Blahgorrhea

This whole “Web 2.0″ thing has got a bunch of people throwing up a bunch of sites really fast. Some of the sites are really good and useful and cool; while others are bad and useless and ugly. What strikes me about most of these sites is that in their haste to pop up on the web-o-sphere, they have forgotten some basic principles of web applications, of which the most notable to me is password security. Upon registration, almost all of these sites send you a confirmation email that includes your password in plain text. Yes, I am a bit paranoid, but think about it: most people use the same password for every site on the web. So even though your site might just be storing a list of RSS feeds that a person reads, you may have just emailed out the person’s password to their online bank account. I can only imagine that these sites are not storing the passwords encrypted in their databases. Makes you wonder what else they aren’t storing encrypted, or what they are doing with your email address.

Let’s get back to the basics, before we jump off the deep end again, ok?

It is quite possible these days for a company to fire its IT staff and move all internal applications to web apps offered by other companies. It is especially easy to do this at start-ups that don’t even have IT staffs to fire. My boss at my new job decided to go this route as well, claiming we’d be “eating our own dog food” as well as saving on IT costs. Our list of web apps includes Gmail, Kiko, JotSpot and Backpack. I was more than willing to give this approach a shot, but then I realized its drawbacks. [Continue reading…]