"Just because you can does not mean you should...."
"Oh, look here: I can make this nuclear power plant fail, going core-melt-down, by deceiving these sensors. Let's see what happens!" Chernobyl, anyone? Fukushima? Only remotely caused, not natural or on-site disasters?
"Well, they should have prepared for that. Sucks to be them." But maybe you and your family are "downstream" from the disaster?
Somewhere, somehow, some time, some user will enter something that simply never makes sense. "Nobody would EVER do that!" Except they just did.
Most likely: they are naive do something the programmer NEVER expected. Perhaps they were just trying to get through the "forms" or "input" or whatever and just chucked "some" value in the input blank to get the job done. More likely, they are malicious, trying to find failure modes using bots, fuzzers, and all those tools, free-for-the-download for the naive and malicious to use.
Somebody else said it, but "NEVER underestimate bad taste and human stupidity." (To which, I respectfully add: "laziness and maliciousness". Every time I hoped for a better outcome in the past 40 years, I've been proven oh, So WRONG.)
Yes, they will use meta-meta-meta-codes to exploit your program. Reject them and give an error code to whatever called that function, script, or program.
Spreadsheets are not databases, although a self-taught "developer" used them as such. (He understood spreadsheets but had never beheld a normalized, rational database. But it showed pretty pictures. I cringed. He built a business on it. Somebody help them all?)
Define the job, then find the correct tool(s). Protect those tools from misuse: ALWAYS type check AND range-check your input and use "safe" memory allocation and output functions. "If it doesn't fit, you must reject."
from Hard-won experience. I set coding standards for a utility company and input (type / range) checking for a rather large organization, just protecting the little projects I happened to enjoy.
Texas had to pay people for consuming their electricity, they generated so much wind power. Likewise off Europe.
Trump, et al, required a 30% duty on Chinese solar panels because the USA companies "could not compete". Maybe the companies should revisit how they do business?
What if We The People (of the world) ignore Trump and his budgets.
What happens if we pay, directly, to fund the solar, wind, wave and tidal energy development, perhaps swamping the fossil fuel industries?
What about us using those power generation means to power our houses, families, households, and devices?
If we (members of rich or medium nations, obviously excepting OPEC, coal company locations, etc.): If we each provided USD$5 or something equivalent, would it move that research forward?
Would we and our children reap the rewards of that small investment?
I don't know about you folks, but my wallet is out, ready to donate.
Maybe I should set up an organization to fund the research? Might need some help here, but no-one, absolutely no-one, would be paid as much as a CxO. More along the lines of "just another employee". Most especially me. Isn't that subversive?
My wife and I were in middle school / junior high. I was in Germany. People from all over the village came up and offered condolences, then expressed hope that this would not end the program. Later, they invited us to watch the launches from their televisions in their living rooms, as a triumph for the world. I did not learn what contributed to the fire for decades. Once I did learn (pure oxygen atmosphere), I was horrified. But, we always learn from previous mistakes. Our hearts now go out to their families. Let us raise a toast: "To Those who have Gone Before..."
Here's the approach we find useful. Nothing, absolutely nothing, is backed up at work. Anything that is on the employer's systems belongs to that employer(s). Getting out of the buildings with anything other than the clothes on your back and the ID in your wallet might be difficult. We've all heard the horror stories about step-away-from-the-keyboard-we'll-ship-you-your-stuff.
First, I trust my spouse completely; if you cannot or do not trust your spouse, you must use some other means, probably the safe deposit box and a separate, corporate executor for your will and estate, plus a hammer-down for anything truly interesting.
I keep an encrypted volume on my (and spouse's) machine, backed up weekly, from my machine to spouse's, using TrueCrypt. One of the files in that encrypted volume is my passwords -- (nearly) all of them. The ones that I do not back up are the accounts where I work, since they'd freeze the accounts and information anyway (or delete them, which is their problem). The encrypted volume keeps "casual" eyes out (e.g. children, TSA, other strangers).
I regularly take a copy of that encrypted volume on a removable media to our safe deposit box, which spouse also can access, and has a key to. That prevents the safe deposit box from being frozen while the courts unwind at great cost to the estate.
