Monday, November 26, 2007

Lack of Internet

Well, my fast computer is now unhappily very single and isolated and hasn't had the joy to talk to other computers around the world to exchange information. One can only imagine how it must be feeling at the moment.

Anyway, I haven't sulked like my computer in this new and warm house. The move went otherwise very well and the living quarters I am in are very spacious and especially friendly. The house is down-floors only and has 3 bedrooms, one kitchen and a large living room. Shower and toilet too of course, or it would become quite messy pretty soon.

This month I began a PHP job for a larger organization in Holland. Finished within a week and moved on to *another* PHP job, but dealing with secure payments and a security audit, the details of which I am not allowed to disclose under NDA :). I'm now working for an organization that grew very quickly and is very popular for GPS device lovers. Yep. That one. And it's got a bit of PHP there too, although I am not technically involved this time. I'm dealing with the joy to bring clarity into the functional description of the system. Challenging, fast and things change under your fingertips when you're writing things up. Feels very healthy when things change that fast, although it's difficult to keep a full view of what's going on.

I'm still reading cognitive science when I can. I read Steve Pinker's book a bit more and it's getting really interesting. When you really understand more about perception, how you work and think, it may sound like it takes away some magic, but it's also creating more mystery since no one has fully explained how things work (it's writing down their perceptions really... "hey, this is what the brain does too" ). Many of the things in our general day-to-day activities are so much taken for granted, that when you point things out to people they start noticing how amazing it is. Like how people are now used to getting water from the tap, electricity from their sockets and when the new generation now grows up with Google to find information. (Hardly able to imagine that "historically", books were used to look up information. For them, books have become "introductory" repositories of information from where you start to know more about the topic and "involved").

Good. I worked more on Dune as well and now I can generate PDF from HTML. Well, if you know blogspot and XPress and GMail... They use an "IFRAME" component basically that is set to "designMode" using JavaScript. From there onwards, you can manipulate elements within that text control in order to format it and do other funky stuff. I'm using an existing control called TinyMCE that is used to create the content. Then I process it in six stages towards a valid PDF document that looks very slick and nice.

The idea is to build fragments of text and cross-refer them to other things. Then you can start processing things differently and refer from within documents to other parts of er.... whatever it is you're building.

Sorry for the delay in getting new posts up. I really did not have the time or the availability of the Internet, nor inspiration or events to write new things down.

Thursday, November 01, 2007

Application Security Special Interest Group

I'm part of an expertise group at the new company where we attempt to resolve security concerns and develop new awareness on security to be integrated in the development process from the beginning of a project. The focus is not on specific things like encrypting passwords, but carries a more global nature and may lead to the development of a new service portfolio.

Tonight we have a meeting. My focus is mostly on application architecture, so very high level.

Examples of AS concerns are:
  • Unwanted and unseen information leakage (see recent web2.0 developments)
  • Cross Site Scripting attacks and other browser vulnerabilities
  • Unwanted access
  • Injection vulnerabilities
  • Lack of input validation
  • Insufficient testing on the security of an application
  • Insufficient preparation and evaluation in the architecture and design
A very basic thing that isn't truly considered in many cases is that requirements are written from the perspective how something should behave. Never how something should definitely not behave. Especially in the field of security, this is where you leave a wide gap that may introduce security problems when the developer/writer/architect is not aware of certain vulnerabilities in that area.

When things develop further, I'll write more on this blog.