Slashdot Mirror
Microsoft To Teach Undergrads About Secure Computing
Update: 03/24 18:00 GMT by J : Another report worth reading is Writing Software Right, which requires a free but annoying registration at Technology Review. This regards automated methods of finding software errors (not security specifically). Sun's "Jackpot" is discussed, a lint that also "identifies general instances of good or bad programming."
And Microsoft's efforts in this field are explained as well -- the company "paid more than $60 million in 1999 to acquire Intrinsa, maker of a bug-finding tool called Prefix. The program, which sifts through huge swaths of code searching for patterns that match a defined list of common semantic errors, helped find thousands of mistakes in Windows and other Microsoft products." As a Microsoft QA person says, "Our challenge is to get our software to the point that people expect it to work instead of expecting it to fail."
President George W. Bush will be teaching a course in diplomacy ...
...a course on honesty or fidelity.
Answer:
Turn it off!
take off every sig for great justice
When all you have is a hammer, everything looks like a skull.
Next thing you know Apple will be using Intel.
President Bush will be presenting a lecture series on international diplomacy and domestic economic policy.
This article is an obvious chance to bash M$, but take it easy.
Yes, many security holes in Windows occur weekly, but so do they in Open Source software. The only diffrence is, that the OS movement releases bug-fix's usually within 24 hours unlike M$.
GameTab - Game Reviews Database
If I were a student, or a college administrator, I would much prefer that a course in computer security be taught/aligned with a company that has a long, solid, proven track record in security, as opposed to a company whose track record is nothing but miserable. I know OpenBSD's security record is pretty strong, as is Apple's and I'm sure other vendors. But MS? It would be about like having a French general teach an ROTC class and makes about as much sense as Lybia charing the UN Commission on Human Rights and Iraq chairing the UN Commission on Disarmament (both of these are in effect right now, crazy as it sounds).
Some of the stuff there is good (some of it is plain common sense), but I wonder if they're applying it to their own products. Supposedly IIS 6.0 was designed and coded that way *shrug*.
Well for starters, I'm not gonna sit here and preach M$ security, because quite frankly, the whole idea of it is kinda scary.
But looking on a positive note, this can be really good for the student community, as I was stuck writing apps that accepted arguments in dos, I might have been inspired to have some real world coding experience come in to contact with my studies. So even if M$ is not the best candidate for this, it might spark interest for others to start getting involved into education and inspiring the new age programmers that are coming out of school.
Just a thought.
Posting useless rant since 2003.
So are you suggesting that no one in MS can teach secure and have secure code?
Remember. Windows was made over several years and hundreds (if not thousands) of coders. We're talking older code, and thousands of different coders.
But, hey, anything to insult MS, right?
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
It makes sense that they are doing this.
.net technologies, and the next generation will shun linux and MS will take over the world! .02, and then donate it to charity for a $300 dollar write off??
Linux as a whole doesnt have so much money they have to give it away at an enormous rate, so MS will train the up and coming sys-admins into Windows and
This is the same diff as MS giving computers to libraries all over the world. Isnt it nice that they can copy a software CD for
No I didnt spell check this post...
So this is how they are going to make hackers obsolete by turning them into bunch of MCSEs.
...a course on human rights or open democratic government.
Shouldn't this be under "It's funny, Laugh"?
(Score:0, Interesting)
Alright class, welcome to CS 95, how not to do security. Now open your text books to chapter 1: IIS. For homework, I want you all to draw a diagram of what you think about the security of that product, and please, no more pictures of the goatse man like last year.
So since when does the wolf get to teach about sheep herding???
Just another day in Paradise
A good university course in how NOT to do things! :)
(If the universities are smart, they'll offer this as a two part program... first "Microsoft on Security" and then "Ignore everything they just taught you"
Students offer Microsoft 11 week course on writing secure code.
paintball
You can find a description here.
The only difference is that this module was intended to make undergrads see the failure and risk by means of software engineering, and we did this by looking at various procedures for writing secure code, and we looked at lots of examples from history (the challenger incident, for example, etc).
This course seems to be aimed more at specific coding practices - avoiding buffer overruns for example. It doesnt look like they'll be told how to deal with failure once it happens (because it *will* happen). I also fear that since Microsoft will be involved, it'll be specific to Windows & x86 -- not a real life view of computing.
...and Hollywood is going to start honoring child rapists. Oh.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
MSPress actually has a really good book available called "Writing Secure Code". All it takes is a few bad devs to create a reputation for the whole company.
and Arthur Anderson (the accounting firm that caused Enron) is teaching a course in corporate responsibility.
Suggested course offerings follow:
CSI1001: Introduction to the necessity of 3rd-party security modules in a Microsoft environment
CSI1002: Trusted++ computing--how to manage your defenseless box on a multi-million node internet
CSI2001: Rapid HotFix/Service Pack deployment
CSI2002: (Continuation of 2001) Rapid HotFix/Service pack undeployment
CSI3001: Microsoft and you--Introspectives on long-term site licensing and vendor lock-in
"God is a comedian playing to an audience too afraid to laugh." -Voltaire
The students pay for the course with what they save on pirated MS sofware...
