The hardest thing programmers have to do is think like non-programmers. Or maybe even think like someone other than them.
None of these things are rocket science. Some of them are computer science, but that's kind of the point.
Programmers are typically forced to develop software to demanding schedules which leave no room for the things in the list. They CAN do those things, they are just never given the time to do them.
Yes, many programmers won't do them even if given the time, or will goof off if given the time until they have to write crap code to meet the deadline, but that's a different story. Or maybe not.
The hardest thing a programmer has to do is Think like someone else, Not goof off when you think you can get away with it, and to push back to have the time to do the things that are necessary to write AND MAINTAIN good code.
Of course, circumstances vary. The difference between a startup succeeding and failing may in fact require being first to market with crap code. But at some point, you have to pay back the technical debt you build up.
Ok, so lets add that to the list as well.
Oh, and making end users understand the impact of their crazy changes.
Usernames are not passwords. They're brute forcing usernames (which tend to have a much smaller keyspace because they usually have limitations on what they can contain, and they are usually case-insensitive) and likely using dictionary attacks for passwords.
Ummm... How can you on one hand talk about your giddiness of moving to Git, and then complain about how things aren't accessible in VS? You have to drop to the git command line for a lot of things...
TFS does bug tracking. If they're not using it, that's their fault. It has change set integration (tying work items to changesets), and agile templates, although they're pretty out of date as agile has come a long way_
VS 2010 and TFS 2008 are dated, but they give you the tools you need. Bugzilla and Trac may have more features, but that comes at the cost of ridiculously complex interfaces which mere mortals can't figure out how to use (non-developers).
TFS has a web interface to allow end users to enter bugs, and there's a stand-alone client if they want to use that.
There are also tons of tools to integrate with more featureful tools like Jira and Trac, so you can map workitems and changesets, etc..
This isn't meant as a sales pitch, just that it *DOES* do what you need it to.. and there are ways to introduce better tools and still integrate.
Nuget gets broken when using the standard mode. Part of the problem is that when you check in, it doesn't automatically select all files for checkin, and most people don't pay attention.
This is why the new(er) Package Restore mode works so much better (on top of not filling up your version control database with binaries).
The UI was largely addressed after a couple of months by a new version of the Theme Switcher and a hack to add in color icons. Many of the icons in 2013 are still monochrome, but a large number of important ones are color, and that helps.
His argument is based totally on pure brute force, which nobody does. The danger comes from dictionary attacks, and i'm pretty sure this technique can be easily accounted for and a "Haystack" password cracked in a matter of days, if not hours.
The guy just doesn't understand that his problem is not that he's not smart... it's that he doesn't share his ideas with others before he pontificates on them.
If your laptop contains the credit card and health information for 1 million users, yes. It should be your biggest concern. If your laptop contains sensitive corporate information trusted to you, it should be your biggest concern. If your laptop contains information you wouldn't want public, it should be your biggest concern. If your laptop contains anything about anyone THEY wouldn't want public, it should be your biggest concern. If it contains your pr0n collection, then probably not.
The stuff in your wallet is easily cancellable and easily replaced (other than the actual cash, and any information you might have written on a scrap of paper), the stuff on your laptop, once out there in the wild.. probably not.
Regarding your USB dongle, are you certain you will *ALWAYS* remember to remove the dongle and pack it separately? What happens if you are forcibly required to give up your usb key (say, when crossing a border, and the oppressive government believes you may be a dissident or spy).
Certainly, you can still be forced to give up your password if you are willing to. But it can't be taken from you, unlike a dongle. And the master keys can't taken from a TPM if the system is shut down and correctly configured. (there are some attacks under certain conditions that can lead to exposure, but that's an implementation issue which you can control through careful selection of hardware).
Yes, you can do FDE without a TPM, but it's nowhere near as convenient, or as secure (because inconvenience breeds insecurity). You either have to type in a boot password (as well as a login password), or you need to use a hardware dongle like a USB drive, which you will probably keep with your laptop anyways and it will probably get stolen with the laptop..
The point of the TPM is that it provides secure key storage, so you need only enter your normal login password once to unlock all secured devices. It also provides cryptographically secure randomness for better security.
Really? I can't find a single laptop, that isn't specifically targeted at enterprise volume customers, that ships with a TPM.
If almost all do, then you should be able to easily point out a few hundred. A dozen? 5? 1?
I'll wait.
I highly doubt that TPM 2.0 will be a requirement.. especially since TPM 2.0 isn't even a finished standard yet. And even when it is, the added cost will be a huge burden for OEM's and they will push back.
Who says I know nothing about the internal workings of the chip? TPM chips conform to international standards, specifically TCG, which in turn works with IETF, ISO, and the CC.
In particular, the TPM 1.2 standard is published as ISO/IEC 11889 Parts 1-4, and are completely available to you to read and understand.
On top of that, TPM chips are audited and certified by the TCG to ensure they follow the standard.
Of course you can keep pretending otherwise.. i'm sure you will...
