Odds and Ends
A few things that I came across that I could have turned into a number of small blog posts but instead I choose to throw them all into one.
Up first we've got a WordPres plugin I recently downloaded and added... Like many bloggers I use Google Analytics, and like many wordpress bloggers, I've simply added the Google Analytics tag to my footer... This has all changed now. Thanks to a plugin called Ultimate GA. I've just set it up but I'll know better in a few days how it's working.... Here's the info from the website:
I managed to get a Google Analytics account back in the days when there was a long waiting list. I added the tracker JavaScript to the footer of all my pages, as instructed by Google Analytics. This gave me some great statistics to start with, but I wanted more.
I also want to track outgoing links to other sites and links to downloads (e.g. PDF documents) on my own site. Google Analtytics can do this, but you have to add an onClick JavaScript to all these links. I didn’t like the idea of editing all my blog entries to add an onClick event to the links. So I ended up writing a WordPress plugin that does it for me. You can download the plugin for your own use.
I've just set it up, so I'll let everyone know in a few days what I think of it.
Up next we've got a post on the Technology and Marketing Law blog, and this one is rather interesting. It discusses a case ( Internet Archive v Shell ) which asks the question "Can a Spider Enter Into a Binding Contract?" As I have an interest in webs spidering this caught my attention. I think the case is ridiculous from the get go... The question being asked isn't the right question... The correct question should be, "Can a website provide a "contract" along the lines of Shell's and have it be valid?" I think the answer to that should be no. Although looking at Shell's website, I see this as an attempt at a money grab... She's targetting Internet Archive due to their size in my opinion... if she had a valid case, she'd have targetted Google, which I'm sure has cached her page.
Since she wants money from anyone who copies her website, I suggest you visit it. Scroll to the bottom of the horridly designed website... It looks like those old Angelfire and Geocities websites. Shell licenses her website for viewing over the internet only... (I wonder if she's attempted to go after every visitor... after all their browser caches pages). In order to view the copyright, you have to click a box asking if you agree to the Terms (prior to seeing the terms)... The whole site made me laugh and the case is making me laugh even more... I'm definitely curious to see the outcome though... Maybe I'll add fine print to the bottom of this page that if you view the RSS feed you're agreeing to pay me $1000.00.
Next on the list is an article about Novell being linked to a press release stating that the TCO for Microsoft products is less than Linux. I'm sure this article has irritated plenty of Linux advocates... however the statement is true... This was debated before when Microsoft released their large Microsoft costs less than Linux campaign... and the Microsoft TCO is less. Think about it, you purchase the Microsoft product... you have an IT person... your cost is their salary + the software cost. All of your software ties in quickly and easily and install / configuration is simple and a breeze. Now take a look at Linux... There are less Linux people out there so you will probably pay more for your Admin. Now you have to pay for the software (enterprises run SuSE or RH... not as many go grab VectorLinux or Debian). Now you have to painstakingly install and configure everything... You don't have the benefits of Active Directory... of your users being tied together... of software like Exchange... You may have a web based calendaring system... or thunderbird but the productivity just isn't at the same level... Something is lost. In the end, when everything is factored in... Microsoft is cheaper... I've actually blogged on this subject in the past... feel free to jump back and read it.
A quickie link here to a couple of online PDF viewers.... one offered by Adobe and a third party one... I tested both of this with the same PDFs this evening and the third party viewer worked much better... actually it worked, which is more than I can say for the Adobe offering.
Lastly, everyone has been jumping on the horn to mention The Top 59 Influencers in IT Security for 2007. Congrats to everyone on the list and hopefully none of you will find what I say next overly insulting or think of it as an attack. I take some issues with the list... The focus on C-Level Execs and Bloggers is interesting... but not how I would have done it... Certain bloggers and C-Level execs that were listed certainly belong to be there... but I think the emphasis was missed... The end of the list contains the real influencers and even that portion seems to have missed the boat. H.D. Moore, Fyodor (which is spelled incorrectly on the list) and others are the ones that it should be focused on... Those are the people that I think deserve to be considered as the influences for 2007. Others that should have been on that list that were not included... Jeremiah Grossman (sure his blog was mentioned briefly but he should have had his own number), RSnake and David Litchfield for example. Web App Sec and Database Security are still growing issues... WebAppSec is getting bigger daily and we recently saw the release of a Free Database Security Scanner. Others should not have been on the list at all... Kevin Mitnick for example... that turns the blog list into a 90s throw back... How about Kevin Poulsen and Tsutomu Shimomura...
So Congrats to the decently large number of you that deserve to be on the list... and to the authors of the list.. Consider leaving the 1990s hero worship out of it next time... especially if you're attaching a date to the list... If you want to play out the hero worship bit, you might as well include the entire TLC Hackers Hall of Fame list. I may release what I consider to be a more accurate list in the near future.
Now that I've sufficiently irked a large number of people... that's it for me...
“I may release what I consider to be a more accurate list in the near future.”
Yes, please do.
That list has been out a while now, but it was “rebranded” to be that top 59 whatever list. Previously it was just someone’s list of sites that were on that site. And yes, Fyodor was mispelled then too.
Of note, if you actually read closely on the snippets, it becomes very curious whether the author even reads some of them or knows them at all.
Corrine,
You’ll be happy to know that Ryan (from numerophobe.com) and myself are redoing the list and will be releasing what we consider to be an actual Top XX List..
LonerVamp,
Thanks for the history… btw how are ya coming on the VERT Challenge.. did you put anything together?
I started in on it, but have not gotten around to decoding the string that one of the listening ports responds with. Been a busy week, sadly.
Winny both impresses and annoys me. It is impressive how such a small tool can do such big things. And it annoys me that such a small tool can do such big things. Puts the futility of some security ideas and initiatives into perspective.