as I could, I downloaded the JDK and started programming in Java.
At the first Java One developers conference in 1996 – and seeing the ‘Green Project’ handheld Gosling described in the interview – I was beyond sold. I was more excited about the possibilities in computer science than ever before. I scripted my Oracle porting job, literally, in Perl and Expect scripts, to free up more time to program Java. I spent my days not-so-clandestinely programming whatever Java projects interested me. Within months I left Oracle just so I could go somewhere, anywhere, and program Java. The startup I landed at happened to be a security start-up. But that white paper was the major catalyst in my career and pretty much shaped my professional direction for the next 10 years.
And so it is again – Gosling’s views on NoSQL actually got me to go back and reconsider some of my negative opinions on the movement. I am still not sold, but there are a handful of people I have so much respect for, that their vision is enough to prompt me to reinvestigate my beliefs. I hope Mr. Gosling gets another chance to research new technologies … the last time he set the industry on its ear.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s Dark reading article on Data Security: You’re Doing It Wrong.
- Rich gets snarky with the Scwartz PR folks when they profile him.
- Mike’s Endpoint Security Fundamentals: Part 3
Favorite Securosis Posts
- Mike Rothman: Index of NSO Quant Posts. Yeah, pimping out my own research again. But NSOQ was a monumental amount of work, and this provides quick links to all of it.
- Adrian Lane: Monitoring up the Stack: Identity Monitoring. Gunnar has an excellent grasp of Identity Monitoring, and it shows in this post.
- Gunnar Peterson: Monitoring up the Stack: Identity Monitoring.
- Rich: This week’s Incite. In which Mike admits to thousands of people it’s his birthday this week!
Other Securosis Posts
- Monitoring up the Stack: Identity Monitoring.
- Incite 10/6/2010: The Answer is 42.
- Monitoring up the Stack: App Monitoring, Part 2.
Favorite Outside Posts
- Mike Rothman: Why Wesabe Lost to Mint. Not security related, but important nonetheless. The one that makes things easier on the user wins. Sound familiar, Dr. No? If users have to work too hard, they’ll find ways around your controls. Count on it.
- Adrian Lane: AT&T, Voice Encryption and Trust.
- Rich: Verizon releases their big PCI compliance report. Seriously good – this actually ties compliance to breaches.
- Gunnar Peterson: OAuth Bearer Tokens are a Terrible Idea. This is a sad story, because OAuth gained a ton of traction in version 1.0 (many major sites like Twitter & Netflix are using it), and then in the process of moving OAuth to a full-blown IETF standard the primary security protections were dropped!
Project Quant Posts
Research Reports and Presentations
- Understanding and Selecting a Tokenization Solution.
- Security + Agile = FAIL Presentation.
- Data Encryption 101: A Pragmatic Approach to PCI.
- White Paper: Understanding and Selecting SIEM/Log Management.
Top News and Posts
- Dennis’s awesome article on Rethinking Stuxnet.
- FBI Caught Spying. Then they want their toy back? Dumbasses.
- Record Breaking Patch Tuesday.
- eBanking Security Guarantees for Gov Institutions. Things are getting bad!
- LinkedIn Drive-by Malware Attack.
Thanks for the Wesabe link. Never heard of it, never knew anything about even that little industry, but that was a nice read. I like a small bit of subtext in there about privacy not really mattering to your success in the end.
Also as a side note, it’s nice to read things like this. I don’t like peope doing things with my data, especially if they suggest other things to me. But I can see that this guy’s intentions were certainly altruistic and fully admits they aggregated data and make suggestions based on it to users. I still might not like it, but it doesn’t necessarily mean the people behind it *must* be evil.
(Ya’ll have mentioned before about the weightiness of the thick data you guys post lots of these days, but I will say the Incites and little outside links in the Friday Summaries are fun; like a fresh breeze!)