I know of no PC's being sold with TPM chips that are not specifically ordered with them. As such, it's easy to get hardware with a TPM, you don't specially order it. There, done.
Fact is, every laptop SHOULD come with a TPM, for full disk encryption security. Yes, yes, blah blah blah, it can be hacked with an electron microscope and a laser scalpel while standing on your head during a blue moon.. so it's useless!
Fact is, if you have a TPM, and you encrypt your disk and use the TPM to secure your keys, then the odds of your data getting in anyone elses hands if your laptop is lost are essentially nil, regardless of whether or not a TPM can be hacked, or whether or not any disk encryption scheme can theoretically be defeated. Perfect security is not practical in such applications, even if it was possible, so we have to make due with simply strong security.
A lot of computers? Name one. Go ahead. I'll wait.
Fact is, I want a TPM, and I can't find a single commercial off the shelf Windows PC that ships with a TPM. Every vendor says that they are an option that must be specially ordered.
So please, point me to these computers that are forcing TPM's on us, i'll buy 10 tomorrow..
Dude. How difficult is it to tap the windows key, type "Cont" and hit enter? Ok, want it quick access? Type "Cont" and right click on the Control Panel icon and choose Pin to Start Menu, then drag it to where you want it.
Seriously, it amazes me how people think futzing around with XFCE is so easy, yet become totally fucking stupid when there's a Windows Logo on something.
Want quick access to your documents? Open explorer, right click on Documents, and choose "Pin to start". How fucking difficult is that?
Slashdot Mirror
Yeah, especially since MS *DID* in fact release 8.1 RTM to developers early. So the question posed in the article is based on a false premise.
WTF? Are you really just this stupid? What exactly do captcha's have to do with password brute forcing?
Nothing, idiot. So STFU.
The hardest thing programmers have to do is think like non-programmers. Or maybe even think like someone other than them.
None of these things are rocket science. Some of them are computer science, but that's kind of the point.
Programmers are typically forced to develop software to demanding schedules which leave no room for the things in the list. They CAN do those things, they are just never given the time to do them.
Yes, many programmers won't do them even if given the time, or will goof off if given the time until they have to write crap code to meet the deadline, but that's a different story. Or maybe not.
The hardest thing a programmer has to do is Think like someone else, Not goof off when you think you can get away with it, and to push back to have the time to do the things that are necessary to write AND MAINTAIN good code.
Of course, circumstances vary. The difference between a startup succeeding and failing may in fact require being first to market with crap code. But at some point, you have to pay back the technical debt you build up.
Ok, so lets add that to the list as well.
Oh, and making end users understand the impact of their crazy changes.
How exactly is it a "comprehensive analysis" if it ignores dictionary attack strength?
How is it "comprehensive" if it ignores the fact that an attack can be crafted specifically for this technique?
All it discusses is brute force, which is pointless beyond a few characters.
You should read your own links moron.
Usernames are not passwords. They're brute forcing usernames (which tend to have a much smaller keyspace because they usually have limitations on what they can contain, and they are usually case-insensitive) and likely using dictionary attacks for passwords.
None of your links say otherwise.
The prompt also had a link to skip logging in. You should pay more attention.
Ummm... How can you on one hand talk about your giddiness of moving to Git, and then complain about how things aren't accessible in VS? You have to drop to the git command line for a lot of things...
TFS does bug tracking. If they're not using it, that's their fault. It has change set integration (tying work items to changesets), and agile templates, although they're pretty out of date as agile has come a long way_
VS 2010 and TFS 2008 are dated, but they give you the tools you need. Bugzilla and Trac may have more features, but that comes at the cost of ridiculously complex interfaces which mere mortals can't figure out how to use (non-developers).
TFS has a web interface to allow end users to enter bugs, and there's a stand-alone client if they want to use that.
There are also tons of tools to integrate with more featureful tools like Jira and Trac, so you can map workitems and changesets, etc..
This isn't meant as a sales pitch, just that it *DOES* do what you need it to.. and there are ways to introduce better tools and still integrate.
Actually, the real question is... WTF are you talking about?
Nuget gets broken when using the standard mode. Part of the problem is that when you check in, it doesn't automatically select all files for checkin, and most people don't pay attention.
This is why the new(er) Package Restore mode works so much better (on top of not filling up your version control database with binaries).
The UI was largely addressed after a couple of months by a new version of the Theme Switcher and a hack to add in color icons. Many of the icons in 2013 are still monochrome, but a large number of important ones are color, and that helps.
I've always pronounced it Post-Grey-Sequel
Gibson has not learned his lessons. You want a laugh? Check out one of his more recent attempts at "security"
https://www.grc.com/haystack.htm
His argument is based totally on pure brute force, which nobody does. The danger comes from dictionary attacks, and i'm pretty sure this technique can be easily accounted for and a "Haystack" password cracked in a matter of days, if not hours.
The guy just doesn't understand that his problem is not that he's not smart... it's that he doesn't share his ideas with others before he pontificates on them.
