I stand by Gears!

So, no sooner had I posted the last post on my blog when I saw that Google are seriously considering dropping Google Gears at all.

Google are dropping support for the most important piece of software in the last 10 years?
Yes, and no.

Google introduced the world to the idea of offline applications by creating Gears. But maintaining it in all the different browsers and all the different Operating Systems (and variations of each) is painful. And was necessary until HTML5.

But HTML5 is a standard way to implement offline applications, it will be implemented in all browsers soon enough and it will be implemented in a standard way. And Google doesn't need to maintain it.

Google gets what they want and they don't need to support it.

One of the new features in Chrome that separates it from other browsers is the speed that it runs javascript. This became a major feature and forced Mozilla to speed their javascript up to compete. IE will do the same. (Mozilla had a faster javascript engine but they released it sooner than they would have otherwise done.)

So Google don't need Gears but it has already changed the world.

The most important piece of software this decade

[and most people don't even know what it is!]

I've spoken about this software before, I think, but it deserves its own blog post.

And what piece of software is the most important for the last 10 years?

*drum roll*

Google Gears!

"Oh yes of cour- eh, what?!" I hear you say.

Google Gears is a silly little piece of software that merely allows one to run javascript offline. It tricks the browser into thinking that changes are going to the net but are actually stored locally. When an Internet connection is available, the databases are synchronised. Very technical stuff.

But what it really allows is a PC to run only web applications and allows web applications to be feature rich as desktop ones. What is really allows is GMail to compete with Outlook and Google Apps to compete with Office. It not only allows Google to compete directly with Microsoft head-to-head but gives them a slight lead.

Since Google's applications are designed with sharing in mind and Microsoft's are not, Google is ahead in this respect. And since Google's applications are on the Web, you can get to them pretty much from anywhere.

And since Google are driven by a policy of "good-enough as fast as possible" their applications are sleek and ready to be used online - Microsoft have some way to go if they want to compete in this area.

In the mid-90s I remember a whole host of companies decided to take on Microsoft directly and all of them came off second best. Netscape (with navigator - remember that?) , SUN (SunOffice, Java, Net-PC) , IBM (OS/2), Apple (pre-Jobs, iPod).

Netscape is no longer but they did spawn Firefox which is eating into IE's market share in a big way. SUN has some amazing software like Java and SunOffice (or OpenOffice) but they never really impacted on Microsoft's dominance as they looked like they might have. The less said about OS/2 - the better. And Apple reached their lowest point when Microsoft invested in them to keep the company alive.

SUN's vision for a NetPC is coming about again with Google's ChromeOS. The only difference really is that SUN's vision had lots of pretty blue SUN Servers being the central store for all data and apps while Google's vision has lots of ugly grey and black Internet Servers being the central store. (Internet being the important part). Google are making true what SUN never could - "The (Inter)Network is the Computer".

Whether Google will succeed where many have failed remains to be seen but they have lined up some interesting tools to get themselves with at least a chance and at the heart of each of these tools is Google Gears making it all possible.

SANS Confirms

So, when SANS comes out with a document - The Top Cyber Security Risks then it is time to sit up and take notice.

And especially when their findings pretty much agree with what the rest of the industry is saying.

The interesting thing is that there are really only two major risks highlighted and one observation.

The observation is that Companies are being good with patching Operating System level vulnerabilities. I guess this is well-done to Microsoft and the other OS creators. However, if you are not fully patched on an OS level then you are the low hanging fruit. And you will be in trouble.

"Hackers" are moving to hacking applications these days - both pre-packaged ones which you will be more likely to find on the desktop and custom built ones which will more likely be hosted on a website.

So, companies now need to look at patching applications quicker.

They must also have a good solid web application plan in place and stick to it before exposing themselves online.

If you only read one article on Information Security...

[... this is it]

Actually, this is a bit unfair because after reading this one article, you'll be compelled to read more.

Richard Bejtlich's article sums this up nicely. He links to another blog post by Verizon Business.

I have some issues with Verizon Business's annual report but it is probably the most important document on Information Security to be published.

My one criticism of the Verizon Business Breach Report is that it shows credit card data to be more at risk than anything else. I was never sure if this is because it is easier to abuse than other data (such as Intellectual Property) or is just easier to detect when it is abused. According to the article, it is the latter. IP is leaving our companies, we just don't know it.

