2006-11-30

Bi-Tek

Johnston County in North Carolina has gotten a temporary court order to get Google to remove a page from cache. The page contained the personal information of county residents including social security numbers and cell phone numbers. The news has focused the fact that Google did not respond instantaneously causing Johnston County to seek a court order from an NC judge and not the fact that one of the county's contractors was negligent in its handling of sensitive data.

While it is disturbing that Google doesn't respond faster to requests to clear Personally Identifiable Information from its cache... Johnston county did leave the information languishing on the Internet for six weeks. And, how did this information make it to the web anyhow?

The News and Observer Article states that Bi-Tek creates a file that is posted to the Johnston county website and this file is supposed to contain only names, addresses, and non-private account numbers. Bi-Tek made a mistake that instead posted private data to the Internet.

Earlier this year the VA had its own incident where it potentially exposed the personal information of millions of veterans. Proving that large and small organisations alike have to fight employee ignorance, malice, and indifference regarding sensitive data. The questions that the press should really be asking might be:
  1. What is going to happen to Bi-Tek for this mistake?
  2. What are they going to do at Johnston County to make sure this never happens again?
  3. Will Google be motivated to create a special "Oops! I posted my credit card number on a bulletin board!" call center?
  4. Should software companies that handle sensitive banking, tax, and accounting data have to be certified? And, would an incident like this revoke the license of such a company? Should they ever get it back?
If you pay taxes in Johnston County, North Carolina you should be concerned about the security of your tax information and you should be asking questions about Bi-Tek, Johnston County's website, and what they are doing to safe guard your personal information that they have stewardship over.

2006-11-15

Direct Web Remoting

DWR (Direct Web Remoting) is yet another Ajax framework. This one is, however, a Java framework that makes a heck of a lot of sense for java developers. Take a POJO. Register it in the dwr.xml file under WEB-INF in your war... and now you have an object you can call from your webpages.

Yeah. I didn't believe it either. But the 2.0 beta of DWR that I have been working with is really just about that easy. DWR generates the javascript which you just include in a page, then it generates the servlet that the javascript calls. DWR turns a POJO into an Ajax servlet.

See how easy it is to get started with DWR and if I get enough feed back I'll post some code samples of how to do a portlet that has can process actions using that POJO you registered with DWR. Now with some very simple (but smart) scripting you get Ajax features that automatically degrade to universally supported portlet actions.

And that is why DWR is head and shoulders over some very wrong-headed attempts to turn Ajax web development into Swing or pseudo-swing development. The web is the web. Features should degrade gracefully and page designers and artists should be able to work with programmers to create web applications that work well, look nice, and degrade gracefully.

see also: my DWR tag roll on del.icio.us

2006-11-03

Open Source the Inevitable

Anyone who didn't see open source coming was just kidding themselves about what software is fundamentally. Software is speech. Software is the embodiment of ideas. Once an idea is born it spreads.

Patent law used to recognize this truth. After all, an invention is an idea given substance. The limited monopoly power granted by a patent is intended to fade in time. And, after a time the idea behind an invention becomes part of the greater matrix of ideas that create the culture and community of inventors.

Eventually, enough time will pass that the novelty of every software "invention" will fade and the ideas that drive those inventions will become part of the greater fabric of the community of software creators. Open source is one method of speeding up this process. By forcing software to expose its inner working you forcibly populate the world with the thoughts and ideas that were used to create the software.

Closed source software spreads its thoughts and ideas much more slowly. So much more slowly that the thoughts and ideas the pervade the open source community will eventually over power the closed source community's ideas. In this way open source is guaranteed victory over closed mind-sets... But, not necessarily economic victory.

In the arena of "hearts and minds" victory by open source is not revolutionary, it is evolutionary. Victory for open source in this arena is not the destruction of a particular company, it is the change of the company. Open source is just a label for a small part of a grander change coming for humanity.

The expression ideas is slowly becoming divorced from the physical world. In time the only thing that will have value are thoughts and ideas. Ideas have no value or power until they are shared. Open source is about sharing thoughts and ideas. And, our future is more about the power of thoughts and ideas than it is about control of resources.