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
This just proves the old saying:
;-)
"Those who can, do. Those who can't, teach"
Blind to lead blind
geez, talk about the blind leading the blind...
I can finally learn how to write secure and reliable code from the masters.
http://saveie6.com/
I did a course in my computer engineering degree last term called Formal Methods where half the course we spent learning the "Cleanroom" method of coding. To put it simply this method makes you specify functions through math and the prove via math that your code does do what it is intended to do. Projects that have used the cleanroom method have reported roughly 2-3 errors per 1000 lines of code (on the first compile) and over 75% of the code compiles and runs correctly on the first try. They are very impressive number but they come at a cost of a learning curve and spending more time properly defining functions and classes. After doing that course I have a whole new respect for software verification. If anyone wanted to teach how to write secure code they should really invest their efforts in this proven method.
"I believe in everything in moderation. Including moderation." -Dean DeLeo, Stone Temple Pilots
Maybe you need a history lesson, but the Canadians and the Brittish drove the Nazi's out of France.
The Americans were busy with the Japonese on the west coast.
No offense to Americans, but it seems back then it took them quite a long while before realizing that the Japonese and German empires were a threat to their way of life, this time arounds seems to be done quite hasty, I'm sure the world would appreciated that kind of help back in WWII, they surely don't appreciate it now as there is little or no threat.
Mod me down if you want, I speak only the truth.
Posting useless rant since 2003.
Micrsoft engineers taught me everything i know about secure programming. Those guys really know their stuff and the new things coming out of redmond kinda just makes you want to just drop everything and clone/reimplement it for linux (which IMNSHO is starting to look like a 60's throwback).
:^)
If they want to brainwash^H^H^H^H^H^H^H^Hteach kids for free thats got to be good thing yes
Before adopting WHATWG, read the moonlight.NET EULA [http://www.microsoft.com/interop/msnovellcollab/moonlight.mspx]
Hey! Those people should also go to canada for some WAR ADVICE.
Secure Computing for Dummies... by Dummies.
Beauty is in the eye of the beerholder.
throw more mon(k)eys at it!
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
How about that anti-smoking ad by a guy smoking through a hole in his neck? Or inmates coming to school to talk about abiding the law? I think Microsoft has quite a lot to talk about on the subject.
I was wondering how OS-agnostic these courses are going to be, when I came across this quote:
Okin agreed: "We need to get input from others as well. Clearly, there is no point in these undergraduates learning only about Microsoft technology. We need a broad approach."
The reason I wondered was because so much of secure programming involves access control in many ways, direct and indirect. Obviously, Microsoft's access control mechanisms vary wildly from Unix paraadigms. I'm not a hardcore programmer, but I can only assume that priviledge escalation exploits under a Redmond OS would be very different from something similar with linux.
That sentence states unambiguously that the course will cover non-MS architecture.
I, for one, am impressed. Doing the right thing for once, the boys in Redmond.
Blearf. Blearf, I say.
Geez! They'd be the last persons i'd put in that position!
I mean, stuff like;
The IIS hole,
Outlook express,
The recent SQL worm,
Windows 9x's login etc.
There are friggin fishingnets who are more waterproof then microsofts code!
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Is there anything in this course that Microsoft could stamp as their "property," and forbid use of it in software attached to "viral" licenses?
Or is this more rational, generic thinking that anybody could use anywhere?
George W. Bush to teach a class about articulation and pronunciation of the word "Nuclear."
-- I am. Therefore, I think!
Leaving personal politics aside -- whether you agree or disagree -- it's certainly the case that Bush's diplomacy and Microsoft's security have been called into question and are the center of heated debate. In situations like these, the actual facts play only a modest role in shaping public opinion, especially when the "facts" are nebulous, subjective, and largely unquantifiable. There are no established objective measures of computer security, and even less of diplomatic success, that do not rely heavily on retrospective data.
In debates like these, perception and politics reign. And one surprisingly effective tactic is to assert the point under debate by calmly behaving as if there were no debate and moving on to the next step. If you simply act as if something is true, and act surprised when people question it, listener tend to build consensus around the confidence you project. Certainly the Bush administrations (and, of course, many previous administrations) have used this tactic extensively, and Microsoft seems to be using it now: If they're teaching a course on security, they must know security, right?
This places those arguing the opposite side (pacifists in the one case, the Slashdot majority crowd in the other) in the awkward position of constantly having to re-establish that the debate is still open, without boring, tiring, or otherwise turning off the only semi-interested public.
Note that none of all that maneuvering has anything to do with who's actually right.
.....teach"
Time flies like an arrow, fruit flies like a banana.
Teach By negative example:
"okay kids, Here's what NOT to do!"
In the future, I would want to not be isolated from my friends in the Space Station.
