Google to weight site security, hoping to push HTTPS adoption

The G-folks are going to be putting a weighted value on site security in website rankings in their search engines. The say it will be ‘light’ — at least at first — and probably affect most sites not at all or only slightly. But the ultimate goal is to spur adoption of HTTPS secure socket layer encryption across the web in the aim of improving security of login and other transactions.

In major shift, Google boosts search rankings of HTTPS-protected sites


Oracle DB upgrade makes it easy to spend $23k per CPU in just two steps!

Now that’s efficiency!

In the wake of a story from an ex-Oracle engineer that the database megacorp put in a pricey upgrade option that is automatically enabled and far too easy to invoke ‘accidentally,’ the O has issued an explainer… turns out the feature is, in their words, “not a bolt-on technology” — and it’s not automatically enabled, users must go through a whole two steps to spend their $23k per CPU.

Oracle Says Database Upgrade Doesn’t Enable In-Memory Option



WordPress 3.9 “Smith” ushers in big changes in the WP editor

The developers have dumped some great new convenience tools into the WordPress post editor, including greatly enhanced WYSIWYG capabilities for images and multimedia, the abilty to create medi player style playlists natively, even an import filter to strip all the ‘extra junk’ out of copy-and-pastes from word processors like MS-Word or from websites. And it’s named after one of our favorite jazz organists, the great and supremely funky Jimmy Smith. Be sure to watch the video exploring the new goodies!

WordPress 3.9 “Smith”


PS… might be seeing 3.9.sometime soon. I used the new video shortcode provided by this video for embedding in WP blogs (like this one)… but it didn’t work! LOL (I used a standard embed instead.)


Heartbleed security blow-out aggravated by CloudFlare flub?

Once again, security company, CloudFlare, find themselves embroiled in  a security controversy, this involving the just-revealed Heartbleed OpenSSL security threat.

According to ZDNet, the problem might have been easily contained if it weren’t for several possibly aggravating factors:

This bug [is] not a problem with OpenSSL’s inherent design. It’s an implementation problem. That is to say it the result of a programming mistake. There is already a fix available for the problem for the 1.01 program in OpenSSL 1.0.1g. Work is proceeding rapidly for a pair of the 1.02-beta line.

That’s bad enough. but what really has some operating system and security companies ticked is that OpenSSL and others were hard at work at delivering the patched versions that would have limited the problem’s possible use by blackhat hackers, CloudFlare, a Web security company, revealed in a blog posting details about the security hole and that they’ve fixed the bug. They appear to have used the methods described by OpenSSL. Unfortunately, for everyone else, these methods were not ready for broad deployment.

ZDNet: Heartbleed: Serious OpenSSL zero day vulnerability revealed

CloudFlare: Staying ahead of OpenSSL vulnerabilities


User comfort, auto-discovery, and more…

The topic of software design goals, user experience and comfort level, as well as the emerging notion of self-revealing or ‘auto-discovery’ designs came up in online conversations I was recently taking part in and they raised some interesting questions.

I see software user interfaces from the designer perspective — and one of the first things a good designer does is figure out how the downstream users will use the system. Sometimes the optimal use is only incrementally different from prior designs. Sometimes it’s radically different.

Without completely abandoning the ever-pertinent Dutch Uncleism of RTFM, the ideal from a design perspective is a UI that ‘explains itself’ as the user uses it — WITHOUT confusing him by constantly changing the aspect.

If the user understands the tasks at hand, goals, etc, it should make it easier to create such a UI. If Joe Sixpack knows a piece of software has a specific purpose, it’s ideal if that software follows his intuitive understanding of the process in some fashion.

That said, with the sorts of applications you’re talking about, there’s a potentail discovery process wherein we hope the UI ‘invites’ the user to explore and learn its use from the use itself.

Obviously, such design goals are a lot easier to lay out as ideals than they are to actualize. Today’s software design tools and the systems that run the software allow a lot of flexibility and offer a lot of processing power — but as technical hurdles to the creation of sophisticated, flexible applications are removed, we are left with less ‘comforting’ design strictures and more potentially perplexing freedoms.

And with greater freedom from past strictures come greater temptations.

Far, far too many sophisticated applications have been sunk by user interfaces that got trapped up in their own cleverness.


An industry laughs out loud at RSA’s lame denials…

RSA (aka, Verisign/Network Solutions) took $10 million dollars from the NSA to weaken their encryption services enough that government hackers could be assured of continued access to the ‘secure’ corporate communications RSA was selling to big-ticket customers.

Now they claim they had no idea whatsoever that their code was made intentionally insecure.

Of course… because they are about to be sued by a long list of very, very unhappy enterprise customers who were silly enough to believe RSA’s bogus promises…

RSA responds saying that it had no idea the NSA algorithm was flawed