Code in the Sun

This post was inspired by listening to a fantastic episode of the Security Now Podcast. You can listen to it here: http://twit.tv/sn229

I just spent the better part of two days tearing up a completely good wireframe for a new web site feature because it simply could not be done do to internet security.

An elegant concept turned into a nightmare when I realized that standard browser security would simply not let us implement it. This realization turned into a inter-departmental scramble to redo the specs. And two full days later we are left with a not-as-great-but-functional web product.

So, what was the cost?

There is the cost to my company in man hours. There is the cost to the user in a slightly less optimal experience. There is the cost down the road when those users who find the web product too frustrating and decide not to give the company their credit card.

What was the benefit?

The users are protected from a potential security vulnerability that to my knowledge has never been exploited.

My point is that internet security is a HUGE cost, Both to the web site owners and the users. And for the most part, it doesn't even work.

I'm not saying that we do not need internet security, we absolutely do. What I am saying is that the whole internet infrastructure is such a broken mess, even the best security measures can only barely protect the average user from exploits, password hacks, and phising scams. And the cost is enormous for the user and the internet companies in time and money. The only people who are making out on this arrangement are the people who perpetrate the scams.

My next blog post will be titled: I Just Moved to Russia and I Have your Bank Account Number

i.am