Microsoft's university program is closely linked to its Trustworthy Computing initiative, its companywide focus on securing its products, which was launched early last year.
Hey, check it out. Early last year Microsoft decided it might me worthwhile to secure some of its products.
I hear some time in Summer 2014 Microsoft is going to launch its Memory Leak Awareness Program.
Is this legal? How could they even do this in a public performance?
Texas Penal Code 30.05 does not allow this at all!
Maybe I'm strange, but I couldn't help but read this article's title as "Using Microsoft To Teach Undergrads About Secure Computing." Is there something wrong with that?
...this nation's peace-loving activists could have had a chance to talk with Saddam.
I'm sure that the typical 19-year old "War is bad" sign toting hippy could easily convince Saddam Hussein that being a tyrannical dictator is not the way to happiness and personal fulfillment, and I'm sure they could also convince him that gassing his own people and slaughtering the families of political dissenters is the Wrong Thing To Do and that he should just stop right now. Heck, the way he's treating our prisoners should just teach us a lesson that we never shoulda gone in the first place, right?
Or, on the other hand (to paraphrase an Iraqi immigrant I heard on the radio), maybe these protestors' simplistic, nickelodeon notion of "diplomacy" is not all it's cracked up to be.
Gee, War could be easily avoided if everybody just decided not to do it! Tell that to the Iraqi civilians who live in constant fear. Or maybe ask the former Human Shields who fled Iraq once they realized what a horrible regime Saddam runs... something the blissfully ignorant fruity-drink consuming protestors here will never be able to comprehend.
War is a bad thing. Not having a war, in this case, would be much much worse. We gave Saddam a chance. Many chances, in fact.
Diplomacy doesn't ever work when all your opponent does is spit in your face.
I forget where I heard it, but someone once pointed out that if your going to go to Spain to participate in the running of the bulls, you don't really want to talk with the people that managed to survive it... you want to talk to the guy that got his ass gored off because he can tell you exactly what to avoid doing!
Same thing here! Who better to tell us what security bugs to avoid than Microsoft.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
... U.S. President G. W. Bush has announced that he is stepping down from US leadership, and has accepted a position in the United Nations as head of a new organization dedicaced to the development of democracy through diplomacy through the world.
Those who can, do
Those who can't, teach
(and for you Woody Allen fans, "Those who can't teach, teach gym")
This would be like a serial killer teaching a course on ethics.
-- (Score:i, Imaginary)
Are they gonna use linux?
moo.
Microsoft doesn't ever work ...
actually, do I even need to finish that?
No threat? As far as I'm concerned, it's 1939 and Poland's about to be overrun.
Gamingmuseum.com: Give your 3D accelerator a rest.
I would much prefer that a course in computer security be aligned with a university and good general engineering practice and strictly eschew alignment with any company of any kind.
Don't they have a *professor* qualified to teach such a course, and if not, why would anyone go there?
Maybe I'm just being a *cynical* old fuddy duddy, but I smell payol. . . er, a donation. Ah yes, there it is at the end of the article. Go figure.
I also strongly suspect that day one will *not* feature a lecture on the benefits of UNIX, how to uninstall Outlook Express or the security features built into Sun Java.
Which is precisely the reason an institute of higher learning should shy away from such blatant association with a particular company who has a vested interest in the field.
What's going to be next, the Christian Science Monitor Chair of Internal Medicine or Powerbar Chair of Exercise Physiology?
KFG
Instructor Fox will be invited into the HenHouse to teach about security.
(sorry, couldn't resist)
When asked if Lunch would be served, Mr Fox responded; "yes, all who show up will be..."served", he chucled".
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
Ok, and let me guess. When teaching these students about secure programming, are they planning on using windows as an example of what NOT to do?
If you ask me, they are the last people that should be teaching about how to write secure code. If that is what you are after, talk to a *nix developer.
jlk
Isn't letting Microsoft teach secure programming kinda like letting the town drunk host AA meetings at Moe's Tavern???
Farewell! It's been a fine buncha years!
I believe their real motive in offering such a course would be to teach programmers to code for security the Microsoft way, so that things continue to get worse. Their definition of security of your machine is much like their definition of digital rights of your machine; they are not looking after your digital rights, and they are not looking after your security.
I'm an American. I love this country and the freedoms that we used to have.
German for "to set a fox to keep the geese" (thanks to dict.leo.org).
Denken hilft.
At least some of them have the bomb.
I guess those cemetaries on the French coast filled with thousands upon thousands of dead American soliders aren't really there.
Gawd I hate stupid people who don't know squat about history.
All bow down to the benevolence of the Redmond entity.
Yes, I'm joking
In the brief 200 years that the United States has been a country, they have managed to cause all kinds of terror. By sitting back in WWII and selling weapons and munitions to all sides of the war, they made a fortune. By funding small religious groups to fight communism, they managed to cripple the U.S.S.R. By labelling P.O.W's as illegal combatants, they were afforded the luxury of torturing information out of their prisoners.