When a whole bunch of credit card information is stolen then the banks track which credit cards are abused. They are good at this and they slowly work out where all the credit cards were used together. So, if 5 credit cards were all used at a specific shop and then end up being abused that points to that shop having had an information breach. In the case of IP, there is no bank tracking abuse so you have to track it yourself... and companies are really bad at that.

The other point which I found quite amazing is that very few times when a PC is lost, is it used for fraud. End point encryption is cheap and easy to apply so it should be done, but most information is lost, not through assets being lost but through network attacks.

[OT] Men are chickens**t.

If you walk into (any) Exclusive Books book store and go to the counter you will be confronted by a whole bunch of gifts.

There are bookmarks, pens, little torches etc. And there are little gift-books. Some are small, some are sentimental, some are silly but they are all intended to be gifts.

So, on the counter at the EB in Cresta shopping centre are two boxes that hold books. One is called "Don'ts For Husbands" with a blue cover and one is called "Don'ts For Wives" with a pink cover.

Now remember, these are by the gift books, not on the shelves where you'd go to browse and buy a book for yourself. So, the intention of these books is for a husband to buy for his wife and vice-versa.

All the "Don't For Husbands" were snapped up by wives and given. The "Don'ts For Wives" were still on the shelf. The one copy that was purchased was apparently buried with the husband the next day.

You've got to love married bliss.

(This whole article is true - except for the bit about the one copy of "Don'ts For Wives" missing.)



(The pic above is not such great quality but take my word for it - there are no copies in the left box and the box on the right is almost full.)

[OT] Open Question to Nokia

So, I have a Nokia E71.

It is absolutely amazing. There is very little in the way of hardware that I can fault.

My wife has a Nokia too and its camera is so good that our regular camera is now collecting dust.

Bottom line - we love our Nokias.

But, Nokia fail on one aspect which I would hope that they can sort out.

According to this Vodacom page, a Blackberry subscription with Vodacom costs R60 and includes email, all on-device-browsing and most importantly - turn-by-turn navigation.

Nokia offer an email service which is "free for now". My browsing is pretty much covered by my contract and I try not to browse from my phone if I can help it.

But... navigation is R100 a month. That is truly mad. It is almost double the Blackberry deal and doesn't include the email, browsing, etc etc.

If Noka want to compete in the new cellphone world then they need to realise that there is more to a cellphone than just the device. There is a service now and Nokia need to make the price realistic. I wouldn't swap my Nokia for Blackberry any day but Nokia needs to come to the party and bring services that are not ridiculously priced.

So, Nokia, what can you do?

The most important security advice for home users!

[Make backups of your important information. Totally erase all devices with storage before you give them away]

So, because I manage Information Security for a large organization people ask me for advice on how to protect themselves.

The first thing I tell them (stuck record time) is to do backups.

The most important thing that home users can do is backup their information. That includes photographs.

Its like smokers - the people in a restaurant most likely to complain about smoke are the ex-smokers. The people who are most likely to make good backups are those that have lost information.

Except for the fact that my wife does scrapbooking, we would have precious few printed pictures of my younger daughter. They all reside digitally. If my wife's harddrive had to crash then we (potentially) would lose every photograph of our daughter ever taken.

The thing is that hard-drives are built like everything else - to fail. So, all your precious information (and every household has some) is sitting on a device built to fail. (Read that sentence again and again until you totally understand the implication.

Now, consider that most modern PCs have CD/DVD writers and the disks can be bought quite cheaply. What are you waiting for? Disaster?

Having said all of that, my SD card in my phone was corrupted. There was nothing really important on it (and what is important has been backed up) but I thought I'd try recover what I could from the device. I found a tool called PC inspector File Recovery. It is freeware and will analyse a drive and try to restore files which can be saved onto another drive. It is very easy to use and the price is right (free).

It managed to restore files that non-free software was not able to. I highly recommend this tool.

So, yes, it is possible to get files after a drive has crashed but it is not 100% and Murphy will come to the party by making all files restorable except the one you really want. Backup!

On the other hand, delete is not as permanent as it sounds. So, if you have private information on any device (including PCs, cellphones, USBs etc) assume that the information on them is readable by whoever you sell/give the device to when you are done with it. Another good free tool is Eraser .This tool will erase everything on the disk so it can't be undeleted.

One last thing on this topic. Some malicious software (eg viruses) puts fake file recovery software on your PC, encrypts files and tells you that the files are corrupted, asking you to buy the software so it can "repair" the files. Don't fall for this trick, you will just be making the cyber-criminals rich.