¿Por qué es bueno usar tecnologías antiguas?

Esta pregunta también se puede plantear como ¿por qué no es bueno intentar usar siempre la última tecnología que ha aparecido?

En Quora he encontrado esta respuesta a la pregunta Why hasn’t Go overtaken Python in popularity?

Emplea el sistema de transporte Chicago “L” como base para su argumentación.

El tren que se emplea ya existía hace 40 años, ¿por qué no se cambia?

As it turns out, it’s highly affordable for Chicago’s CTA to stick to what’s already there. It reduces costs, and they can find engineers that can work on them! The lines themselves probably don’t permit much flexibility, either. Everything about these trains is known, so when they break, the maintenance time is minimal.

This approach allows the CTA to incrementally improve things without rebuilding too much. Trying something radically new is really, really expensive. Lots of legacy has to be supported. The train systems that go through massive overhauls have a TON of money flowing into them. The CTA is not one of those systems. Everything has to be rebuilt. That’s not cheap.

El sistema de transporte se inauguró en 1897, ha ido evolucionando, pero no se han realizado cambios radicales del estilo “tirarlo todo a la basura y empezar desde cero”.

Si esto está claro, si esto está estudiado y medido en otras ingenierías, ¿por qué en informática siempre existen unas enormes ganas de “tirarlo todo a la basura y empezar desde cero”?

El juego de caracteres en las páginas web: usa UTF8

Alguna vez me he encontrado gente que defiende el uso de las entidades de carácter, como á y €, para que una página se vea bien en cualquier ordenador, aquí y en la China. Pues no.

En la actualidad no son necesarias las entidades de carácter si se emplea el juego de caracteres adecuado. Todo se soluciona utilizando UTF8 (o UTF-8, utf8, utf-8 y alguna otra forma más de escribirlo), que es el juego de caracteres recomendado por el W3C en el artículo Choosing & applying a character encoding:

Choose UTF-8 for all content and consider converting any content in legacy encodings to UTF-8.

Además, en Using character escapes in markup and CSS, se responde lo siguiente a la pregunta “How can I use character escapes in markup and CSS, and when should I use or not use them?”:

Because you should use UTF-8 for the character encoding of the page, you won’t normally need to use character escapes.

It is almost always preferable to use an encoding that allows you to represent characters in their normal form, rather than using named character references or numeric character references.

Using escapes can make it difficult to read and maintain source code, and can also significantly increase file size.

En Codificación de caracteres: conceptos básicos se explican algunas cosas más.

No repita ninguna de sus últimas 10 contraseñas

En un servicio web que utilizo, el otro día me pidieron que cambiara la contraseña. Uno de los requisitos era que no repitiese ninguna de las últimas 10 contraseñas:

Además, la contraseña debía cumplir:

  • Empezar con una letra.
  • Contener números.
  • Contener mínimo una letra mayúscula.
  • Una longitud mínima de 10 y máxima de 14 caracteres.
  • Y el único carácter especial que se acepta es el guion bajo “_”.

¡Casi nada!

Brecha de seguridad en Quora

Hace unos días recibí el siguiente correo de Quora avisando de una brecha de seguridad. Aseguran que la contraseña estaba encriptada, es más, dicen “the passwords were encrypted (hashed with a salt that varies for each user)”:

We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.

What Happened

On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.

While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company.

What information was involved

The following information of yours may have been compromised:

  • Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
  • Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
  • Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)
  • Non-public actions, e.g. answer requests, downvotes, thanks

Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.

What we are doing

While our investigation continues, we’re taking additional steps to improve our security:

  • We’re in the process of notifying users whose data has been compromised.
  • Out of an abundance of caution, we are logging out all Quora users who may have been affected, and, if they use a password as their authentication method, we are invalidating their passwords.
  • We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements.

We will continue to work both internally and with our outside experts to gain a full understanding of what happened and take any further action as needed.

What you can do

We’ve included more detailed information about more specific questions you may have in our help center, which you can find here.

While the passwords were encrypted (hashed with a salt that varies for each user), it is generally a best practice not to reuse the same password across multiple services, and we recommend that people change their passwords if they are doing so.

Conclusion

It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.

The Quora Team