It seems that the U.S. is now reaping what it has sewn.
By Iraqis? No wonder Poland is part of the coalition.
CO-HOSTED DINNER PANEL: Churchill Club/RSA Conference
How Dangerous is it Out There? - The Current State of Online Security
PANELISTS:
Kevin Mitnick, former hacker, founder of Defensive Thinking, author of The Art of Deception
Jeff Moss, President and CEO of Black Hat Inc., founder and organizer of the Black Hat Briefings
Gregor Freund, CEO and founder of Zone Labs, Inc.
Fourth Panelist - TBD
WHEN:
Monday, April 14th, 2003, 7:30pm-9:00pm; registration and buffet begin at 6:30pm
LOCATION:
Marriott San Francisco
55 Fourth Street
San Francisco, CA 94103
Ballroom, Golden Gate Hall, Section A
Microsoft has a huge push going on in education. Campus reps, steep tool discounts, and curriculum suggestions to get Microsoft technology into undergrad and grad school course materials. Ask any CS professor what kind of contact they've had with Microsoft reps.
.Net runtime.
Java and Linux have become very large forces in education. Java has very nearly become the de facto teaching language, and Linux has become a popular instruction platform. Microsoft is trying very hard to counter this motion with C# and the
Does the expression letting the fox run the hen house mean anything to MS?
Don't forget "Remedial Accounting for Remedial Accountants" Skills that come in handy, whether making a fortune investing in Daddy's friend's companies or planning them "Don't Tax and Spend" budgits!
A feeling of having made the same mistake before: Deja Foobar
Out of this will come lots of students thinking about security the Microsoft way. They'll believe that more security features (ACLs, etc.) in a system make it more secure. They'll think that if they just throw more tools and wizards at software, they can handle anything. And, sadly, even if those programmers don't become Microsoft programmers, a lot of that bad thinking will spill over into Linux and other systems; too much of that is already happening, with people busily porting some of the worst misfeatures of Windows to Linux.
Come in a the end of the war and take credit for "freeing" france :P
Only history you learned is the U.S. propaganda they dish out to americans in school.
Clinton teaches an ethics course..
i pressed enter at the wrong time
"What is our business in the internal affairs of another nation ?"
The business is that Saddam Hussein hasn't disarmed over the last dozen years. It's interesting to note that even France admits he hasn't cooperated. No one wants to wait for a bunch of terrorists carrying aerosol cans full of made-in-iraq anthrax to coat NYC before acting against Mr. Hussein.
Oh an i hear the objections already..."But there is no connection between Saddam and Al Qaeda! You're just a paranoid war-monger!"
Saddam Hussein gladly throws money at Palestinian terrorists. How far a jump do you think it is from Islamic Jihad to Osama bin Laden, even if there really is no direct connection between Hussein and Al Qaeda?
The world will be a better place when he's gone. We'll all be safer, and the Iraqi people, whether they like us or not, will be better off.
--RMT
Very insightful. A calm and rational analysis of the situation, making everyone who reads it instantly smarter. You rock!
On the other note, Microsoft will be demonstrating examples of badly written, highly insecure code by using their own products, notably IIS.
All students are required to sign non-disclosure agreement prior to entering the college.
News for idiots, Stuff that was printed Last week allready.
Where exactly is Omaha beach?
I want my rights back. I was actually using them when our government stole them after 9/11.
Security issues aside, I'm not even comfortable with ANY company teaching in Universities. If I go to Uni I expect to get a rounded education covering all aspects of a given topic. I don't expect to come back indoctrinated with a specific technology just because [INSERT COMPANY NAME] is running the course.
-= This is a self-referential sig =-
Security is more an art than a science, so Microsoft only need to push the students to NOT go in the wrong direction (er... MS direction) and they will find the right path. If they don't do anything that Microsoft did, they can only do secure things.
I think a course taught by the guy who's the lead programmer for OpenBSD would kick ass.
The class would be taught on OpenBSD and your class project would be to implement some kind of server. Be it a finger daemon or some p2p protocol or something.
I'd sign up for it in an instant...
As for the whole microsoft teaching security...
(now for the obligatory slashot MS dig!)
"Microsoft teaching security is like driving to save gas..."
Yes Francis, the world has gone crazy.
I was going to post a "enter all lame ironic jokes here" comment, but I see I am too late...
Ok, here is my lame attempt:
In other news today - New guide animal for the blind: also blind.
It's 10 PM. Do you know if you're un-American?
Hint: ***sniiiffff***
Can you imagine the pressure for the lecturers? Make one mistake and BOOM the whole slashdottin' world will be ROTFL and pointing fingers.
Posted from a cell phone during the lecture, the error is publicized globally before class is over.
You do have to wonder about who they would get to teach. I'm still shaking my head about the M$ guy who wrote to bug traq pointing out a problem with a password validation function that boiled down to the fact that optimization removed a memset() at the end of a function if the memory is not being referenced later. The "shock and awe" of the M$ coder at this left me speechless.
