// October 11th, 2006 // No Comments » // Life
Mark Cuban, famous for several things, most recently for his criticism of anyone (especially Google) interested in acquiring YouTube, has coined a new term for the combined Google-YouTube company — “GooTube“. This one really got a laugh out of me. Keep up the good work Mark and lets do the Finals thing again this year.
// October 11th, 2006 // No Comments » // Life
The Rangers season is over, as is Buck Showalter’s tenure as manager. As blame is commonly tossed about following any result but the securing of a World Series pennant, I’ll add in my own. Buck is no more to blame than the bag on second base, as the two probably have equal impact on the ultimate outcome of any single game. But he had a losing record and it’s easier to replace a manager than players, so he’s gone, and I suppose I’m a little indifferent about it. The A’s had a better team than we did…that’s about it. We could have used two more B-quality or better pitchers, and Tom Hicks and Jon Daniels know that and are making some effort to make that happen. Without a better manager waiting in the wings (which apparently they don’t have), I don’t see the value of canning Buck. Ranger fans weren’t exactly calling for his head. The Rangers are basically a solid team. No major changes are needed. We need to keep Millwood, Padilla, and Eaton. The rest of the pitchers should be on the table. We should probably trade Blalock for a, well, B-quality pitcher and hope to develop another in the next year. That’s probably as much as we can hope for next year and maybe it will at least get us a wildcard slot.
// October 11th, 2006 // No Comments » // Technology
Hans Reiser, author of ReiserFS, was arrested on suspicion of murdering his estranged wife.
ReiserFS has become the default file system for for SuSE, Lindows, FTOSX, Libranet, Xandros and Yoper (according to NameSys), and if he’s charged and convicted, there is, I suppose, the question of what will become of ReiserFS.
An issue not as critical perhaps as what will become of his children, but apparently no less interesting to the Slashdot community.
The community is quickly rallying ’round the filesystem and weighing in with quips such as…
“While the disappearance (and possible murder) of his wife is tragic, Linux users will wonder where this will leave Reiser 4. If Reiser is found guilty, will Novell or IBM pick up the pieces and finish up Reiser 4 for inclusion in the kernel or is this the end of the Reiser filesystem project? Will there be any future for the Reiser filesystem, and if Hans is found guilty and the project is continued, will the project be renamed to avoid notoriety?”
and…
“I hope they let him code in prison.”
and…
“If he is found guilty, the name of the filesystem will have to be changed, too. Otherwise it will fall into obscurity along with MansonFS, OswaldFS and the great-but-forgotten object-based, journalling OJSimpsonFS.”
I like it. Smug, sarcastic, and devoid of humanity, all rolled into one post.
Unfortunately, the potential impact on the future of ReiserFS is the only vector to the story making it relevant to post on Slashdot. This is a common news media conundrum — the need to focus attention on the element of the story making it worthy of a global news audience, sometimes at the expense of marginalizing the human tragedy that may be involved.
But really folks, this involves the apparent murder of the mother of two children, with their father in custody as the prime suspect.
Surely we can think of a better response than “Oh No! What will become of the dancing trees?”
Edited to add: More on the story here.
// October 5th, 2006 // No Comments » // Security & Privacy, Technology
I’m no stranger to the vulnerabilities of SQL injection attacks, having both helped customers dig out of compromised web applications and written my share of database-driven web-apps. To me, it’s the most-overlooked, most easily-exploitable, and most widely-practiced of security issues in web software development today. But probably also the least understood.
Michael Sutton recently wrote an article asking just How Prevalent Are SQL Injection Vulnerabilities?.
In it he attempts to compile some empirical data about the real number of publicly availble sites that are vulnerable to SQL injection attacks and what he comes up provides a rough look at the large number vulnerable sites. It’s an issue that isn’t going away anytime soon.
I’ve discussed this before. I’ve found that the exposure is most often a result of insecure programming methods than any intrinsic insecurity of the technologies involved. Developers either don’t know that what they’re doing is insecure or they don’t have the time to write secure code. Many will argue with me on this last point and say it takes no more time to code securely than insecurely if you know what you’re doing. That is true in most cases, but I’ve seen the alternative in-action. Small teams in small to midsized companies under intense pressure to turn out features for vaporware sold months ago. This a business problem, I agree. But it happens every day.
“We’ll go back and fix it later” the managers argue. But this often never happens, as many of us already know.
Something as simple as parameterized SQL statements would go a long way toward reducing risk. Passing unsanitized user form input into your query is just asking for trouble.
Security is a tradeoff. You have to balance the risk and cost of asset compromise against the time and cost of securing that asset. When gross sales are placed on the scale the balance can quickly shift and push security to the background, leaving among the artifacts of “agile” development applications that are a carefully-placed apostrophe away from giving up the keys to the kingdom.
Fight for secure code. Developers, protect your assets! When the script kiddies buy 1000 XBOX games using your best customers’ American Express card, it’ll be you that’s doing the walk of shame, not your boss. I guarantee it.
// October 5th, 2006 // No Comments » // Business & Politics, Life
David Leonhardt has an article in the New York Times (“free” registration required) about the relative cost of health care versus the benefit we get from it.
He argues that while the average cost of a family insurance plan that Americans get through their jobs has doubled in the last 7 years (which he concedes is unsustainable), and that the industry clearly suffers from both greed and waste, in the end modern
medicine is truly an expensive venture that ultimately results in big dividends for it’s beneficiaries (eg., those among us who can afford it or are otherwise insured).
However, the article goes on to point out that the number of Americans without any medical insurance has risen by 23% since 1987 as more corporations decide they can no longer shoulder the cost of subsidizing medical insurance for their employees — in effect reducing healthcare costs by reducing the real healthcare benefits to fewer and fewer people.
The longer term public health consequence is a widening division between those who can afford expensive healthcare and those who can’t. The current trend points towards life spans extended for only the wealthy, and sometimes at the expense of the poor.
History’s lesson tells us this is nothing new — wealth buys privilege, one of which is a longer life. The question is what responsibility do our public institutions bear in ensuring equal access for all. Is high-quality, affordable healthcare a civil right? It hasn’t been defined in those terms so far, and probably never will.
Fairness has rarely been a standard applied to private enterprise. Socialized medicine rings of something inefficient and even communist. The wealthy prefer things the way they are since they can afford the best healthcare at almost any cost. The poor will need subsidies no matter how low insurance costs get. As in so many cases, it’s the middle class that gets the squeeze…again.
Only after you’ve been faced with a friend or relative forced to suffer through a medical setback, sometimes for years on end, because they were denied all-but-emergency care for lack of insurance, can you feel the weight of the inequity of our system.
Medical outcomes are tied directly to an individuals ability to pay for good healthcare. We can pretend it doesn’t happen but it does. I’ve been around enough sick people and hospitals to have seen it first hand. Emergency care is (theoretically) available to everyone in the U.S., regardless of station in life, just enough care to keep you alive. The effects are more long term. The regular preventative checkups and health education many of us take for granted aren’t available to a lot of people, which in the end contribute to a shortened life span that could have been extended by ensuring everyone has access to quality medical care.
Much like the wars we fight, where the poorest among us most often find themselves on the front lines, the present healthcare system in the U.S., for all it’s triumphs, reflects a society — and ultimately a government — that seems to value the lives of it’s people only in proportion to their personal wealth. In so doing, it seems that with all our technological prowess, we’ve advanced little in terms of elevating our ethical standards to giving those with the least among us the care we all deserve.
