October 1st, 2008 by Milan Cermak
One of the most frequent tips on building a great web app is “release early, release often”. Push out new features as soon as possible. It’s appealing, you can amaze your users each month with a cool new feature, you create buzz, you are interesting, you are hot. This all happens on the frontend, where people can see it, click it.
However there’s also some backend stuff that needs to be done. The same way users don’t care what language you are using, they don’t recognise if you’ve just updated your logging system or sealed some security hole. So obviously, we focus more on the buzz-creating, user-attracting features and leave the non-sexy stuff as last.
And that’s the heart of the problem. Making the app secure is usually at the bottom of the TODO list. I’m not sure if it’s because developers don’t want to, don’t care or don’t know how to fix this. Or maybe they are relying on the security provided by the framework they’re using (which may not be a good idea). It’s irrelevant why, but the simple fact to the matter is that there are a lot of startups out there which have severe security flaws.
It’s kind of OK when all you can lose is your business and your users. After all it was your fault. You can start all over again and this time be more careful.
However it is a different case when people put trust in you and store their valuable data (and presumably secret, in which case they are naive) on your servers, using your service. Yes, I’m looking at you DropBox. Thanks to a simple XSS vulnerability, DropBox effectively becomes Rapidshare. Take a look at this proof-of-concept video by Synopsi. It shows only how to change the computer’s name, but it’s possible to read and write files or access any folders shared through this service.
It’s not just DropBox. Sadly, half of the web is vulnerable. What’s even worse, companies, developers, people responsible for securing their app ignore this problem, don’t talk about it, don’t confront it, act as everything is normal and this problem doesn’t even exist.
So I appeal to you, web developers: take some time to think about the security of your web application, be reasonably paranoid, sanitise your data, etc. Care about security.
July 5th, 2008 by Milan Cermak
I like to read. Classic, dead tree version of books, that is. Although I’m a fan of new technology and hi-tech gadgets, I don’t think ebook readers like Amazon’s Kindle or Sony’s PRS 500 will ever be successful. It’s just not it. You can’t feel and smell the paper, flip the pages or, occasionally, use the book for thousands of different tasks then reading.
But there are minor annoyances with normal books. You can’t search fast. I don’t use a bookmark so I have hard time remembering where I stopped reading. I often want to write down a quote from the text and it is not as convenient as it would be with an ebook reader.
So why not combine the best of these two world? By embedding a cheap touch screen, memory chip and some other necessary HW into the book’s cover (so it wouldn’t work for paperbacks, pity), reader could search through the book, note interesting passages, bookmark where he ended and probably many more. Hopefully, because it would be produced in millions, it wouldn’t drastically affect the price of a single book.
Do you read this Amazon? Now go, design and produce it ;)
April 24th, 2008 by Milan Cermak
Good news! There’s going to be a TC meet-up in Prague. Jack DeNeut from Nelso is organizing it. If you understand Czech, check out the interview on BuzzMag. For the rest of the world, here are some facts from the podcast:
- The date is set on 23.5.
- It is not sure where it will be held yet. Jack wants to do it american style - grill, beer, wifi and Wii at his house. Jack anticipates 60 - 80 people will show up.
- Mike Arrington won’t be attending. However, other TC bloggers will.
I’m really looking forward to this event. See you there.
UPDATE: There’s a Facebook, so if you are attending, register there.
April 21st, 2008 by Milan Cermak
Most of the talks from Startup School can be summarised into one or two sentences. Here are those I liked:
April 1st, 2008 by Milan Cermak
First of April a wonderful time to start a blog, don’t you think? Well then, welcome to this blog, which will serve as a supplement to my other one. I intend to focus on more technical stuff, open source, startuping, programming in Lisp and Javascript and other hacker-friendly posts.
As I am a FOSS enthusiast and this whole blog runs on open source bits and bytes (Linux, Debian, Xen, Apache, Wordpress, the list goes on and on), I’d like to thank the whole open source community for making the world a better place :)
The only thing I had a little problem with was using mpm_worker Apache module with PHP. Because PHP isn’t thread-safe, mod_php requires mpm_prefork. It’s a shame not to fully utilise the four cores of the CPU, so I installed PHP as CGI which solved that issue. However, I’m not exactly sure if this will not break some Wordpress stuff. It is a little experiment of mine, we’ll see.