University of Leeds will be asked to hack into software and fix any security bugs they find
Maybe Microsoft is just looking for some free labor. It wouldn't hurt to have 10K+ students looking for and fixing bugs, pro bono.
Arthur Anderson (the accounting firm that caused Enron)
I'm a Chicagoan, and I find it sad that Andersen went away. They didn't cause Enron; they were crooks already. What Andersen did was allow it to happen when it was their specific responsibility to stop it. They got caught up in a contest with Andersen Consulting on how to book the biggest bucks, and let it blind them from outing the crooks. The sad thing is, previous to Enron/WorldCom et al., they had a rep of being the toughest firm out there with their bullshit filters turned to 11. They sold out.
And the blind shall lead the blind...
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
As long as MS is staying away from one of the demonstrably best ways of making software secure, namely opening the source for scrutiny by anyone, the course is merely a show.
Granted, we should remove Saddam by force. The problem is that we're a^H^H the superpower. The rest of the world is scared shitless that they're going to be next. No one wants to get bombed because their leader beat Bush's bowling score last week. As a country capable of doing this to any other country, we have a responsibility to get global support before flying off the handle like this. Scaring the rest of the world into submission is not going to help our situation. Eventually they're going to find a way to fight back.
p.s.- I live near downtown LA. When they do sneak a nuke into the country, remember what I said, because I'll be dust and ash...
Don't use our products.
...it's Microsoft's management who refuses to implement even the most basic security measures. Windows' default installations have everything but the kitchen sink up and running. Everyday programs like Outlook Express have huge security holes, and even the ones that can be plugged are wide open in the default installation. Microsoft ought to keep its mouth shut until it starts to address these very basic issues.
The OS movement usually releases bug-fixes within 24 hours of an advisory. How long does it take MS? Six friggin' months or more? Could it be that MS spends most of those six months passing the buck and dodging responsibility?
Hint: The list of coalition contries is factual, taken right from CNN.
Technically, the parent post isn't offtopic, it is in reply to an offtopic post.
Other acceptable moderation would have been (-1, informative) or (+1, not funny).
I wonder, would seeing some MSFT source be part of this course? And, if so, would there be NDAs as part of the 'course requirement'?
Would that (NDAs) preclude someone from writing 'emulating' code or similar technology?
Why is it that no on ever attempts to look at the positive side here?
At least they are trying to do something about the problems that people bash them for all the time rather than letting it continue.
I think you people don't want to see microsoft products become more secure as it would rob you of something to bash.
Is it me or is this like going to Stevie Wonder for driving lessons?
Wow! If you have hairy tits we wouldn't WANT to know!
-1 as a troll.
qz
The US has never invaded a country that was not in the midst of a war.
It would be nice if we could depose Saddam Hussein in a vacuum, but as you fail to realize, there are bordering countries to be considered. Countries like Turkey and Iran, both of which have expressed lust for northern Iraq.
A confrontation between Turkey and the Kurds could cost thousands of lives, Americans included, and billions of dollars. This is an oversight that the Bush regime did not fully consider. Wishful thinking, such as "shock and awe," has dominated this campaign. It only sets up the American people for disappointment and disillusionment.
There's a reason that we don't arbitrarily invade countries, even countries with tyrannical despots for leaders. This reason should be clear to you by now. An overwhelming majority of antiwar demonstrators are NOT supporting Hussein. They are decrying the irresponsible actions of the Bush regime, which has already cost hundreds of American and British lives.
I've used formal methods in a few places... much to the indifference of colleagues. I remember one time finding a subtle bug via Z-notation and fixing it, then moving on to another project while several of my former coworkers criticized my code as "unnecessarily complex," etc. A couple years later I happened to overhear a conversation that strongly suggested somebody had "cleaned up" my code, then actually encountered that rare, subtle bug years later and had great difficulty (and pride) in fixing it.
So formal methods are extremely powerful... but I rarely use them now. The problem is that few problems are so well defined that you can use them in a meaningful manner. If you're writing low-level code - something on the level of string libraries or date routines, use them. But as you get closer to real world problems, the formal methods seem more effective at driving home how little you understand about your problem space, not writing solid code.
(As a specific example, I remember getting nailed by the concept of "triangle." We were writing meteorological code, and sometimes "triangles" were planar and sometimes they were triangles on a sphere -- and the problems are *very* different as you move away from small triangles. Some of our code did - many navigation problems can be reduced to triangles with the two endpoints and the North Pole.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I think in honor of Microsoft CEO Steve Balmer, from now on all MS Windows vulnerabilities should be referred to as "Balmerabilities.
hah ahhaha hahhahhah ahhahah ahah
ahahahhaha hahhhh ahhahhahaha hahaha hhahah
hahaha hahha hahhaha ahhahah hahhah hahha
At least I got one good laugh today.
Sigh, could use a few more of those.
