What may I ask does this have to do with a smb buffer overflow which is what this vulnerability is about? You know, like overwriting a fixed size buffer allowing one to perhaps overwrite a return pointer with a jmp esp. This in turn executing malicious code on the stack.
I am sure that such a accomplished HaCkZ0r as yourself already knew this.
Look if you are starting to go bald you had might as well get used to it because no matter what you eat or do your hair is as good as gone.
You will not mind being bald anyhow it makes life much simpler. I have my head shaved to the skin every month or two. No need for shampoo conditioner and all that crap just rub a bar of soap across like the rest of your body an you are good to go.
Look if interference can cause this sort of issue they have a much bigger problem on their hands. What is stopping some terrorist from grabbing a magnatron out of a microwave oven, attaching it to a wireless parabolic grid and death raying airplanes out of the sky? Stray signals causing loss of altitude control is some serious crapola.
Stored procs do have their place, but now say for instance your company needs to reduce some costs this year. You know shrinking economy and such, so oracle comes a knocking for their annual or is that anal bend over the IT budget and ram it home support contract costs. Or perhaps your customers are not really very passionate about having to drop a million for a single database instance to run your software. Yes, now you are in between a very big rock and a hard place, all the logic is now embedded in a proprietary database requiring a rewrite of the entire system to support a cheaper alternative. My personal feeling is to try to keep code out of the database unless I really, really need to resort to a stored proc.....Oh hell what am I flapping my gums about I would never use a proprietary database in the first place.
It is also appropriate if you do not want a vendor bending you over every year for a support contract all because you put all the logic in the database and cannot easily port it.
It is possible that he also works for a piss poor company. Some shops will keep him in that position forever if he lets them. Much easier to do nothing than promote him and have to train someone else who will likely turnover quickly. If he leaves then they still have to train someone but nothing lost to the company.
Just as the article stated, Sun keeps hyping DTrace like it is some sort of must have feature. It may be a little useful for a developer but if I have to restore to dtracing a system it is time to move to a different app or os.
Yes dtrace is nice but it is far from being the killer app that will keep people on Solaris.
Oh you mean like Oracle RAC on Linux running ERP....yea it really sucks I have never seen a Linux Oracle RAC cluster go down in production ever.
Yes I admin a Oracle RAC cluster, enterprise ERP database...solid as a rock
Oh we have solaris machines also but I can state for a fact that the boss would never buy another one when we could just use linux on a x86-64 off the shelf box.
Linux is more popular than *BSD for a large number of reasons. If the license is a factor in its popularity at all, it would be just one reason among many
Actually it is the most important reason Linux is so popular. Linux has more applications, more functionality etc, this is driven by a development community that is 100s of times larger than bsd gang. It is all about the developers....more developers = more applications = more buyers
We may actually be able to buy one...Twice I was looking to buy a iphone with cash in hand and could not get one due to unavailability....screw apple they are not getting a dime of my money.
Also 90% of the worlds computers can me used as a android development platform, no need to buy a mac for development.
I can hear the old monkey boy chant now developers!, developers!, developers! Android lowers the cost of entry to near zero, good luck iphone.
One day I got a call from engineering that told me they where getting a error in a vb application. When I get there to have a look they told me the engineer that wrote the code had unfortunately died the day before at a fairly young age of a hear attack. The error showing was, "Beware The Man Behind The Curtain"...talk about creepy..
Actually there are off the shelf products that could handle the situation easily, cleaner and much more robust. However we where told to not spend any time on it since it is getting replaced. We all know how that story goes, that same line has been used for the last 6-8 years and there is still no replacement in site....the ugliness lives on...
I recently ran across a situation where I looked a piece of code someone else wrote and thought to myself that is really ugly. I set out to write a clean version but gave up when I figured out that no matter what I did this was still going to be ugly. Not so much because of a poor job coding it but because of what the code had to actually perform.....I guess it is just not possible to always put lipstick on the pig.