I dump a hardcopy of the passwords, and ALL vital documents, and put it in a firesafe in the house. Depending on which needs to be where, the original is in the firesafe (e.g. wills, etc.) or the safe deposit box (deeds to property, etc.) The passwords get stuffed in an opaque envelope, sealed and signed across the flap. At least annually, a copy gets dropped in the safe deposit box.
A further copy of the wills, important documents, and annual copy of passwords (hardcopy) gets sent to executor, in a double-wrapped (inner & outer envelope), sealed, certified, tracked envelope. Inner envelope has info for the executor. Outer just is a plain "postal" or "delivery service" envelope.
In the event of a house fire, the fire safe supposedly survives; the safe deposit box does. Should a common disaster hit spouse and me, there's the executor, plus legal access, for more or less "current" updates. In the event of an untimely death, the current backups and the firesafe are "current". In the event of a major evacuation for a natural disaster, it's grab-the-laptop-and-go. We can do drive recovery later if needed. In the event of a complete disaster, the executor has everything they need.
Nothing truly of value is that large: videos, etc, need stored else-how. Inventory and family photos in digital form need treated similarly to password files. pr0n and politically unacceptable documentation is your own damned problem.
If I had information that I could not share with spouse, but needed to survive, and perhaps be released in some manner, I would probably choose a hammer-down method, whereby, if I fail to send a signal for a certain period of time, the holder of that info follows certain instructions. Sort of a time-logic-bomb like some stupid sysadmins have left when they got fired (probably deservedly, for such stupid behavior; if they'd been that worthwhile, they need not have feared).
And, ask anyone that has survived a really good disaster: it's people, pets, and anything else, in that order. If you get out with your people and children, and save the pets, you're golden. Anything after that might be really regrettable, but you will / have survived to do something about it. And, yes, we have a (few) irreplaceable physical objects (one guitar, in particular), but if we've got the people, the kids, and the pets (souls and beings that they are), everything, EVERYTHING else, is replaceable.
YMWV; IANAL; and all the usual caveats. (Your Mileage Will Vary)
Slashdot Mirror
"Just because you can does not mean you should...." "Oh, look here: I can make this nuclear power plant fail, going core-melt-down, by deceiving these sensors. Let's see what happens!" Chernobyl, anyone? Fukushima? Only remotely caused, not natural or on-site disasters? "Well, they should have prepared for that. Sucks to be them." But maybe you and your family are "downstream" from the disaster? Somewhere, somehow, some time, some user will enter something that simply never makes sense. "Nobody would EVER do that!" Except they just did. Most likely: they are naive do something the programmer NEVER expected. Perhaps they were just trying to get through the "forms" or "input" or whatever and just chucked "some" value in the input blank to get the job done. More likely, they are malicious, trying to find failure modes using bots, fuzzers, and all those tools, free-for-the-download for the naive and malicious to use. Somebody else said it, but "NEVER underestimate bad taste and human stupidity." (To which, I respectfully add: "laziness and maliciousness". Every time I hoped for a better outcome in the past 40 years, I've been proven oh, So WRONG.) Yes, they will use meta-meta-meta-codes to exploit your program. Reject them and give an error code to whatever called that function, script, or program. Spreadsheets are not databases, although a self-taught "developer" used them as such. (He understood spreadsheets but had never beheld a normalized, rational database. But it showed pretty pictures. I cringed. He built a business on it. Somebody help them all?) Define the job, then find the correct tool(s). Protect those tools from misuse: ALWAYS type check AND range-check your input and use "safe" memory allocation and output functions. "If it doesn't fit, you must reject." from Hard-won experience. I set coding standards for a utility company and input (type / range) checking for a rather large organization, just protecting the little projects I happened to enjoy.