If ignorance is bliss, the world is full of blissful people
I was thinking about this the other day
no-one ever tries a peaceful invasion
The coalition should have sent 5,000 unarmed civilians instead of well armed troops. No diplomat in the world could have defended a state that attacked non-aggressive civilians.
Curiously it was the UK that was the first to gas the Iraqis back in the 20th century. try googling "recalcitrant arabs"
Blair is just using the old Lloyd George maxim "Britain reserves the right to bomb niggers."
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Can we mod this article as "Funny"?
How about "Flamebait"
no wait, I know..."Troll"!
So rise up, all ye lost ones, as one, we'll claw the clouds.
As a University of Leeds Comp Sci graduate I may never be able to hold my head high again in the great *nix circles any more.
:-)
Oh it's changed so much since we used to tell the jnr sys admin how to fix the Ultrix boxen and fight to get an account on the SUN's.
I wonder if these find the 'security holes and fixe them" classes are cheap ways of fixing the multitude of holes with M$ software.
Come to think of it didn't they do that for NT4 service pack 2 - get a load of summer interns to produce the fixes and then it all stopped working???
--
Martin
written with large amount of
Darth Vader will be teaching about the virtues of avoiding the dark side ...
All you touch and all you see is all your life will ever be
9 Democrat's course on Tax Cuts.
8 Anna Kournikova course on Improving your Tennis Game by Posing Nude (even if you have never won a match).
7 Winona Ryder course on Shopping.
6 Michel Jackson course on Buying and Raising a White Child.
5 France's course on Opposing Dictators.
4 Anna Nicole Smith course on Dieting.
3 George W. Bush course on Speachizing Distincacurately.
2 Bill Clinton course on Ethics.
1 Microsoft course on Secure Computing.
I'm an American. I love this country and the freedoms that we used to have.
Isn't this a bit like the blind leading the blind? I mean, come on, security bulletin MS03-009, the 9th security advisory in 2003 was released 5 days ago. That's almost an advisory a week. Last year, they got to MS02-072: last time I checked, there are only 52 weeks in a year!
Q: "Why do sound techs say 'check 1, 2'?"
A: "Cause if they could count any higher they'd be lighting techs."
Hey, everybody! University of Leeds just signed me to teach Teetotalism!
If Slashdot were chemistry it would look like this:Cadaverine
I feel ashamed to be a resident of Leeds! This sucks...
. . . I find this interesting, since I know for a fact that there's a whole computer cluster in the EC Stoner building with nothing but Red Hat boxen in it. There's an active LUG in the area, which often holds events (eg Installfests) on campus. The IT department also sells a CD-of-useful-stuff that contains a selection of both site-licensed and open source software. In general, I've found the IT department here comparatively enlightened. (Well, barring the poor choice to use a laser link to carry the Internet traffic between my dorm and the main campus -- bad idea in an area so given to heavy fogs and rains. Atmospheric distortion is a bummer.)
I guess it just goes to show that the open source and proprietary stuff can indeed co-exist, and are doing so, no matter how much people on both sides of the debate dislike that state of affairs.
I think it's a good idea. Honestly. There are security flaws in Windows, yes. There are also security flaws in Linux. (ptrace recently). A lot more people are using Windows, there has got to be a decent chance that more security flaws will be exploited.
I didn't learn anything about secure coding in school. I'm sure there are many experts at MS on writing secure code. And at least the organization as a whole is *trying*. I'm sure they can write more secure code than me, and definitely have some advice that will help programmers down the road. Mod me down if you like, but I say give the MS bashing a rest and consider the merit behind the idea. How much do YOU know about writing secure code?
Random is the New Order.
Comment removed based on user account deletion
Righ here
thats a scary thought what are you some kind of wird science experiment or do you just have REALLY bad higeen?
Recently on Slashdot, when I click on the links to story comments, I get taken to the comments and then immediately get directed to an ad page. This isn't a popup that I can filter out, but a forced redirect from Slashdot to the ad page. I have to click the back button to return to the comments page.
Is this a new (or old) Slashdot ad system? It is infuriatingly annoying.
From my personal experience, these MS sponsored/related workshops/courses, are more like perverted advertisements trying to pressure students into using MS products rathar then then actual informative educational sessions.
I had to take a couple MS Windows network administration courses back in colledge because they were requirement for the program. We had to memorize stupid phrases like "MS Windows network is the best choice because it's userfriendly, easy to set up, and secure" for the exams.... It just makes me sick to stomache.
the company "paid more than $60 million in 1999 to acquire Intrinsa, maker of a bug-finding tool called Prefix. when was the last time Microsoft just licensed software they wanted instead of just buying the company that makes it?
If there was ever a reason to break up M$, that's got to be the best one yet.
It is a good idea to get colleges to teach about writing secure programs. Currently, almost all programmers get out to the real world without knowing how to write secure programs, and they're writing the programs exposed to the entire Internet. That needs to change.
- David A. Wheeler (see my Secure Programming HOWTO)
Using a better language doesn't completely prevent software defects, but it can eliminate a large class of exploitable security problems.