I don't think I would fire them, they have their place. A managers job should be to fill out tps reports and take a bullet from the rest of the org when something goes wrong.
Three simple rules in any org could immediately reduce spending to fight off the slowing economy.
1. Remove purchasing approval from the IT manager. 2. Anyone employee caught taking a perk(lunch,golf, trips etc) is fired immediately.
Purchasing power would be delegated to team leaders, going over budget would lead to immediate firing. Bonus will be paid in the event the team came under budget.
I cannot tell you the number of times I have seen senior manages go out for a friendly game of golf and the next day are stroking a check for 10's of 1000's of dollars for something we either don't need or just plain will not work.
Nothing beats experience, throw a box up on the net unprotected with no real data on it and see how long you can make it survive. Hint: securing the machine at the os level is the easy part, securing the crap code someone wrote running on it is the real challenge. In my experience it is very seldom someone gains access using a os exploit as a means to gain entry. More often than not the box is behind a firewall, nothing but port 80 open to the world. Also, do yourself a favor and read up a little on implementing a dmz which is a absolute must.
Actually in my opinion the SCADA PCs although vulnerable in many cases are not the best way to attack these systems. It is much easier to just start firing junk into the registers of the PLCS controlled or monitored by the SCADA systems. In many cases the controllers are just hanging balls to the wind on the network. Anyone that has messed with them at the protocol level knows that most of the protocols in use have little or no security functionality.
Slashdot Mirror
What may I ask does this have to do with a smb buffer overflow which is what this vulnerability is about? You know, like overwriting a fixed size buffer allowing one to perhaps overwrite a return pointer with a jmp esp. This in turn executing malicious code on the stack.
I am sure that such a accomplished HaCkZ0r as yourself already knew this.
Look if you are starting to go bald you had might as well
get used to it because no matter what you
eat or do your hair is as good as gone.
You will not mind being bald anyhow it makes
life much simpler. I have my head shaved to the
skin every month or two. No need for shampoo
conditioner and all that crap just rub a bar
of soap across like the rest of your body
an you are good to go.
Look if interference can cause this sort of issue they have a much bigger problem on their hands. What is stopping some
terrorist from grabbing a magnatron out of a microwave oven, attaching it to a wireless parabolic grid and death raying
airplanes out of the sky? Stray signals causing loss of altitude control is some serious crapola.
Can you say database abstraction layer? Don't leave home without it.
Stored procs do have their place, but now say for instance your company needs to reduce some costs this year. You know
shrinking economy and such, so oracle comes a knocking for their annual or is that anal bend over the IT budget and ram it home support contract costs. Or perhaps your customers are not really very passionate about having to drop a million for a single database instance to run your software. Yes, now you are in between a very big rock and a hard place, all the logic is now
embedded in a proprietary database requiring a rewrite of the entire system to support a cheaper alternative. My personal feeling is to try to keep code out of the database unless I really, really need to resort to a stored proc.....Oh hell what am I flapping my gums about I would never use a proprietary database in the first place.
It is also appropriate if you do not want a vendor bending you over every year for a support contract all because
you put all the logic in the database and cannot easily port it.
So the question is: is my very limited sample representative of Python-in-windows or not.
I've yet to see non-trivial Python program which works in WIndows.
What? I could of course compile a list a mile long but here is but one example and it is a much larger application than
either of the two you listed.
Chandler which just reached 1.0 from OSAF
You almost have to ask yourself, why do we need a bill to fix a problem that is against the
constitution anyhow.
It is possible that he also works for a piss poor company. Some shops will keep him in that position forever if
he lets them. Much easier to do nothing than promote him and have to train someone else who will likely turnover quickly. If he
leaves then they still have to train someone but nothing lost to the company.
Just as the article stated, Sun keeps hyping DTrace like it is some sort of must have feature. It may be a little useful for
a developer but if I have to restore to dtracing a system it is time to move to a different app or os.
