Software Lifecycle Management, Web Applications: Users Wonder but don’t Trust
Wrapping up another busy week. Monday finally got the GO to rebuild a 4 year old website we did in 2003. The customer is so content with it. “Why upgrade? It looks OK, just do this content updates here and there once in a while.” All our talking about internet security hazards went plainly unnoticed. Until two pages failed victims to the Christmas-New Year’s holiday wave of oriental hacking. It was the first security breach since 2003. The customer asked us to fix it. We said the entire site must be moved to another server and rebuilt, this the only way to guarantee further high security levels and easy of expanstion thru modularity and backend http access. We’re still feeling that the customer hasn’t fully understood why are we so determined to move and upgrade their site, so far it’s looking good.
Well, here’s the drama of human nature: we’re anxious to elaborate and we’d take the looks while dropping the contents. A website is not a catalog of electronic sheets of paper, that sits there to dust and look good. But the website is only the tip of an iceberg-like web applications set, ranging from the plain HTML visible on the frontend, to gradually more complex languages like Javascript, CSS, XML, PHP, mySQL for handling relational data bases. Then it delves down to the software platform environment (Apache server, Debian) to reach the kernel of the operating system (GNU Linux, FreeBSD) and from here exiting the frontier of the software and entering the hardware realm: the physical machine sitting in a stacked box and called a server. Yes, paper catalogs use to lie in stacks as well, just the way from the stack to the paper page in the catalog is somehow shorter than the way from the stack to the webpage on the site.
Doh, it was me writing all these trivial things above? I can’t believe it. But as obvious it may look to me or you, I notice more and more clients ignoring it. So I find myself forced to repeat it over and over. To spare resources, I’m putting it here in a blog and refer it to whom it may concern in the future.
Interesting how users will buy a glossy carton box, with a shiny CD inside and a book, every other year. This is called “software lifecycle management”. The boxed software you bought in 2005 grew old, here’s the boxed upgrade for it, read the line, it ends with 2007, so it’s the latest hi-tech release, wow! Upgrade now.
Ahha, this is the music people like to here, and to pay for. What is less known is the definition of the term “software”:
Computer software (or simply software) refers to one or more computer programs held in the storage of a computer for some purpose. Program software performs the function of the program it implements, either by directly providing instructions to the computer hardware or by serving as input to another piece of software.
en.wikipedia.org/wiki/Software
Now move your attention from your desktop and the shiny CDs you bought in those attractive boxes at Walmart. Think that servers -computers after all- have their part of the software, or else you wouldn’t reach your Yahoo! or Google and CNN-pipeline won’t reach your widgets and so on. The internet lies on servers and the software that runs on these machines. What happens over a 4 year span on your desktop is not quite spectacular compared to the adventurous transformations taking place with server software over couple months time. This makes a strong case for upgrading websites. But let’s be more specific:
- Every site that we’ve build starting 2005 sits on an open source software framework such as Joomla or WordPress; I’m upgrading all these sites in a matter of days after a new security release is announced by the framework’s community of developers; for instance, this happened with WordPress 3 times in the last couple of weeks; with Joomla twice in november and december; it’s a dynamic process, proactively enhancing security against known and possible attacks; plus every such upgrade takes me less than 5 minutes and costs the owner of the site zero cents, no rebuilds, no FTP, no manwork hours, just a click and a check.
- Older websites were less streamlined, because we built them from scratch at a moment when content management systems were growing out of infancy; when I’m given to replace a contact name or an email, I have to FTP down/up an entire file; this implies wasted time for me and for the client as well, who’s having to wait after my schedule because he cannot FTP throughout a somehow complicated site structure; it’s inefficient, slow and primitive.
Compare this to a Joomla install where the client gets backend access so he can update content from his own browser, at a glance. Well, I grew tired of repeating this, but I fear I’ll have to keep on saying it, because clients do not pay much attention, like they’d rather live a happier life without bothering to consider an improvement option to their small business website. Then wonder why a site laid out in 2003 has been touched by hackers in 2007. And this, my friends, is still a minor problem concerning general user mentality in respect to computers and the internet. Read on and judge for yourself:
Major Internet Attack - No One Noticed
On February 6, 2007 an attack took place on the Internet which tried to take down the major backbone of the entire Internet. The attack against the root servers, which handles all Internet traffic, wasn’t done by stealthy minded hackers but by people just like us. People who have allowed their systems to be unprotected and that are now being used as soldiers for the invading force.
Hard to believe? Will it did happen. Sophos reported yesterday this very story in which they stated:
“These zombie computers could have brought the web to its knees, and while the resilience of the root servers should be commended, more needs to be done to tackle the root of the problem - the lax attitude of some users towards IT security,” said Graham Cluley,
If you enjoyed this post, make sure you subscribe to my RSS feed!
No Responses to “Software Lifecycle Management, Web Applications: Users Wonder but don’t Trust”
You can leave a response, or trackback from your own site.