Some more suitable languages include Ada, Java, Modula-3, Sather, Scheme, and Smalltalk. There are, of course, many others as well. Some of these impose a non-trivial performance penalty compared to C and C++, but some of them don't.
Some time back I was involved in a thread about programming language support for reliable software, in which I compared C to a table saw with no finger guard.
C.A.R. Hoare, in his 1980 ACM Turing Award Lecture, made the insightful observation:
Given how difficult it is to write robust software, it astonishes me that it is still common practice to use languages that offer essentially no help in avoiding common mistakes.
Microsoft is correct, however, that better education would improve things. Marc Donner posted an insightful comparison between how programming and writing are taught.
Eric
[*] Laziness in programmers is a virtue! Most new software tools are developed because a programmer somewhere was too lazy to keep doing things the same old way.
I admit NOT having read the whole thing about this course, but I have to say that you have to pay attention when you talk about microsoft in this context: you have basically to distinguish between the company Microsoft itself (which produces well known software with well known "features") and Microsoft research. For some reasons I do not fully understand Microsoft has one of the major (private) research facilities in the world, and only a very small part of what they do comes in actual products.
:-) ). And many professors in big universities spent some time there. I am sure great research in the field of secure computing is done there as well, as it's done in many universities worldwide. Formal methods in software development are still not very widely used in a practical environment, in fact they strongly rely on maths (or better, on one of the purest fields of maths, which is logic), but are quite practical for big companies where programming on the (very!) large is applied. The same already happened for hardware (ever wondered how they check that a design for a new cpu is *correct*?)
Most of the topics are very academic (look for example at quantum computing, I don't think they already plan to port windows on it, or do they?
So basically I am not the kind of guy who loves m$ products, but I admit that they are doing great research.
Given the sheer number of programming errors that can lead to security vulnerabilities, it probably makes sense to learn from the company that has tried them all.
Can't argue with that!
I'm just can't stop laughing
No threat? As far as I'm concerned, it's 1939 and Poland's about to be overrun.
You're an absolute fucking dip-shit. It's not like 1939 with Poland about to be overrun, rather, if the Iraqi's were even aggresive, it'd be like Poland trying to overrun Nazi Germany. Wake the fuck up and look at the table. There is no fucking way Iraq could pose any threat to us or anyone else. Not to mention no one would hate us if weren't such fucking bastards.
The US is like the bully in the school yard who beats up Calvin for his lunch money, and then wonders why Calvin gives him a wedgie.
And for the record, Al Qaeda hates Iraq as much as we do for what Saddam has done to Islamic fundamentalists (see Iran-Iraq war for some examples), were we to play nice, the Iraqi's could be a great ally, like they used to be when we gave Saddam so much money and so many weapons years ago.
Go take your republican agenda and shove it up your ass dick-wad. No one wants to hear your fucking trash.
I guess those cemetaries on the French coast filled with thousands upon thousands of dead American soliders aren't really there.
Gawd I hate stupid people who don't know squat about history.
You must really hate yourself then, huh dip-shit? Every country but America teaches WWII the way it actually happened. Yes we went in to help liberate France, but only after a lot of the work had been done, then what did we do? We tried to occupy paris like the shit-eating dogs that we are. If it weren't for the French underground and the pressure they exerted on us, we would have stayed their and installed a government of our choosing, which was closer to America's hypocrasy filled "ideals".
You've been the subject of propaganda, now go curl up with your republican mommy and give her a nice ass fucking.
Oh, you mean like flying planes into buildings and blowing up embassies? Americans, when you see the Iraqi children on TV mourning their dead parents (400,000+ Iraqi's killed in '91, we'll never know how many this time round, but it will be more), you are seeing the next generation of potential terrorists. Now, do you still believe that starting a war will prevent terrorism?
"Those who can't do, teach."
I think you will find no shortage of Congressfolk qualified to teach this class! Elephants and Donkeys alike. Heck, I bet they will outnumber the students :)
I heard some of this "some stuff bad, other stuff good", and while in general it may apply, GOTO certainly serves a great purpose IF you can program well in the first place. For rank amateurs i suppose it would be bad... i guess... oh well.
stuff |
They even republished this Ted Nelson classic. The original was one of those books that seemed to get legs at any opportunity. I have no idea what happenned to my original. Too bad they didn't do the new version in the same oversized format.
"If I want directions, I'm not asking a one-armed man. I'm asking the one-legged man, because I guarantee you he knows the shortest way to get anywhere."
Week One: The dangers of open source software
Week Two: More dangers of open source software
Week Three: How frequent licensing payments improve security
Week Four: Shhhh... better security means not discussing exploits and security holes
Week Five: How the media exaggerates security issues
Week Six: Did we mention the dangers of open source? Let's review
Week Seven: How to uninstall Linux
Week Eight: Macintosh--the gay-communist connection
Week Nine: (No classes during this week so students can reinstall Windows or do any necessary security patches.)
