Hack The Planet

Because if you don't, who will?

Wednesday, November 3, 2010

Learning from your mistakes

There is an interview with Marissa Mayer, a VP at Google, where the question was asked, “What have been Google’s biggest mistakes?” She answered that Wave, shutting down Dejanews and launching Gmail on April 1st (April Fools day) were the top three. I don’t want to focus on these though (shutting down Wave breaks my heart because it was great). I want to focus on what Google does really well. It learns from it’s mistakes and moves on quickly.

In my career I have worked at many start-ups and some of them have been acquired by large companies which retained me after the take over. When those companies took over you could actually feel the innovation and momentum just slow to a crawl. In a start-up you have to be fast, willing to change direction quickly and follow your instincts. If you don’t you fail. In larger organizations though it seems like it is frowned upon to challenge the status quo, to innovate or to create.

What Google does is different though (I don’t work there, never have and don’t know any one who does or has so this is an outside assumption). They build and test new ideas and if they fail to meet their standards they move on. But what they give you is some amazing functionality and great new ideas. Gmail, Google Earth, Wave (even though they are canceling it), Street View and Android. Any of these could have been done by another company but Google actually did them. They stepped up and tried it. Some of their ideas have failed, and some have cost them millions and millions of dollars but they continue to look for new ways to innovate and grow their business.

They aren’t afraid to fail and they even encourage it. Not that they want to fail or want their projects to fail but they actively learn from them and keep going out on a limb with new products and features. You can’t succeed if you don’t fail.

As Thomas Edison said “I have not failed. I’ve just found 10,000 ways that won’t work.” Don’t be afraid to fail. Be afraid of doing nothing.

posted by holliday at 9:33 am  

Monday, November 1, 2010

Firesheep – Because the name Firecow was taken

There are tons of posts on the new FireFox plugin, Firesheep. Firesheep is a plugin that allows you to hijack other user’s social network sessions that are using the same wired or wireless network as you are. Eric Butler, one of the co-authors, has a post explaining how Firesheep works.

The basics of the attack are that websites like Facebook use something called “cookies” to authenticate a user that has already logged in so that the site does not have to ask the user to login again until the cookie expires. The issue is that while the sites often encrypt the initial login they don’t often encrypt any additional network traffic which allows an attacker to capture the cookie and allows them to gain access to victim’s account.

To protect yourself from this type of attack you should always maintain an encrypted session with any of your social network sites. Some folks say not to connect to these sites at all on public WiFi but in general you are better off treating every network as untrusted or hostile and just encrypt your network traffic. You can use the Force-TLS or HTTPS-Everywhere plugins, though they may not work on every site.

The slides for Firesheep from Toorcon are here.

posted by holliday at 3:17 pm  

Powered by WordPress