The 3 error types I'm dealing with all the time: bad data, resources that aren't available or invalid and surprises.
Validate data coming into the application whether it be from people, web services or file system imports. Reject everything that doesn't match what you're expecting. But don't forget to tell the user what went wrong! (Where you do the validation is another story - the short answer: on the server.)
Catch errors you can reasonably recover from. File not founds, access denieds, timeouts, etc. Bring the application back to a valid state, help the user correct the error and continue.
Anything else has to go through a generic error handler. "An application error has occurred. Please contact technical support and refer to error number: nnnn."
Thursday, April 26, 2007
Tuesday, April 24, 2007
Sunday, April 22, 2007
How to make a system hard to secure...
Add...
1 part complexity. Thousands of classes, millions of lines of code, xml configuration files decipherable only by parsers, and all the latest technologies and buzzwords contribute here. (Don't forget to mix in a pinch of WS-* for good measure.)
1 part extensibility. How many of us use the software we do because of vibrant plugin communities? (Eclipse?) Lots of plugins tells me an application is probably alive and well, and has dozens of passionate users to turn to for help when I need it. (IntelliJ/MS MVPs?)
Plugins: are those little bits of custom code you download by clicking Tools->Addons -usually written by one "Who, I Have No Idea"- that run in-process and have privileged access to the local file system, main memory and all the data contained therein.
and...
1 part connectivity. Technology is more pervasive today than ever before and people are using it to keep in touch with old friends and make new ones - I'm thinking Web 2.0's poster children here: MySpace, Facebook, flickr, etc., but this criterion could be applied much more broadly (SMS?). One of my fave quotes comes from Sun Microsystems's Whitfield Diffie: (Not originally his.)
Phishing, stalking and child abduction have all flourished, sadly :-(, in these new online communities by adapting to the new medium faster than did law enforcement.
1 part complexity. Thousands of classes, millions of lines of code, xml configuration files decipherable only by parsers, and all the latest technologies and buzzwords contribute here. (Don't forget to mix in a pinch of WS-* for good measure.)
1 part extensibility. How many of us use the software we do because of vibrant plugin communities? (Eclipse?) Lots of plugins tells me an application is probably alive and well, and has dozens of passionate users to turn to for help when I need it. (IntelliJ/MS MVPs?)
Plugins: are those little bits of custom code you download by clicking Tools->Addons -usually written by one "Who, I Have No Idea"- that run in-process and have privileged access to the local file system, main memory and all the data contained therein.
and...
1 part connectivity. Technology is more pervasive today than ever before and people are using it to keep in touch with old friends and make new ones - I'm thinking Web 2.0's poster children here: MySpace, Facebook, flickr, etc., but this criterion could be applied much more broadly (SMS?). One of my fave quotes comes from Sun Microsystems's Whitfield Diffie: (Not originally his.)
"As the number of interactions between people goes up, their relative security goes down."
Dr. Whitfield Diffie, Chief Sun Security Guy, Crypto Wiz.
Phishing, stalking and child abduction have all flourished, sadly :-(, in these new online communities by adapting to the new medium faster than did law enforcement.
Saturday, April 14, 2007
Blogspot, del.icio.us, and Feedburner
I noticed a few of my fave bloggers were making daily posts of del.icio.us links and notes. "Well that's very neat!" I say to myself. "How'd they do that?"
After a little bit of poking around, here's what I've come up with...
Del.icio.us has a couple of things that'll do it if you don't mind new posts showing up in your blog full of links: link rolling and daily blog posting. Great! I guess my only problem then is I don't actually want posts full of links showing up in my blog every day. Ugh. Enter Feedburner...
Feedburner takes my regular Blogspot feed and wraps it up in one of their own letting them do things like track how many subscribers I've got, and count the number of click-throughs to my posts-presumably to see which ones people are reading most? But here's something else they do that's been very helpful to my little quest... feed aggregation. Did you know del.icio.us serves up a feed of links you add to your account every day? I didn't. Anywho, it looks like Feedburner will automatically grab it and drop it into my feed without touching Blogspot.
Nice. :-)
After a little bit of poking around, here's what I've come up with...
Del.icio.us has a couple of things that'll do it if you don't mind new posts showing up in your blog full of links: link rolling and daily blog posting. Great! I guess my only problem then is I don't actually want posts full of links showing up in my blog every day. Ugh. Enter Feedburner...
Feedburner takes my regular Blogspot feed and wraps it up in one of their own letting them do things like track how many subscribers I've got, and count the number of click-throughs to my posts-presumably to see which ones people are reading most? But here's something else they do that's been very helpful to my little quest... feed aggregation. Did you know del.icio.us serves up a feed of links you add to your account every day? I didn't. Anywho, it looks like Feedburner will automatically grab it and drop it into my feed without touching Blogspot.
Nice. :-)
Tuesday, April 10, 2007
The Defender's Dilemma...
Bruce Schneier writes about active deterrence and retaliation in Cyber-Attack-a post that takes me right back to one of the first ideas I ran into getting started in security-The Defender's Dilemma. It talks about the 2 opposing forces at play in this space: attackers and defenders and says "it's a lot easier to be an attacker than a defender".
Here's what it means for me...
As a defender, I need to make sure my firewall lets traffic through on some ports (21, 25, 80, etc.) but not others. My app server must be locked down-this means getting rid of default apps, changing default passwords, tightening up my server.xml or http.conf, and staying on top of those daily security updates-. And wouldn't it be great if my application was built by people who've heard of things like cross-site scripting and SQL injection-sadly these are still too few and far between.
