Joomla 1.5 to 2.5 Upgrade Complete!

Thanks to all of you who have endured a couple of weeks without the elixir of my constant posts. I know it’s hard to live without your usual dose of irascible white male geek, but I paused in my postings to make the painful, painful upgrade (not migration, oh no that would be too easy) from Joomla! (the exclamation point is unfortunately part of the name) 1.5.x to 2.5.x.

Was I a negligent fool to wait so long, for so many versions? Actually, Joomla (damn the bang) went slowly, slowly through the 1.5 versions, then jetted through 1.6 to 1.7. Then it leapfrogged itself to the 2.x series, which rapidly moved to maturity under the 2.5 moniker. So I let the madness run its course, the dust settle, and finally tried the migration using Jupgrade.

Ha. Fat chance.

Which meant doing a manual upgrade with the aid of a very nice commercial tool that was oh, so very worth the $35, from SP CYEND, called JUpgrade. This is such a prime example of small-business software development! I am an obsessive shopper and researcher (bet you haven’t noticed), and it took some serious convincing to get me to buy this component. But it is fantastic, and I’d recommend it to anybody. My stinkin’ time is worth far more than the cost of JUpgrade. Thanks, SP CYEND!

The Hacking We See Is The Tip Of The Iceberg

I’ve been trying to get this message across for years now. But please, don’t take it from me:

“What the general public hears about — stolen credit card numbers, somebody hacked LinkedIn (LNKD) — that’s the tip of the iceberg, the unclassified stuff,” said Shawn Henry, former executive assistant director of the FBI in charge of the agency’s cyber division until leaving earlier this year. “I’ve been circling the iceberg in a submarine. This is the biggest vacuuming up of U.S. proprietary data that we’ve ever seen. It’s a machine.”

http://mobile.bloomberg.com/news/2012-07-26/china-hackers-hit-eu-point-man-and-d-c-with-byzantine-candor.html

Is It Time for Spear Phishing Training?

It’s a provocative question: should you train your executive users – the direct targets of spear phishing – by simulating the experience?

First issue: why not a real experience instead? Because of the backlash you’ll get.

Second issue: are simulations effective? I’d say maybe.

Third issue: is that the right target audience? This is the real issue: it’s increasingly low-level employees who are targeted.

Regardless, check out one provider:
http://phishme.com/

Ten Years in Prison for a Website With Nothing But Links? It’s international prosecution at its best.

Mark Gibbs is one of my favorite NetworkWorld columnists, particularly because he shares my alarm at America’s numbskull thinking when it comes to cyber security. Consider one of his recent articles:

So you live in another country, say somewhere in Europe, maybe, oh I don’t know, England. In your perambulations around the Internet you find a load of stuff that interests you and you think “Hmmm, other people might be interested in this, I’ll share it online.”

You build a Web site that just lists the links … and links are the only thing on the site … and you turn it loose.

Next thing you know, your domain name is seized by the U.S. Immigration and Customs Enforcement (ICE) and the various United States government agencies are trying to extradite you so you can be prosecuted for “violations of Federal criminal copyright infringement laws”, a crime that could send you to prison for 10 years!

Sounds ridiculous? Well, that’s exactly what has happened to Richard O’Dwyer, a 24 year old British citizen who is a student at Sheffield Hallam University in England.
http://www.networkworld.com/columnists/2012/071612-backspin.html

Sounds ridiculous indeed. Here are the clear, strong Reasons Not To Trust The Feds:

  1. Failure to exercise discretion. O’Dwyer provided links, not materials. His activities easily could have been curtailed, if the were indeed illegal, with a letter from a lawyer. Proposing to send him to prison for 10 years is wildly overreacting: suspiciously so. Which brings me to this:
  2. The appearance of subjugation to the Motion Picture Association of America, which prodded this whole action into occurring.
  3. The appearance of selective enforcement. As Gibbs puts it,

    “What is totally insane about the charge that O’Dwyer’s site was infringing anyone’s copyright is it was just a list of links … a list of links much like one that you might get from Google, Bing, or Yahoo. Will any of those companies be hauled into court for the same charge? I think not.”

  4. If England agrees to extradite O’Dwyer, that means that anyone in the world could be subject to the same treatment if they so much as post a link on Facebook or Twitter that someone decides somehow infringes on a copyright.

These are the same Feds who are asking hackers to join them in cyber defense? When the Feds demonstrate this kind of lack of discretion, any hacker should think twice about their own safety.

These are the Feds who are asking security experts to come defend American corporations? Why, so they can do THIS?

These are the Feds who enforce some laws, some of the time, other laws with unreasonable ferocity, and many laws not at all? How can any security expert feel SAFE working with them?

And these are the same Feds who want us to help protect against international threats – when they ARE one of the biggest threats?

When an outsourcer returns home and can’t find skilled workers – because they’ve left the field – what’s the solution?

The Great IT Skills Mismatch, Episode 10,000,007:

I was just contacted by a Ruby software developer here in NM who is looking for a local developer to hire.

I was studying Ruby right up until this very same developer told me he was outsourcing his coding to Mexico a few years ago. I dropped that course of study like a red-hot rock. What a shame, now.

But it was still the right decision. No one can wait years for a slim payoff on a high-effort, high-stakes investment.

What’s broken is that businesses want highly skilled people on the instant, and they want them cheap. I am curious, if any of you are Ruby on Rails developers: would you take a job for $15/22 hour?

The upshot is that a culture of people working very cheaply don’t have the money to create the demand that companies will need to hire. Then people compete for lower and lower wages, incentivizing businesses to fire the expensive and hire the cheap. We call that situation the Death Spiral.

The only solution I know is to learn tremendously difficult skills and to bill accordingly.