No you won't. If you really were going to, you'd do it now. Not wait for some magical date to make your ultimatum go into place.
People like you have been making this empty threat since DOS every time there's a major change.
If your laptop contains the credit card and health information for 1 million users, yes. It should be your biggest concern. If your laptop contains sensitive corporate information trusted to you, it should be your biggest concern. If your laptop contains information you wouldn't want public, it should be your biggest concern. If your laptop contains anything about anyone THEY wouldn't want public, it should be your biggest concern. If it contains your pr0n collection, then probably not.
The stuff in your wallet is easily cancellable and easily replaced (other than the actual cash, and any information you might have written on a scrap of paper), the stuff on your laptop, once out there in the wild.. probably not.
Regarding your USB dongle, are you certain you will *ALWAYS* remember to remove the dongle and pack it separately? What happens if you are forcibly required to give up your usb key (say, when crossing a border, and the oppressive government believes you may be a dissident or spy).
Certainly, you can still be forced to give up your password if you are willing to. But it can't be taken from you, unlike a dongle. And the master keys can't taken from a TPM if the system is shut down and correctly configured. (there are some attacks under certain conditions that can lead to exposure, but that's an implementation issue which you can control through careful selection of hardware).
How... convenient.
The only systems I know of that ship with TPM's are business class systems, not your normal laptops you get at newegg, amazon, or best buy.
Yes, you can do FDE without a TPM, but it's nowhere near as convenient, or as secure (because inconvenience breeds insecurity). You either have to type in a boot password (as well as a login password), or you need to use a hardware dongle like a USB drive, which you will probably keep with your laptop anyways and it will probably get stolen with the laptop..
The point of the TPM is that it provides secure key storage, so you need only enter your normal login password once to unlock all secured devices. It also provides cryptographically secure randomness for better security.
Really? I can't find a single laptop, that isn't specifically targeted at enterprise volume customers, that ships with a TPM.
If almost all do, then you should be able to easily point out a few hundred. A dozen? 5? 1?
I'll wait.
I highly doubt that TPM 2.0 will be a requirement.. especially since TPM 2.0 isn't even a finished standard yet. And even when it is, the added cost will be a huge burden for OEM's and they will push back.
Who says I know nothing about the internal workings of the chip? TPM chips conform to international standards, specifically TCG, which in turn works with IETF, ISO, and the CC.
In particular, the TPM 1.2 standard is published as ISO/IEC 11889 Parts 1-4, and are completely available to you to read and understand.
On top of that, TPM chips are audited and certified by the TCG to ensure they follow the standard.
Of course you can keep pretending otherwise.. i'm sure you will...
I know of no PC's being sold with TPM chips that are not specifically ordered with them. As such, it's easy to get hardware with a TPM, you don't specially order it. There, done.
Fact is, every laptop SHOULD come with a TPM, for full disk encryption security. Yes, yes, blah blah blah, it can be hacked with an electron microscope and a laser scalpel while standing on your head during a blue moon.. so it's useless!
Fact is, if you have a TPM, and you encrypt your disk and use the TPM to secure your keys, then the odds of your data getting in anyone elses hands if your laptop is lost are essentially nil, regardless of whether or not a TPM can be hacked, or whether or not any disk encryption scheme can theoretically be defeated. Perfect security is not practical in such applications, even if it was possible, so we have to make due with simply strong security.
A lot of computers? Name one. Go ahead. I'll wait.
Fact is, I want a TPM, and I can't find a single commercial off the shelf Windows PC that ships with a TPM. Every vendor says that they are an option that must be specially ordered.
So please, point me to these computers that are forcing TPM's on us, i'll buy 10 tomorrow..
Go to all apps, everything is listed under their categories. You can "Zoom out" and just see the category names, just like expanding a menu.
They aren't included in the search results, but you can still type them and they will run. Try it.
Dude. How difficult is it to tap the windows key, type "Cont" and hit enter? Ok, want it quick access? Type "Cont" and right click on the Control Panel icon and choose Pin to Start Menu, then drag it to where you want it.
Seriously, it amazes me how people think futzing around with XFCE is so easy, yet become totally fucking stupid when there's a Windows Logo on something.
Want quick access to your documents? Open explorer, right click on Documents, and choose "Pin to start". How fucking difficult is that?
Dude, you haven't noticed that you can group icons into columns, just like a newspaper?
http://www.askvg.com/tip-organize-windows-8-start-screen-tiles-in-groups-and-name-these-groups/
And you can shrink them down with a keystroke:
http://blogs.computerworld.com/sites/default/themes/cw_blogs/cache/files/u98/Win_8_groups.jpg
Organize your stuff.
Also, yes, you can get stuff out the start screen to the desktop. Easiest way is to pin it to the taskbar, then drag it wherever you want.
Yeah, cause it's it's totally unreasonable to think that a substantial number of people don't have the same opinion as you.
That's Unpossible!