Week Ten: Trusted computing, i.e., how hypnosis is your friend
Week Eleven: The dangers of open source software revisitted
--Rick "If it isn't broken, take it apart and find out why."
Couldn't they have just bought a few licenses? Why did they have to BUYOUT the whole company? I'm sure if they worked up a good deal, they could have purchased a few thousand licenses for much less than $60M...
Please consider making an automatic monthly recurring donation to the EFF
So after these courses I'm capable of writing secure programs, now I just have to find a secure OS to run on it, oh wait...
C (and C++) are terrible tools for software engineering. ... Some more suitable languages include Ada, Java, Modula-3, Sather, Scheme, and Smalltalk
.NET, with Microsoft's pet language C# having all the adavantages of Java in this respect.
Hence,
My Karma: ran over your Dogma
StrawberryFrog
That hell has frozen over and now the blind is leading the blind and charging for it. This one was too easy.
SCREW FLANDERS
Linux developers start online course on user interface design.
- J Jackson wrote:
:-)
Not an MS shop.In a dept that uses
Solaris and Sun Hardware for the following services
Mail, DNS, print server, Backup & Majority of it's file serving
Linux and Apache for it's dept. Web services, and most of it's compute power
And which only uses Microsoft IIS as a toy for student use.
We do run about equal Linux/Microsoft desktops.
Jim
p.s. feel free to use these figures.
MP
General priciple # 5: hard work and self sacrifice beget more of the same. The more rapacious a company is the more difficlut they are to get a job with and the less they actually listen to their experts. Specifically, it's obvious that if M$ has 2 or 3 people who know about security, they have never been listened to as other priorties are upheld. Windows will never be secure as long as M$ insists on being able to push onto their platform.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Micro$oft coordinating the new gulf war.
The only thing they are doing at this point is damage control.
They are just attacking the younger generation with propaganda.
They need the support of a younger generation, because most of us arent listening to it.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
It's disgustingly ignorant posts like this that make me want to become a liberal. almost. uneducated rednecks like this need to just STFU.
These languages weren't developed for security.
Too easy to fuck up using these languages.
Better alternatives are Java, modula, euphoria....
If you think these languages are slow then code a compiler for these languages(euphoria already has a translator for c)
Pointers and bufferflows fuck up security so change languages.
come up with a new language or modify the C/c++ languages.
I'm sorry, but that module doesn't appear to have anything to do with security. It is about software failure, which is simply engineering failure science applied to software. While I do not dispute that such topics are an important part of a Software Engineer's curriculum, I believe that the course discussed in the story is fundamentally different.
If you don't believe me, ask yourself: in the numerous case studies performed in your "module", did any of them feature intentional failure? Did any buffer overflows occur to compromise a system or were they accidents as a result of poor design?
Therefore, writing a new software tool that reduces the amount of overall work a programmer has to do is a sign of laziness.
I'm guessing that you have some emotional baggage associated with the word "lazy", that isn't part of the definition. When I say that programmers are lazy, that's praise, not vituperation.
AHAHAHAHAHAHAHAHAHAHAH! HEH, lemme catch my breath for a sec..... AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAH!
When people finally come around, they will realize that the test and debug method of software development is almost universally guaranteed to deliver faulty software products. If you prove that software behaves correctly, you are in a much better position, than if you guess.
NOT as I do?
Lesson One:
Computer is safest when it says:
"It is now safe to turn off your computer"
my blog
Should they not try teaching the current set of sloths that they have first?
And Im teaching night courses on quantum physics to Stephen Hawking.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Is it just me, or is this example not glaringly superficial? There really is no excuse these days for the number of buffer-overun bugs that exist - even in an unsafe-by-design language like C[*]. Hopefully this was chosen as an example largely for PR reasons because it's such a well-known problem: I'd certainly expect a Uni-level course to dig far deeper into issues of designing for safe and secure implementation.
The comment about UK Comp Sci graduates not getting adequate theoretical or practical experience is pretty damning, too, if it's accurate. What the fsck have the Uni courses been doing all these years?
[*]No, I'm not trolling. The language is quite low-level and intentionaly includes facilities with which the careless programmer can shoot the world and its pet dog in the foot. It's unfortunate that the language and its followon C++ are being used to implement solutions for which they are not well-suited. Another topic for the proposed course, perhaps ;)
so uhmmm, these educators are going to use wind-blows as a good foundation to build on? :)
isnt that like a lecture from sgi over writing secure setuid programs or secure cgi's?
The above post is off-topic. -1 at will please.
IANAL but write like a drunk one.
(1) Avoid fried meats which angry up the blood.
(2) If your stomach antagonizes you, pacify it with cool thoughts.
(3) Keep the juices flowing by jangling around gently as you move.
(4) Go very lightly on the vices, such as carrying on in society, as
the social ramble ain't restful.
(5) Avoid running at all times.
(6) Don't look back, something might be gaining on you.
-- S. Paige, c. 1951
- this post brought to you by the Automated Last Post Generator...