Part of me chuckled at the so called hack that affected Twitter today, not that something like this couldn’t affect any site (although given the simple and well known nature of the attack, it really shouldn’t have hit a site like Twitter) but it did remind me of the days in the early 00’s when this sort of thing was common place and the sort of problems we all had to face when coding sites in that era.
Saved by TweetDeck
I was sort of surprised this week when I heard that 70% of people still use the Twitter website to send and read Tweets. I mean, Wired this month had a whole article bemoaning the death of the web, hasn’t Twitter read that and immediately shut down the home page. Hmm, no, in fact they just released a whole bunch of new functionality (which I can’t yet use, damn them) that can only be accessed via the website, just in time for the hack to emerge.
Wired do have a point though, more and more people are buying applications for their phones, as smart phones become cheaper and cheaper more and more people will buy apps, just as more and more people will get access to the internet for web browsing. Applications will use the old ‘internet’ for services for the applications on their phone and the ‘web’ will go back to being one of the protocols used on it, that being HTML over HTTP.
The thing about apps is that they don’t suffer the same attack profile as a web site, when information is mainly entered using an HTML form then that’s where people will look to attack. It’s harder to attack a series of apps that use a data feed, unless you can corrupt the feed in some way, as they usually will display the data in its own way, usually not using direct HTML or even in a browser.
Of course you could be using a compromised application, either downloaded onto a PC from an untrustworthy source or side loaded onto an Android or jail-broken iPhone in that case don’t say I haven’t warned you. In fact the careful cultivation of the App Store under iTunes and to a slightly lesser degree the Android Market place adds that little bit more protection to users than the wilful installation abandon people have on their home (and sometimes work) PC’s (and Mac’s and Ubuntu boxes, but as I said who’s bothering to write a virus for those relatively paltry level of users /jk!).
The fact that Twitter patched the XSS issue in relatively short order is one of the main areas where the web works well. The ability to roll out a patch to millions of users at once be it a patch or new features, after thorough testing of course, is only really possible with application that leave no trace on the local machine. Cloud based applications not only protect your data from hardware failures but they can also be patched or upgraded without you having to do anything. Now I know some people will not like this, the same sort of people who still use OS/2 because they don’t understand these new fangled operating systems.
Desktop and mobile applications require an upgrade cycle because they rely on you installing something on a machine. On a mobile application this can be more arduous as they rely first on the developer getting the new application checked by the store it’s being delivered by, and then you have to be notified by the store that a new version is available, finally you have to actually install it.
On the web once it’s passed the requisite tests, it’s just there. Updated lazily in the background or when you next log into the website.
Apps or Sites, your call as long as it’s the cloud.
I read a comment the other day, every time I open an on premise application or use an on premise server to create data, I take a risk with my data. Every time I use cloud services for all sorts of tasks I know it’s not quite as whizzy as on premise applications or servers, but I know if my machine or server dies it’s still there. All I need is another browser and I’m up and running again. No need to install an app, no need to worry about the operating system either mostly these days.
It works for me, I for one am happily replacing my offline apps for online ones when I can. Sure I still use some installed applications, I still love Live Writer for blogging for instance, Picasa for managing my photos and Google Earth for well just looking at my house from space, but those are my last few on premise applications I use at home (that aren’t games) and Google Earth and Live Writer are conduits for an online services.
I could do the same with my photos if I ever got the time, and there is the crux, as it becomes easier and easier to move data and information to the cloud, or if it has only ever resided there for many digital natives, then more people will and hopefully will be better off because of it.