Alex Stamos : AppSec is Eating Security

I’m throwing this into the pile of arguments for “security and privacy are little but myths” discussions.  If top of the top companies, with multi-million budgets and hundreds or thousands of top security professionals get compromised, how realistic is it for the average Joe to protect his business?  I say – not very.

I think 80% of problems can be prevented with the 20% time and effort investment: minimize attack surface by removing and disabling everything you don’t need or use and limiting access to everything else, use layered defense where possible, use encryption where possible and strong passwords if you have to, don’t rely on security through obscurity, have log analyzers and/or intrusion detection system installed, etc.  But most importantly, make peace with the fact that being compromised is not the question of “if”, but “when”.  Prepare yourself.  Have an offsite backup and know how to restore your services in a completely new environment, if necessary.

And as far as your privacy goes, if you put anything private on the Internet, as well, prepare for it to be stolen and leaked.  If it never happens, consider yourself lucky.  Otherwise, just learn to deal with it.  It’s very unpleasant in a variety of ways, but seldom deadly.

Via EtherealMind.

1TB free Flickr storage

Gigaom reports:

“We want to make Flickr awesome again,” Yahoo CEO Marissa Mayer said.

Flickr is getting three big updates. All users will get 1 terabyte of photo storage for free. The site’s s interface is also being redesigned to focus on full-resolution photos — both in photo browsing and in search — rather than words and links. Users will be able to share the full-resolution photos by email, Facebook, Twitter, Pinterest and Tumblr.

This sounds amazing!  Also:

Flickr Pro, which had allowed users to pay for more storage space, is going away. “There’s no such thing as Flickr Pro today because [with so many people taking photographs] there’s really no such thing as professional photographers anymore,” Mayer said (though she acknowledged that there are “different skill levels”). There are still a couple of paid options: Users can pay $49.99 a year for an ad-free interface, and can add a second terabyte of data for $499.99 per year. It’s unclear what will happen with existing Flickr Pro memberships that users have already paid for.

I’ve been a paying customer of Flickr for years.  It was worth every penny.  But, at the same time, it was difficult to convince my friends to use it as there were some severe limitations for free accounts.  It’s nice to see them gone now.

The only weird bit of the blog post is this:

And, in addition to the iOS app Flickr launched last December, Yahoo is launching an Android app.

Flickr already has an Android app.  So I’m assuming they will just revamp that as well.

Marissa Mayer Has a Secret Weapon

Marissa Mayer Has a Secret Weapon

Fascinating!

For the past decade, she has been the doyen of a collection of some of the most talented young engineers and product managers in all of technology. These are the hand-selected prime talents of an accelerated leadership program at Google called Associate Product Manager (APM).

Mayer invented this program, led it and never gave it up. It was a key part of her tenure at Google. And now she may reap some benefits.

Don’t be fooled by the modest title, prefixed by that timid word “associate.” The most coveted entry post at Google is spelled APM. This is an incubation system for tech rock stars. “The APM program is one of our core values — I’d like to think of one of them as the eventual CEO of the company,” Google’s Executive Chair Eric Schmidt once told me.

Consider the first APM, a fresh Stanford grad named Brian Rakowski. He became a key leader of the team that built the Chrome browser and now is the VP of the Chrome operation. The second was Wesley Chan, who made Google Toolbar a success, then launched Google Analytics and Google Voice. He’s now picking winners for Google Ventures. Another early APM was Bret Taylor, who earned his bones by launching Google Maps. He left Google and co-founded Friendfeed, then become the Chief Technical Officer of Facebook.

Though not all APMs achieve such glory, they are generally recognized as elite. At any given time at Google, there are over 40 APMs active in the two-year program. And since Google has been hiring them since the early 2000s there are over 300 who have been through the program.

And the glue to the whole shebang was Marissa Mayer, who was the APM boss, mentor, den mother and role model.

Mayer thought up the program in early 2002. Google had been struggling to find PMs who could work within the peculiar company culture — team leaders who would not be bosses but work consensually with the wizards who produce code. Ideally, a Google product manger would understand the technical issues and sway the team to his or her viewpoint by strong data-backed arguments, and more than a bit of canny psychology. But experienced PMs from places like Microsoft, or those with MBAs, didn’t understand the Google way, and tried to force their views on teams.

So Mayer came up with an idea: Google would hire computer science majors who just graduated or had been in the workplace fewer than 18 months. The ideal applicants must have technical talent, but not be total programming geeks — APMs had to have social finesse and business sense. Essentially they would be in-house entrepreneurs. They would undergo a multi-interview hiring process that made the Harvard admissions regimen look like community college. The chosen ones were thrown into deep water, heading real, important product teams.

Delicious scare

During the last few days I’ve been asked by several people what I think about the scary bit of news regarding the shutdown of Delicious.   I’ve replied individually several times, but I feel that a blog post is in order.  So here it goes.

First of all, Delicious is not being shutdown.  Here is a quote from their blog:

Is Delicious being shut down? And should I be worried about my data?
– No, we are not shutting down Delicious. While we have determined that there is not a strategic fit at Yahoo!, we believe there is a ideal home for Delicious outside of the company where it can be resourced to the level where it can be competitive.
Secondly, if you are worried about your data, just make a backup of it.  Delicious had an export option for years.  Login to your account and you’ll be able to export your bookmarks from the Settings page.
Thirdly, I can understand that news like that could throw some people into a search for alternative mode.  And here are alternatives of them out there.  I haven’t tried any of them in years, since I’m a happy Delicious user.  But if I were forced to choose one day, Xmarks would be my first choice.  My reasons are:
  • All features that are vital for me are a part of the free subscription.  More features are available for premium subscribers.
  • Cross-browser support that covers all browsers that I care about.
  • Support for sharing of bookmarks.  That’s the main reason for me to actually use a social bookmarking service instead of a much simpler bookmark synchronization service.
  • Support for private bookmarks.  I want to share as much as possible, but not everything.
  • Easy integration with third-party tools and services.  For example, using an RSS feed.
  • Support for direct import from Delicious.

But with all that said, I want to stress it once again – Delicious is not shutting down.  So if you use and enjoy the service, simply continue doing just that.  No need to worry.

What is Yahoo?

I came across a somewhat old question by TechCrunch’s Michael Arrington: What is Yahoo?

For me personally, Yahoo is, first of all, the company that bought most of the web services that I was using – Flickr, Delicious, and Upcoming back in the days when I was using it.  Secondly, Yahoo for me is a company no here, no there.  I appreciate how old they are and all.  But it never seemed to be serving any specific purpose.  It used to be a bookmark website, which I used for a bit, until it got overly complicated with categories, and SPAM.  Then it became a web mail and a search engine.  Then it an instant messaging provider.  Then a purchaser of some cool web applications.  Then a web developer resource.  And then I don’t know anymore.

It’s been a long while since I went to Yahoo.com and something tells me that I won’t be visiting it any time soon.  What about you?