SubscribeApple Safari Browser Automatically Executes Shell Scripts
February 21, 2006
One of the things I love about Safari is it’s ability to download and automatically “unpack” or “unstuff” a compressed file so you don’t have to. But that functionality apparently exposes a potentially very dangerous security risk.
Well, here's another little hole in the Safari browser that can be potentially very very dangerous. Easy to fix, and you should disable it right this very minute.
If you want the gory details you can click on the link above. Otherwise you should stop reading this right now, open Safari's preferences, and on the General tab you should uncheck the checkbox that says "Open ‘safe' files after downloading.
[Read more]Mac Virus/Trojan: Don’t open latestpics.tgz
February 16, 2006
As reported on the Macworld site, there is a Mac OS X Trojan horse or worm being spread in a file called “latestpics.tgz.” From the Macworld article:
Reports indicate that someone has let loose a “Trojan horse” or worm for Mac OS X users. The program is hidden within a package that purportedly contains screenshots of Apple’s as-yet unannounced next major revision to Mac OS X. Whether it’s a Trojan horse or worm seems to vary depending on the source of the information.
Turning Technology into a Commodity
February 8, 2006
Tom Peters reviewed a new business book over on his blog, and his closing comment claims “Canaries applies to GM .… and a new one-person business … equally.” IMO, this is hard to do! But based on the few quotes from Tom, this book succeeds. And it definitely applies to the web development business.
In the past 10+ years, we've seen several of our colleagues go out of business. We rarely win RFPs, as we typically come in as the highest bidder. I remember talking to one associate several years back, whose company had grown considerably. She described her company as a shark; it had to keep getting new clients to underwrite the cost of the existing clients.
That's not a sustainable business model. They are no longer in business. That's a small business story that relates to Corporate Canaries. This is my favorite excerpt from Tom's review of the book:
There are parables and such, but the bedrock notions are simple, profound, frequently ignored—and use-able starting today. There are just 5 key ideas. The first, "You can't outgrow losses." E.g.: "New business is a great thing, an important thing, and critical for success. But trying to sell your way out of profit problems only magnifies the trouble. Fix profits first. Then add business." Margin (profit) problems won't be solved by selling more low-margin, no-margin stuff. The malaise, "trying to sell your way out of losses," Sutton claims, "is the most common cause of business failure." (Yikes, does that strike—again and again—close to home.)
Living and working in such a price-sensitive culture does make it really hard to hold the line on prices. High prices that is. Most customers really believe they will be better off if they pay less. This is often not the case, but at least it seems to protect people from thinking they got screwed.
Only problem is, they may be getting screwed on the other end! What if your vendor goes out of business? What if your vendor does not have the margins to invest in training to stay ahead of the curve in helping you protect your assets? What are you saving by having a smart vendor, "on your team but not on your payroll" as we say about us here at Bare Feet Studios?
Large companies are now setting up software escrow accounts to essentially bank a vendor's code, to access should the vendor go out of business. We all depend on software and the internet to function minute by minute. It makes sense to be proactive in this way from the customer point of view.
From the vendor point of view, it makes sense to keep prices set at a sustainable level while educating customers on all the aspects of the value proposition. We have kept our prices above many (though not all) of our competitors, and are in our 11th year of business. We are also deeply appreciative of our clients, several of whom have been with us for nearly a decade. Lowering prices on services (unless there is some aggregation component to the price restructuring) usually ends up being a lose-lose proposition IMO.
So for any service vendors out there reading this blog, and especially small businesses, know that I've got your back and encourage you to find a way to let your pricing strategies keep you in business as a more competent professional, rather than being bullied out of business by well-meaning customers who just haven't yet learned the intrinsic value of your skills.
And to all of the investors and support professionals who advise start-ups and entrepreneurs, beware of the "penny saved, pound lost" approach to hiring professional services. Knowing when and were to bootstrap is a key decision. Knowing what is a commodity purchase and what is a value purchase is not the most obvious thing in today's marketplace.
COMMENT:
AUTHOR: Mary Schmidt
URL: http://www.maryschmidt.com
DATE: 02/10/2006 05:57:06 AM
As you know, I'm a huge fan of Peters. It's unfortunate that more people don't truly listen to him. As he titled one of his posts, "If I'm so smart" So, even he gets frustrated.
The challenge for any size company is to have the guts to be different, to not only talk but to act, and to recognize that you have to spend money to make money (a hoary old maxim, but oh so true, particularly when it comes to technology.)
One of the things I constantly hear from small businesses is that they desperately want and need more help with marketing. And, yet, they are very reluctant to pay for it. Of course, I can understand, it's tough carving out the budget for the seemingly "out there" and "soft" stuff (such as web sites and advice) when you've got to pay the light bill and employees. But, it really all comes down to: Do you want to be mediocre, constantly trying to "make it up in volume" or do you do want to be great (which isn't necessarily the same as big) and have terrific margins, loyal customers and an infrastructure (people, processes and technology) that enable to anticipate new opportunities and - yes - even create them? If you think small, you'll be small. And, cheap looks cheap.
P.S. I highly recommend "Good to Great" as additional reading. One key point: Being good at something doesn't necessarily mean you can become great at it. Recognizing this hard cold reality means a company may well have to move out of its comfort zone to be great.
-----
Mac OSX: Strong and Beautiful!
February 1, 2006
Scott Thompson, a member of our programming team, passed along this (author unknown) comment: “OSX is proof that it is easier to make Linux pretty than Windows secure.” (OSX is the short name for the Macintosh operating system, that now runs on Intel chips!) It was a timely comment, as we sent out a notice to our clients yesterday “announcing” the arrival of a nasty new Windows virus.
It is set to attack Windows (or as we affectionately say, "Windoze," as in doze, as in asleep at the wheel when it comes to security, ease of use, etc.) computers on Friday. You can read more about it here.
We just launched a new web site yesterday, San Pedro Overlook and as with every web site we build, there is about 5-10% added to the programming costs, just to make it work right on Windows computers and the Internet Explorer web browser. IE in particular does not play well with others, or to state it more bluntly, does not adhere to the W3C web standards.
Whats the W3C? To quote them:
"The World Wide Web Consortium (W3C) is an international consortium where Member organizations, a full-time staff, and the public work together to develop Web standards. W3C primarily pursues its mission through the creation of Web standards and guidelines designed to ensure long-term growth for the Web. Over 400 organizations are Members of the Consortium. W3C is jointly run by the MIT Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) in the USA, the European Research Consortium for Informatics and Mathematics (ERCIM) headquartered in France, Keio University in Japan, and has additional Offices worldwide."
In some ways it boils down to one of those "so last century" concepts that I like to talk about here in the blog. Having a proprietary system that creates barriers for others (like IE) is so last century! Having consortiums supported by loads of really smart people most of whom volunteer their time to help us all have a better web surfing experience, well that is very here and now!
If you want a better web surfing experience, get Firefox or as the bumper sticker says, "Friends don't let friends use IE!"
IE, microsoft, worm, firefox, W3C
If you really want to immerse yourself in this topic, check out any of the headlines on this page over at eWeek.
[Read more]
You can follow and connect with Roxanne on 
You can follow and connect with Shane on 
