Security

By Mike Gifford on 08/04/2009
Quick update, OpenOffice now ships with macro security set for 'High' so that "Only signed macros from trusted sources are allowed to run. Unsigned macros are disabled". By going to Tools -> Options -> OpenOffice.org -> Security -> Macro Security You can also set the security level to 'Very High' so that "Only Macros from trusted file locations are allowed to run. All other macros, regardless whether signed or not, are disabled." So if you are concerned with these articles, use OpenOffice.
Listening to CBC's Search Engine Podcast (which was removed by CBC sadly) I was reminded...
By Mike Gifford on 04/04/2009
I was fortunate to be invited to participate in a panel discussion organized by Andrew Ross of Ingress. The panel from left to right Roger Burkhardt (Ingres), Jean Bernatchez (Enterprise Stewardship and Internal Services Strategies, Chief Information Officer Branch, Treasury Board of Canada), Dave McIlhagga (DM Solutions), me & Donald Smith (Eclipse):

Business value of open source panel discussion from Andrew Ross on Vimeo.
I had a hard time focusing on what I was going to say to some of the questions that were presented to the panel, because of the responses from the other...
By Mike Gifford on 11/02/2009
One of the reasons given about why the government should worry about open source software is security.  I'm rather tired of this argument, so after hearing it one too many times, I decided to take some action. 
The concern is that if a piece of software is open for everyone, including hackers, it will be more vulnerable. This has been shot down any number of times, with some of the best known arguments stemming from the idea that many eyeballs will give you better confidence in the security of your software. Others security experts that have argued that good open source software is as secure...
By Mike Gifford on 03/02/2009
I attended an excellent talk last night about GCPedia that was presented by Jeff Braybrook, Deputy Chief Technology Officer for Canada at a Third Tuesday Ottawa Gathering. It was excellent to hear more about the history of the adoption of the open source tool Mediawiki within the Government of Canada. Jeff described Canada's CTO office as being "Hawkish about open source", and wanting to use it as much as possible. At a time when procurement officers and IT departments are still questioning whether or not open source can be used within government, this was great news.
His view that wiki's...
By Mike Gifford on 02/10/2008
I had to write a short note about a concern that was passed along to me about having public facing websites having databases on them.  The opinion passed along to me was that it was insecure to have a database driven dynamic website for a public government department because the database made the whole system less secure. 
I just needed to state clearly that it is the scripting languages that interact with the browser that are the main point of concern, and these are well used in most GoC sites.  Yes, if the .asp or .php scripts that are driving a page were badly written or just not monitored...
By Mike Gifford on 27/08/2008


Well, a year ago we decided to become a part of Canadian Federation of Independent Business (CFIB). I was convinced that there would be more financial benefits to belonging to a large body of small businesses, and I think those have been proven correct.  I also have called to get some support from them in the past and find the staff I've talked to be helpful and knowledgable.  The regulations and paperwork are difficult to keep up with and I am glad that the CFIB has sent me material that has helped my business stay within health government guidelines.


However, like all small business...
By Mike Gifford on 07/04/2008
So everyone knows that the Internet has people out there looking to gain control of your computer using some innovative new malware program that they developed. There are all kinds of reasons to do this, most recently I heard of malware that was targeting Tibetan solidarity NGOs in order to track their communications with people within Tibet. So although sometimes lives are on the line, most of the time though it is just to grab credit card information or to use your computer as a spam bot.
The Internet is a great way to distribute things, including Trojan horses, and it is important to be...
By Mike Gifford on 06/01/2008
We've had a couple exchanges with clients lately where they wanted us to develop code for their Drupal site, but they wanted to own the code outright and not have it licensed under the GPL. I thought I would outline here some of the reasons why this is problematic for us and why it isn't part of our business practice.
The first thing is that realistically in most open source software if new features are developed they are rarely done from whole cloth. With Drupal, we might need as little as 200 lines of code for a new module. To save everyone money, increase security/performance and be able...
By Mike Gifford on 12/11/2007
I was talking to one of my clients the other day and he wanted to know if his website was like a car where you can put it in a garage for six months & know that you can come back in six months and just run it as you would the last time you started it up. I played with this metaphor a bit. We've talked about doing a car-free example as well in the past, but for the moment I'll work with this one.
First, I want to differentiate the automobile from the skateboard. The skateboard is the old school HTML website that the web was founded on. It might be something that that was built with...
By Mike Gifford on 13/07/2007
NOTE: There is a new effort to do this in Ottawa with Tech4good.
Earlier this week I went out to Green Drinks Ottawa and had a really good conversation with a table of committed and very experienced environmentalists. Open source came up in conversation, and one of the people brought up security concerns as the main reason that their organization had decision not to use open source software, but rather to develop custom applications. I brought up a couple examples of how pretty much every big corporation is using open source software these days and are investing in its long term development....

Pages