How To REALLY Manage An Active Directory

Here’s a question: What do you do when an employee leaves? Free up his desk, change his password, ask him for his parking pass back?

What about his email account, authorizations for groups, online Active Directory account entry, and so forth? In a small company, there might only be a few things to turn off and close down when someone leaves, but in a bigger company, it can grow exponentially.

For example, while looking at a case study from a company that offers Active Directory management products, they detailed their experience with New York Health. In a company that big, there were several issues.

For example, what about accounts no longer being used (employees no longer there, for example), which created a potential security issue – after all, if someone else used that account…

Another aspect is what else the previous employee used. In this case, they also had a Groupwise account, which could then be closed, saving them money. Of course, if no one remembered, it cost money – which was the purpose of this other company’s tool (called DSRAZOR), to enforce audits to catch problems, like accounts with no login for 90 days. It even scanned hard drive spaces for cluttering files like MP3s, freeing up space to use for the directory!

Nowadays, it’s obvious that computers have grown too big to keep track of easily and solutions to automatically catch changes all across the board are vital. It was an interesting read about this product and how it saved a company money, and a real education in the costs of forgetting an account change!

WordPress Comments – and My ‘Comment Killer’ Plugin

It’s time to get the comments…

If you use a WordPress blog, then you know that checking the comments is a huge deal – and needs to be done far too often for what is mostly spam.

What to do?

Awhile back for ActiveBlogging members, I wrote a plugin to kill comments dead – Dave’s Comment Killer for WordPress – but it’s not your typical comment plugin.

Why?

Because it lets you dump ALL comments!

WordPress has a real problem with comments. Even if you refuse to accept any via the WP settings, spammers can still blast them – and you still have to clean them out. For non-blog blogs it’s a pain.

My plugin lets you automatically dump ALL comments – silently – perfect for regular sites where commenting isn’t used (or needed).

And for sites like this one? I have a setting to detect links – more than ‘X’ links in a comment (which I can adjust in the plugin) and the comment disappears automatically.

Think about it – most spammers want something for their time, and that ‘something’ is a link (or two, or fifty). With this plugin, comments with huge numbers of links are deleted automatically.

And as a final option, I can get an email every time a real comment makes it past the filter – allowing me to approve good ones ASAP.

Take a peek at Dave’s Comment Killer for WordPress – if you need a new way to kill comment spam on WordPress for ‘non-blog’ blogs, this will do a treat for you.

Why Beginner’s Guides for PHP (or Ajax or…) SUCK

I heard about another “Beginner’s Guide” release today – and every time I hear that phrase I cringe.

Not because beginner guides aren’t useful or good – we all started out with them (and despite the truly insulting title, I find the Dummies line of books to be great introductions, great “beginner’s books”).

It’s because of a small subset of those books – beginner’s books on online programming topics, like PHP, Perl, mySQL, Ajax, Javascript, and so on.

The reason – teaching BEGINNING online programming teaches you just enough to be dangerous to yourself and others!

I can teach you PHP, and I can call it a beginner’s guide – but if I leave out security programming, then I’ve done worse than nothing – I’ve given you just enough details to think you can write safe code – but you can’t, and you will well pay dearly for it.

For example, most beginner’s books talk about getting in form data with a command like this (here in PHP):

$x=$_POST['x'];

Sounds good – but that line holds a huge amount of pain if that’s all the teaching that goes into it:

  • Is the result going to be put onto a web page? Then unless it’s displayed properly, it can open a giant security breach on your website.
  • Perhaps it’s going into your database? Again, without careful filtering, you could have one of those famous ‘injection attacks’ we hear so much about.
  • Or maybe you’ll just make use of it in subsequent code? Fine – as long as you’ll realize that that information can be (and may well be) ANYTHING.

It’s not a minor thing – people online delight in seeing what a form can “take” (I know, I’ve done it too). And there’s some people out there that aren’t just having fun – it’s serious (and illegal) business for them. Crack a site, and there’s a new base of operations for nasty stuff – and YOU pay the price for it.

So to everyone offering “beginner’s guides” for online programming (and you know who you are) – add a solid chapter on security to it. If you don’t, then you’re hurting everyone – by giving beginners a false (and dangerous) sense of accomplishment, and providing the rest of us problems needing to be cleaned up.

What Went Wrong With Open Source?

I admit I’ve been in a cave for the past decade or so – but remember when Open Source was the greatest thing since sliced bread?

Collaborative software and the philosophy that “to enough eyes, all bugs are small”. It sounded so good, and the future was so bright.

What happened?

I have a theory: we all got broke.

The fact of the matter is, Open Source is wonderful – but ask most OS folks, and they’ll tell you, it doesn’t put bread on the table.

Now I don’t want to fight anyone out there on this, and I’ll be happy to be proven wrong, but the fact of the matter is, when you have to work all day, and then do a little free programming at night, what goes first when the job situation gets tough?

And while all night coding sessions are fun in the teens and twenties (I know; I’ve been there) what do you do when you get older and settle down – and the rent is due, and the kids need new school supplies in September?

Goodbye Open Source – and hello, closed source (paid) programming.

Now there are exceptions to this: the people that work on some of the most popular software are doing well, and some can make decent money. But compare those somewhat rare exceptions to the majority of people working on Open Source – and needing ‘real’ jobs as well.

And then compare the ceiling for those people: how many of those OS people will ever reach a Larry Ellison or Bill Gates in earnings?

I embrace Open Source. I think it is the future for software. And the quality is there (notice Apple’s success in using the Open Source FreeBSD operating system for the Mac). But obviously, there must be money in it. So here’s some ideas:

  • Companies can be scared easily (such as with the FUD from Microsoft on patent infringement). We need someone to certify, insure, or otherwise provide legal comfort to allay their fears, and encourage them to migrate.
  • We need to understand it better. The problem with Open Source is everyone wants to program, and no one wants to document. And if aficionados can’t understand it, then how can others? So reach out (ie pay money) and there will be no lack of people deciding to write documentation – and educating everyone on how to use all aspects of the software.
  • Support needs to be front and center. Start new companies that exist simply to provide support of OS products. Have them do a per-month or per-call fee, and see how popular OS gets (or make it easier – sell a bundled OS program for a small price, and include 1/2 hour of free tech support).
  • Focus, focus, focus. Until people agree on a single OS for each category (and for the operating system), then you have one big company (MS) against a rag-tag group of individuals. Guess who’ll win?

In reading this, it’s obvious the real issue – a centralized authority is needed to get cracking on getting Linux and Gimp and Open Office and other Open Source products out there in a professional manner. Some company that manages it all, from software to updates to tech, to programming to design to support, and makes gobs of money doing it. Somebody kinda like Microsoft.

Hey – maybe that’s why they’re so successful…