Cloud User’s Bill of Rights

Want users to use your cloud-based web site?  Follow these guidelines, so that users can sign up easily and use it.  Sadly, there are soooo many ways that web sites can do this wrong.  The result is a bewildering variety of inconsistent and sometimes incomprehensible mechanisms that unnecessarily annoy the very users you are trying to attract.  Continue reading

The Anti-SSL Conspiracy

This post is about secure internet protocols, and mainly about a bizarre phenomenon that prevents us from using SSL security in many situations where it would be useful. What is bizarre is that I don’t think anyone intends it, but there seems to be a natural reaction that leads to less secure systems.  While some might attribute this cynically to element who want to make money, I don’t think that is the real driver in this case.  Instead, it seems to be natural tendency toward the “security purist” who would rather be completely open and unprotected than to be partially safe. Continue reading

Web Security vs. Superstition, Part 4

Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles.  Part 4 is about some strange behavior I have seen in security groups and other insanity. Continue reading

Web Security vs. Superstition, Part 3

Web site security is a very important issue to me. I find it frustrating sometimes dealing with people who operate based more on superstition and urban legends than on solid principles.  Part 3 is about an experience I had with a public forum, and their justification for deviating from these guidelines. Continue reading

Web Security vs. Superstition, Part 2

Web site security is a very important issue to me. I find it frustrating sometimes dealing with the “security experts” in IT who operate based more on superstition and urban legends than on solid principles.  Part 2 is in response to my meeting with such a “security expert”. Continue reading

Security and Email Confirmation

I was using a site today that has a “security” procedure that is so poorly designed, that I thought it was worth discussion.  When it comes to aspects of security, I believe it is a good idea to publicize wrong approaches widely, so that those implementing web sites will learn not to take that approach.  Let this be a lesson. Continue reading