Texas had to pay people for consuming their electricity, they generated so much wind power. Likewise off Europe. Trump, et al, required a 30% duty on Chinese solar panels because the USA companies "could not compete". Maybe the companies should revisit how they do business? What if We The People (of the world) ignore Trump and his budgets. What happens if we pay, directly, to fund the solar, wind, wave and tidal energy development, perhaps swamping the fossil fuel industries? What about us using those power generation means to power our houses, families, households, and devices? If we (members of rich or medium nations, obviously excepting OPEC, coal company locations, etc.): If we each provided USD$5 or something equivalent, would it move that research forward? Would we and our children reap the rewards of that small investment? I don't know about you folks, but my wallet is out, ready to donate. Maybe I should set up an organization to fund the research? Might need some help here, but no-one, absolutely no-one, would be paid as much as a CxO. More along the lines of "just another employee". Most especially me. Isn't that subversive?
My wife and I were in middle school / junior high. I was in Germany. People from all over the village came up and offered condolences, then expressed hope that this would not end the program. Later, they invited us to watch the launches from their televisions in their living rooms, as a triumph for the world. I did not learn what contributed to the fire for decades. Once I did learn (pure oxygen atmosphere), I was horrified. But, we always learn from previous mistakes. Our hearts now go out to their families. Let us raise a toast: "To Those who have Gone Before..."
Here's the approach we find useful. Nothing, absolutely nothing, is backed up at work. Anything that is on the employer's systems belongs to that employer(s). Getting out of the buildings with anything other than the clothes on your back and the ID in your wallet might be difficult. We've all heard the horror stories about step-away-from-the-keyboard-we'll-ship-you-your-stuff.
First, I trust my spouse completely; if you cannot or do not trust your spouse, you must use some other means, probably the safe deposit box and a separate, corporate executor for your will and estate, plus a hammer-down for anything truly interesting.
I keep an encrypted volume on my (and spouse's) machine, backed up weekly, from my machine to spouse's, using TrueCrypt. One of the files in that encrypted volume is my passwords -- (nearly) all of them. The ones that I do not back up are the accounts where I work, since they'd freeze the accounts and information anyway (or delete them, which is their problem). The encrypted volume keeps "casual" eyes out (e.g. children, TSA, other strangers).
I regularly take a copy of that encrypted volume on a removable media to our safe deposit box, which spouse also can access, and has a key to. That prevents the safe deposit box from being frozen while the courts unwind at great cost to the estate.
I dump a hardcopy of the passwords, and ALL vital documents, and put it in a firesafe in the house. Depending on which needs to be where, the original is in the firesafe (e.g. wills, etc.) or the safe deposit box (deeds to property, etc.) The passwords get stuffed in an opaque envelope, sealed and signed across the flap. At least annually, a copy gets dropped in the safe deposit box.
A further copy of the wills, important documents, and annual copy of passwords (hardcopy) gets sent to executor, in a double-wrapped (inner & outer envelope), sealed, certified, tracked envelope. Inner envelope has info for the executor. Outer just is a plain "postal" or "delivery service" envelope.
In the event of a house fire, the fire safe supposedly survives; the safe deposit box does. Should a common disaster hit spouse and me, there's the executor, plus legal access, for more or less "current" updates. In the event of an untimely death, the current backups and the firesafe are "current". In the event of a major evacuation for a natural disaster, it's grab-the-laptop-and-go. We can do drive recovery later if needed. In the event of a complete disaster, the executor has everything they need.
Nothing truly of value is that large: videos, etc, need stored else-how. Inventory and family photos in digital form need treated similarly to password files. pr0n and politically unacceptable documentation is your own damned problem.
If I had information that I could not share with spouse, but needed to survive, and perhaps be released in some manner, I would probably choose a hammer-down method, whereby, if I fail to send a signal for a certain period of time, the holder of that info follows certain instructions. Sort of a time-logic-bomb like some stupid sysadmins have left when they got fired (probably deservedly, for such stupid behavior; if they'd been that worthwhile, they need not have feared).
And, ask anyone that has survived a really good disaster: it's people, pets, and anything else, in that order. If you get out with your people and children, and save the pets, you're golden. Anything after that might be really regrettable, but you will / have survived to do something about it. And, yes, we have a (few) irreplaceable physical objects (one guitar, in particular), but if we've got the people, the kids, and the pets (souls and beings that they are), everything, EVERYTHING else, is replaceable.
YMWV; IANAL; and all the usual caveats. (Your Mileage Will Vary)
PrivateNotCoward