The WordPress team just released a critical security update to its venerable software (which runs this site) yesterday, as they had been made aware of a possible exploit. They patched the hole and released the fix. This is a necessary update. The fix does not include anything more.
What about other updates we see often? Is it right that software we’ve become reliant on has begun to include extras, as part of a marketing ploy? Check out Susan Bradley’s article, “Sun, Apple, Microsoft install chaff with patches” in the latest Windows Secrets newsletter for more about what I’m talking about. Her insight prompted m to scratch down this rant.
These slimy “updates” are one of the reasons that I’m glad that I left Microsoft Windows behind, as its the operating system that’s getting the most attention in this manner, so far. I haven’t checked out the latest Sun Java for Linux yet, though. It may be laden with a 30 day trial for something I didn’t really want, as a check box.
I understand that companies are trying to maximize their profits, but I’ve always felt that the “smash and grab” mentality was not profitable in the end, as it damages the reputation, and therefore, any credibility, that a company may have (or have left). How is this sustainable.
This subject brings to mind another thought that I will write about in more detail soon regarding the behavior of certain software and how its affecting the general computer using population. Stay tuned for that.
Man, am I glad I created my own blog software. I resolved a whole lot of issues that way and included only features I needed. I also made the whole secure by default, which means I gave no room for SQL exploits or bad input and sanitizing user data. Also by not allowing HTML in comments and by doing away with things like user-registration (which is rarely used in blogs anyway) I have made it simple to keep it secure. SQLite has also removed the need for a separate database server with user authentication, which is an additional entry point of risk, as many PHP scripts tend to be given super user database privileges.
It’s like when you build a house with a lot of doors from the outside, you need to keep them all locked. But by building a house with just one front door, your security is much simpler.
These security patches make me feel glad that I no longer use a canned solution.
Microsoft is Satan. I’ve always known that.
And Hari? Creating your own blog software? Way over my head.
and about that house with one door. What to do in case of fire blocking that door?
Oh hell I just worked all day, I’m just babbling now.
Well. you know that it doesn’t really matter what you use. If you use something that is popular, it is at risk of being hacked. So there is always something to update.
If Linux or whatever was the flavor of the moment, it too would be issuing updates and patches.
Look at Apple. Ever since they’ve progressed in the home computing area, more and more hacks have been occurring.
Hackers hack to show off, and what better way to do so on something that is popular like Windowz.
…. Clicked submit b4 I was finished. *doh!*
I was going to add WordPress too because it is also a popular CM application these days too.
@MacBros – You can edit those, you know. You have 5 minutes to do it – and I don’t moderate links
Well, I programming it in a couple of weeks using PHP and SQLite. Actually I get a great sense of pride in mentioning it on other blogs.
Jump out of the window :p
Seriously that was an imperfect analogy with a limited scope. What I meant to say was that as far as software is concerned, less bloat means fewer security problems and headaches.
That MAY sound logical, but technically you CAN design software to be secure by closing all points of bad entry and never trusting any external input and always sanitizing data before using it. Also if you keep on increasing the code-base, there is a chance to introduce more bugs into the system and therefore exposing more issues. That’s why patches keep coming out to solve problems of bad design. A well designed system will not fall into the “upgrade-fix-security” cycle.
Science and logic don’t always go together. If a system is designed with security in mind, the chances of it getting hacked does not increase with popularity or other factors.
Lest we forget, Linux is popular: it runs practically the whole of the internet. Things aren’t more secure because less people use them, they are secure because they are designed that way. Windows is and always has been full of holes.
The WordPress updates are a pain but I’d rather have a little inconvenience than have my site taken over. And they tend to announce, well ahead of time, what new changes will come up as part of an update. The swine of this article is that Sun, MS and Apple all decided without your knowledge or consent that they would add in more software. That is the sort of thing that you should decide for yourself.
Just upgraded to the last version the 2.8.4. what do i know, all my existing widget in the chosen theme won’t work anymore.