Yes dtrace is nice but it is far from being the killer app that will keep people on Solaris.
Oh you mean like Oracle RAC on Linux running ERP....yea it really sucks I have never seen a Linux Oracle RAC cluster go down in production ever.
Yes I admin a Oracle RAC cluster, enterprise ERP database...solid as a rock
Oh we have solaris machines also but I can state for a fact that the boss would never buy another one when we could just
use linux on a x86-64 off the shelf box.
Ok i will bite then, why do you think linux is more popular?
Linux is more popular than *BSD for a large number of reasons. If the license is a factor in its popularity at all, it would be just one reason among many
Actually it is the most important reason Linux is so popular. Linux has more applications, more functionality etc, this is driven by a development community that is 100s of times larger than bsd gang. It is all about the developers....more developers = more applications = more buyers
We may actually be able to buy one...Twice I was looking to buy a iphone with cash in hand and could not
get one due to unavailability....screw apple they are not getting a dime of my money.
Also 90% of the worlds computers can me used as a android development platform, no need to buy a mac for development.
I can hear the old monkey boy chant now developers!, developers!, developers! Android lowers the cost of entry to near zero, good luck iphone.
It's pretty important when you have TPS reports to print.
One day I got a call from engineering that told me they where getting a error in a vb application. When I get
there to have a look they told me the engineer that wrote the code had unfortunately died the day before at a
fairly young age of a hear attack. The error showing was, "Beware The Man Behind The Curtain"...talk about creepy..
Actually there are off the shelf products that could handle the situation easily, cleaner and much more robust. However
we where told to not spend any time on it since it is getting replaced. We all know how that story goes, that same line has been
used for the last 6-8 years and there is still no replacement in site....the ugliness lives on...
I recently ran across a situation where I looked a piece of code someone else wrote and thought to myself that
is really ugly. I set out to write a clean version but gave up when I figured out that no matter what I did
this was still going to be ugly. Not so much because of a poor job coding it but because of what the code had
to actually perform.....I guess it is just not possible to always put lipstick on the pig.
I just "earnt" a Computer Science PhD...
Glad I never got one of those fancy degree's, they obviously do not teach spelling or grammar.
I think you ought to be looking towards a career in management.
"The father is a Democratic state representative in Tennessee"
Is this the behavior we should expect from this party?
SELECT ssn FROM dhs.us_public WHERE dl_rfid='123456';
Not to be concerned I am sure nobody will ever be able to access that data.
I don't think I would fire them, they have their place. A managers job should be to fill out tps reports and
take a bullet from the rest of the org when something goes wrong.
Three simple rules in any org could immediately reduce spending to fight off the slowing economy.
1. Remove purchasing approval from the IT manager.
2. Anyone employee caught taking a perk(lunch,golf, trips etc) is fired immediately.
Purchasing power would be delegated to team leaders, going over budget would lead to immediate firing. Bonus will be paid
in the event the team came under budget.
I cannot tell you the number of times I have seen senior manages go out for a friendly game of golf and the next
day are stroking a check for 10's of 1000's of dollars for something we either don't need or just plain will not work.
10 bucks says he is owned in under a week....
Nothing beats experience, throw a box up on the net unprotected with no real data on it and
see how long you can make it survive. Hint: securing the machine at the os level is the easy
part, securing the crap code someone wrote running on it is the real challenge. In my experience
it is very seldom someone gains access using a os exploit as a means to gain entry. More often than
not the box is behind a firewall, nothing but port 80 open to the world. Also, do yourself a favor
and read up a little on implementing a dmz which is a absolute must.
I am sure he is not going to like what I have to say....
Actually in my opinion the SCADA PCs although vulnerable in many cases are not the best
way to attack these systems. It is much easier to just start firing junk into the registers
of the PLCS controlled or monitored by the SCADA systems. In many cases the controllers are just
hanging balls to the wind on the network. Anyone that has messed with them at the protocol level
knows that most of the protocols in use have little or no security functionality.