As an attacker, all I need do is find one buggy service still running, an over-looked configuration setting or a single unprotected form field in a web application that might have 1000s (alright... an unprotected field that's used in an interesting way-oh in say... a SQL query).
The general in Schneier's article suggests always being the attacker. Setting aside the moral high-ground for a moment this is the best way to tip the scales in our favour. What he's doing is moving the battlefield away from our systems and networks into somebody else's-which should make for much less collateral damage. Unfortunately that's not something we're going to be able to do is it-enter that pesky high-ground. :-(
So what's left to us? Disaster recovery and response plans, rock solid backup strategies and constant vigilance. *sigh*
And the topic for another entry... :-)
Here's what it means for me...
As a defender, I need to make sure my firewall lets traffic through on some ports (21, 25, 80, etc.) but not others. My app server must be locked down-this means getting rid of default apps, changing default passwords, tightening up my server.xml or http.conf, and staying on top of those daily security updates-. And wouldn't it be great if my application was built by people who've heard of things like cross-site scripting and SQL injection-sadly these are still too few and far between.
As an attacker, all I need do is find one buggy service still running, an over-looked configuration setting or a single unprotected form field in a web application that might have 1000s (alright... an unprotected field that's used in an interesting way-oh in say... a SQL query).
The general in Schneier's article suggests always being the attacker. Setting aside the moral high-ground for a moment this is the best way to tip the scales in our favour. What he's doing is moving the battlefield away from our systems and networks into somebody else's-which should make for much less collateral damage. Unfortunately that's not something we're going to be able to do is it-enter that pesky high-ground. :-(
So what's left to us? Disaster recovery and response plans, rock solid backup strategies and constant vigilance. *sigh*
And the topic for another entry... :-)
Sunday, April 8, 2007
Architects...
I'm not sure architecture is where I'll end up in the next 5 years or so but here's where I think I need to be myself before I even start thinking about filling that kind of role...
An architect is somebody who:
Is experienced. (And work in the field is pretty much the only place to get it!) S/he usually gets to decide how an application will work from the get-go at the highest level - a system-wide view. Where does it come from? A background involving several sufficiently different projects certainly helps, but nothing beats mistakes when it comes to learning the right way to do things.
Is confident. Confidence is something I struggle with all the time - especially when I'm wading into new territory (architectures, libraries). The good news is it's something that largely corrects itself the more decisions you have to make. I know I'm much better than when I started 5-ish years ago - a lot of that came from just slogging through, and working with really smart people.
Is a mentor. I wouldn't want to work in a company that separates the best and brightest from the rest of us mere mortals. Books and articles are great for improving your craft, but so is a good slap on the wrist when you need it from somebody who's been there. I think an architect should do more than keep apps maintainable, testable, performant, etc. Most developers (myself very much so included) absolutely need the occasional firm but gentle nudge in the right direction!
[Heavily borrowed from some of my fav bloggers out there. :-p]
An architect is somebody who:
Is experienced. (And work in the field is pretty much the only place to get it!) S/he usually gets to decide how an application will work from the get-go at the highest level - a system-wide view. Where does it come from? A background involving several sufficiently different projects certainly helps, but nothing beats mistakes when it comes to learning the right way to do things.
Is confident. Confidence is something I struggle with all the time - especially when I'm wading into new territory (architectures, libraries). The good news is it's something that largely corrects itself the more decisions you have to make. I know I'm much better than when I started 5-ish years ago - a lot of that came from just slogging through, and working with really smart people.
Is a mentor. I wouldn't want to work in a company that separates the best and brightest from the rest of us mere mortals. Books and articles are great for improving your craft, but so is a good slap on the wrist when you need it from somebody who's been there. I think an architect should do more than keep apps maintainable, testable, performant, etc. Most developers (myself very much so included) absolutely need the occasional firm but gentle nudge in the right direction!
[Heavily borrowed from some of my fav bloggers out there. :-p]
Friday, April 6, 2007
On improvement...
From Extreme Programming Explained: Embrace Change…
“Best is the enemy of good enough” suggests that mediocrity is preferable to waiting. This phrase misses the point of XP, which is excellence in software development through improvement. The cycle is to do the best you can today, striving for the awareness and understanding necessary to do better tomorrow. It doesn’t mean waiting for perfection in order to begin.”
I fall into this trap all the time. It’s paralyzing!
First post...
Hi there!
I've decided my first post is going to be about me.
My name is Christian. I was born in Toronto, Ontario, Canada and have lived here my entire life. I have a sister and mom who love me. I've been really lucky me thinks. What kind of person would I have turned out to be if I had been born in say, Africa? Asia? I'll never know. Life has been good to me and hopefully through my writing, I'll figure out how I feel about that and why.
Writing helps me think. Whether it's about work, life, or anything else under the sun, some of my most important aha! moments have come when I made myself slow down and reflect. I guess this is what writing does for me and why I decided to make it a bigger part of my life.
I haven't decided what my blog is going to be about yet. For now I think I'll write about whatever pops into my head. I know I know, blogs are supposed to be focused, coherent things about a single topic. I couldn't agree less. I'm writing about myself for friends and family. This is about my own personal journey to enlightenment. So there! :)
That's good enough for a first post about nothing in particular.
See you soon.
Subscribe to:
Posts (Atom)
