Thursday, May 26, 2011

The Trouble With Open Sores Source

Caution: technical geek-speak ahead

I have three production MySQL servers on our farm here at work, scheduled to dump their contents nightly to a backup server (which in turn gets written to a tape and taken offsite in case of catastrophe). But as it turns out, only two of the three were actually writing their backups, probably because I was using an outdated version of the administrator tools. No problem, I thought, I'll just upgrade to the newer MySQL Workbench and set up the backups from there. Having no experience with the Workbench platform, my first step was to check the internet's manual (a.k.a. Google) for some instructions, where I came up with this piece of helpful advice:

[Workbench] does not have the "Schedule" feature [for backups]. We are hoping for a community plugin to do that.
Translation: We didn't put this critical feature into our product; we're hoping our customers do that for us. That's some fine way to run a business. I can just imagine the cacophonous shriek from the *nix community if Microsoft did something like that. Why is one of the larger corporations in the open-source market (MySQL is owned by Oracle) immune from similar criticism?

Wednesday, May 18, 2011

Pwny

About two weeks ago, I got an "Important Customer Notification" e-mail from Sony's Online Entertainment division. At first, I dismissed it as spam, but as my mouse pointer headed for the delete button, I read the preview, and discovered that it was, in fact, a legitimate e-mail. Its purpose was to inform me that my account was one of the ones potentially accessed by the black hats in the recent highly publicized breach of Sony's systems.

At first, I couldn't remember why or how Sony would have any information of mine to give away. I don't own a PlayStation (at least not one with network connectivity; I do have an original PSX gathering dust in a box in my house somewhere), so how could my data be on Sony's servers?...Wait a minute. Back in the day, my gaming group was part of the beta test for Planetside, sometime around 2002 or so. (The game came out in retail form in 2003; I opted out at that point.) And then I thought even further back, and remembered my brief experimentation in my early 20s--not with chemicals or sexuality, but a brief three-month dip into Everquest.

At that point, I relaxed considerably. The information Sony had on me was completely obsolete--since that time, my home address, phone number, and any credit card data they may still have on file are completely changed and obsolete. But the bigger question here is why did they still have this information? How much money are they spending to warehouse out-of-date customer data that's doing them virtually no good? And how much business are they going to lose in the future when a customer like me, when deciding between a Sony and a competing product, remembers that moment of panic when they get the notification that Sony might have put my personal information at risk? To be sure, Sony should be getting all of the criticism they're receiving about their security practices. But their data retention policies appear to be getting overlooked here, and we all know what happens to people who don't learn from history.