Skip to content →

Follow up to New Scientist article on Mashups

The New Scientist has written an article about the Mashup panel I participated in at last month’s CHI 2006 conference. It’s not a premium article, so you can read it here if you don’t want to buy a copy of the magainze.

New Scientist logo

NS has decided to focus on the “security issues” associated with Mashups, which were raised part of the way through the panel by Hart Rossman, chief security technologist for Science Applications International of Vienna,

At this point I’d like to point out that both Bret Taylor (of Google) and myself were a little concerned about the participation of a security expert because neither of us feel security is (currently) a significant issue in the Mashup scene.

Don’t get me wrong, Hart was a really nice chap who definitely knew his stuff – but the issues he raised either missed the point of Mashups or applied to any-and-every-other data transactional website, be it Mashup or otherwise.

(you can read some of Hart’s concerns in the New Scientist article)

The thing about Mashups is that they are experimental. Many of Hart’s concerns stem from the fact that people might think they are “fully fledged services”, and I guess he has a point on that one. But the answer is to make people aware of what they’re using, not bog down the innovation with restrictions.

I was asked for a few quotes by the New Scientist journalist after the panel and unfortunately he decided to only include the one where I agreed that people having to log into third-party accounts via Mashups were an opportunity for spoofing.

My other point that much of this was about experimentation and innovation, and not the creation market-ready products, was sadly omitted.

JP Rangaswami of the excellent Confused of Calcutta blog was understandably disapointed with the article and in turn the panel. His take on it:

..the headline: “Mashup” websites are a hacker’s dream come true. Most mashups are derivative sites and could perhaps reflect the so-called security weaknesses of the originating sites. Sounds like someone trying to sell me more Information Security consulting.

And most interestingly of all he concludes his post with the following:

We need to ensure that the weeds of DRM are not allowed to choke the mashup flowers. Let a thousand mashup flowers bloom. We need new answers to identity and access, but we are not going to get them by constraining new ways of doing things with old ways of stopping things.

JP is spot on – and this let me tell you is coming from the CIO of investment bank DrWK (although he was writing in a personal capacity).

These guys are doing some amazing stuff in this area, and are very forward thinking (check out my previous post about some of their work).

I hear they are using wiki’s and RSS as part of their knowlege management and internal communication infrastructure. For an investment bank, that’s a pretty amazing stuff.

Published in News

One Comment

  1. I was present at the CHI session on mashups in Montreal last month, and I believe the New Scientist On-Line article ‘Mashup’ Websites Are a Hacker’s Dream Come True (plus ACM TechNews and others that cited it) did the community a disservice by presenting information as if it had been discussed publically at the CHI session.

    As you point out, Paul Marks’ article, particularly the material about hacking risks, is largely based on views held by Hart Rossman. Rossman was on the CHI mashup panel, and as you mention, he made a couple brief comments about security issues.

    However, Rossman didn’t express the specific concerns highlighted in Marks’ article during the CHI panel discussion or Q&A. Ben’s comments about Marks approaching him after the session for quotes reinforces my suspicion that Marks also hit up Rossman privately for juicy quotes – so the ACM TechNews synopsis presents a completely different perspective on mashups from the positive public discussion that hundreds of us heard at the CHI panel.

    It’s important to recognize that Rossman’s professional practice as chief security technologist for Science Applications International, and adviser to the US Department of Defense, involves identifying real or perceived security threats for a range of applications. Even so, Marks appears to have exaggerated Rossman’s concerns about the danger of mashups in the New Scientist On-Line article. Rossman speaks in his own words about mashup security in a clearer and less sensationalistic tone at

    I’d like to see Marks set the record straight out of respect for Ben and the other CHI panelists and the audience, and for the benefit of the community, including all of us striving to create new modalities of beneficial applications in today’s security-conscious environment.

    Jonathan Livingston, The Memory Project

Comments are closed.