Version Boredom
I just finished updating the three sites that I maintain or administer with Movable Type.
The upgrade was, as usual, remarkably painless and well conceived. The Trotts really do a nice job with the design and support of MT, and I encourage anyone who's using it to consider making a donation to them for their hard work.
But that's not my point. The point had to do with a column Reynolds wrote recently on Version Fatigue, the frustration and malaise experienced by many people when "new and improved" versions of software come out, and many old tasks must be relearned with new releases.
That's never really bothered me. I actually like new releases of stuff. When the Trotts upgrade MT, for example, I just know it's gonna be full of good additions. Now, the last major upgrade changed the layout somewhat, and I didn't really like that at first, but the new features made it all worthwhile (and logically, the layout is now better). This last "minor" upgrade is also quite an improvement. They've added two features that ostensibly could qualify this as a major upgrade: mySQL support, and blogback support.
I've never worked with mySQL before, but fortunately my web host's implementation of it is largely idiot proof, and it was relatively easy to port the databases from various sites over to mySQL (thanks, again, to the Trotts' careful planning and documentation). The reliability and speed improvements are going to be nice, and I think as I begin to fiddle with PHP and mySQL more on my own that I will be pleased with the port. But it did require investing some time in learning how to do it -- a type of "version fatigue" if you will.
But ultimately, the time invested is/was worth it because I like the tinkering and the learning. And that may be another characteristic that separates the Pro Bloggers (journalists and other writers looking to promote themselves on the web) from us Hobby Bloggers. I actually *like* getting my hands dirty with html code. I think it's kind of cool to know how things hang together in Apache. I *wish* I had the time to learn about 1% of what my friend Atlee knows about web engineering and server and database management, just for the sheer joy of knowing it. In that sense, I don't suffer from "version fatigue" but version boredom! Bring on the new, and better, and more efficient! And challenge me to learn the stuff! It's fun. And yeah, I kind of enjoy the writing and reading and posting of things I find notable as well. There's a neat synergy at work.
Now, I certainly can understand people who are happy to get things working and leave it at that. Not everyone thinks it's fun to play around with their tools, or to learn things unrelated to their specialties. In fact, I've seen this lately as I've been educating myself about wi-fi security. I mentioned in an earlier journal entry that I spent the weekend locking down my wi-fi setup at home. I also spent a lot of my time over the weekend educating myself how wi-fi works in order to be able to get the security where it should be.
And what's bad is, most wi-fi access points are a security NIGHTMARE out of the box. The most popular brand, Linksys, is very easy to configure right out of the box. Most users with a relatively normal broadband connection will only need to spend about 5 minutes to get the thing working with a major-brand wi-fi card, if that long. Unfortunately, most people leave it at that, and create major security risks for themselves, because the Linksys APs (and most popular APs, including NetGear and D-Link) come out of the box with Broadcast ID enabled, wireless encryption protocol disabled, a default SSID, and a default password to log in to the box itself! Basically, what that means is, with my laptop and wi-fi card, I could drive around, log into your system, break into your network, and lock you OUT of your own broadband connection! Not good.
And because most people are happy enough that something works out of the box (again, sort of "electronics fatigue" I would say), they don't even really think about these matters. You're probably thinking, "surely Whited is exaggerating." Nope. While I was doing my security research, I discovered the hobby of "wardriving" and "netstumbling" -- basically using sniffer software with a mobile laptop to drive around and check for unsecured wi-fi networks. I've spent a couple of hours actually out and about doing some "research." And what I found is astounding: about 75% of all wi-fi APs that I've picked up (over 100 driving around Montrose and then downtown on two separate evenings) are totally unsecured, still operating with their default settings! And throwing out the businesses in downtown Houston that had enabled WEP and changed their SSIDS (but were STILL operating in broadcast mode -- not good!), that number goes up to greater than 90%! Some of the people who HAD chosen to change their SSIDs but not their broadcast mode even changed the SSID to their names! Nothing like having an unsecured wi-fi network AND giving it your own damn name! Anyway, I could easily have "stolen" their bandwidth, or much worse, had I been malicious. But I'm not -- just curious. A couple of interesting things I did learn, though: 1) I should invest in Linksys, as they account for the vast majority of residential APs I picked up in Houston, and 2) Apple APs all had WEP enabled, leading me to believe they come that way out of the box, which is good (but not good enough).
I realize it takes some time and effort to figure out at least a little about the technology one uses. Flashing a wi-fi router's firmware sounds like a daunting task (it isn't, but it sounds that way), as do enabling wireless encryption protocol and turning off shared authentication and blahblahblah-technical jargon. Companies probably should at least put a little more emphasis on such matters, though, because it's not nearly as daunting a task as replacing all of those files some malicious hacker wiped on your machine, or clearing up your credit after that same hacker stole your identity with documents you were essentially broadcasting to the world because you were too fatigued to lock down your system.
As the technological tools we use grow more advanced, we will probably see more of these sorts of problems. Microsoft is beginning to see it as an issue to exploit, of course, and their Palladium initiative is likely to appeal to the lazy fools who, with all seriousness, actually use Microsoft and Security in close proximity in their sentences! But ultimately, the responsibility of maintaining privacy and security is going to rest with the end user. And it's probably going to be tiring for many.
But me? I can't wait until I have time to redesign this site to make use of that blogback feature, and some of the other stuff in v.2+ of MT. Call it Version Boredom. :)
[Posted at 23:16 CST on 06/27/02] [Link]
