The Lair

I’m more than a little late to this party - but it’s a pet peeve and I feel the need to vent. So here we are… yet another instruction on why trusting personal details to a random startup is a bad bad idea. Gather around, kids. This is fun.

Part 1: Ceiling cat Facebook employees are watching you. They know what’s on your profile, they know which profiles you’ve been visiting and it’s apparently a perk to be able to stalk people. Discount the last as Valleywag hyperbole (although no one seems to be rushing to deny it) and you still have an interesting picture. Surprised? People actually seem to be.

Part 2: People on your friendlist can be co-opted for targeted advertising. (More commentary here and here).

Surely that can’t be legal, you cry indignantly. Well, it is - if their terms of service hold up in court. They can pretty much do whatever they want according to that document (remember clicking I agree on that?). It’s their data. There is also an argument in the Slashdot comment thread about Facebook’s deletion policy for profiles - they seemingly promise to resurrect all the data if you should return from your fit of pique.

But I’m being both misanthropic and cynical about this. I no longer consider it my personal crusade to tell people to hide personal information (date of birth? permanent address? good grief, people! how many banks rely on your date of birth for one step of authentication?) on their profiles. There are two reasons for this - first is that it’s amusing to have articles on how to make out like a bandit with FB (translated - thx R for both links). The second reason is that people with lots more information out in public are low hanging fruit for the data miners and criminal elements that are undoubtedly going to invade. Cynically, it’s sort of like staying next to a herd of slow, limping zebras when the lions turn up looking for lunch.

If some inventive dataminer figures out a way to tie in Scrabulous stats to personal information though, I’m pretty much screwed.

There is a proposal underway for a Blogger Code of Conduct. No, really. Someone actually wants to do this. The phrasing in that code of conduct is camp enough to have come from a local blogging celeb or the astroturfing commune.

The highlowlights:
We take responsibility for our own words and for the comments we allow on our blog: Responsibility for my own words on this blog? Fine. Responsibility for comments? Oh hell no. I may or may not endorse every comment on this blog (I’ve disagreed with a few people via comments on their blog and I’d extend someone the same courtesy here), but responsibility? No. Just no way. I have enough trouble being responsible for my own words and actions, never mind what someone else might choose to type in here.

There is a beautiful definition of unacceptable content there which annoys me more. For example, “knowingly false”. WTF? Blog authors need to become mind readers? Maybe we need a lie detector now.

And there is also the escape chute which says we reserve the right to change these standards at any time. Then why bother? I police (for want of a better word) my blog in my own way. Perhaps I already apply these standards. Why do I need a code of conduct and a badge in that case?

Read the rest of this entry »

Somewhat sparsely explained on Wikipedia.

Honeynet has an interesting (although somewhat dated) paper on the survivability of machines exposed to the internet. I’ve just been watching logs (not really my job, but no one else seems to be doing it) and I’ve seen the firewall and proxy log hits from places as diverse as China Telecom (that’s Taipei), various places in the western seaboard of the US, Europe and Australia. They’ve tried things like proxying a connection to IRC channels, connecting via Yahoo Messenger (yes, really. I was so tempted to let it through and snatch a password or three… damn being all corporate and law abiding) and sending email (to advertise random pharmaceuticals, no doubt).

It’s only a matter of time before someone really does break into the machine and make free with the juicy bandwidth. If they haven’t done it already. I know it for true. The statistics (and even Netcraft) bear it out. It’s only a matter of time.

No one else seems to get it though.

To become the Cassandra or not? Do I really care if it happens? (Hey, I’m not using that bandwidth, so should I really care at all?). Do I have the time to seat people down and explain it to them? Do I have time to secure it myself? The answer to the last two questions is probably not. So… I let it slide.

It’s a crappy way to run servers, but I’m going to pick a battle I really want to fight.

update: Ubuntu Server truly does suck donkey shlong. I quote from Information Week because this is priceless.

… Ubuntu doesn’t recommend its server version for truly mission critical tasks. By contrast, there are plenty of big companies running things like SAP and Oracle on Red Hat and big server iron.