Well to address the article directly, the author is being quite unfair. For a technical magazine they sure avoided being technical unless it suited
them, even then they were vague as to why they potentially could be avoiding moving as quickly as they should.
Anyhow, with that being said here is my response to the article.
Oh wait, I am sure people want to know my credentials.
12 Years Web Application Development & Design.
I am proficient (some certifications, not all) in the following coding languages:
I have worked internationally in the USA and Canada. Ive lived in New Jersey, New York, and of course my Nations Capital Ottawa. I currently work for
the government as a Senior Web Developer within our Intranet. I have done CISSP Training, am very well versed in PCI Compliance and OWASP Standards,
Follow the W3C guildelines and continue daily to educate myself. Want a resume, U2U me and ill be happy to provide it as proof along with any other
proof you want.
First ill address Wikileaks population issues.
Wikileaks was popular and they were managing fine for awhile, probably just barely. However due to the amount of traffic they got and the type of base
they had, upgrades they should of made but didn't were probably put on the backburner while they focused strictly on content. Which is Paramount. (So
is architecture and useability, but thats the man behind the curtain, its the show that drags in the crowds. Tough Balancing act to say the
least...without one the other falls.)
Since they were thrust on the world stage these issues now have to be addressed. First you need a setup that can handle the traffic with load
balancers and other hardware for further protection against hacks, exploits and vulnerabilities and also someone to run that hardware. Your talking
big money here. Even for one site. You might as well launch 10 sites because you can use the same hardware for that many sites without it flinching
really. Unless all 10 are massively popular...getting a bit off track here...
SSL is attached to domain, domains are attached to DNS', DNS are attached to your server. Why didn't they buy an SSL? Potential reasons:
- Moving servers, if their moving it makes sense to wait to buy the SSL once the move is completed. If they haven't chosen where their moving yet it
may also affect the purchase, so its again better to wait.
- Upgrading architecture and functionality and security of submissions, why buy an SSL you wont use for 2 weeks or more if its 24 hours to set up and
you pay by year? Business sense says buy it once your new upgrades passes the stress, security and exploit tests.
- Legal issues, if they want to remain off USA jurisdiction then their server should be hosted in a country of their preference. Perhaps they are
seeking legal advice on this and we all know how fast lawyers work when your pockets are emty right?
I can go on and list a few more reasons but i believe this is sufficient.
Security for them is going to be tough, since they are using an Open Source software they might need to re-write a lot of base code. I dont know how
many coders are working at wikileaks, but if its one guy, expect long delays in updates to the sites functionality and site bug fixes.
Since they also didn't develop the wiki they also have to be careful on upgrading the wiki if they made changes to how it works in any way.
Its a tough thing using open source sometimes, its great to start but once you want to make an identity for yourself and move away from the open
source programs look and feel and overal architecture its very difficult .
Anyways, im almost at the max allowable post here....sorry for the long winded post but i found the article unfair.
CISSP - www.isc2.org...
OWASP - www.owasp.org...
PCI - www.pcisecuritystandards.org...
EDIT TO ADD LINKS
[edit on 2-7-2010 by EspyderMan]