> You need to know the application domain and all parts of it.
I agree with that, 100%! I'm not doubting some of your statements, but you seem to be missing my main point. Forget fuzzing, type casting, tool sets, etc., I'm just arguing for purity in code as a better long term solution than post-processing object code.
I believe you are misconstruing what I've been saying. Tools are great, but they are no replacement for good solid code. Complex systems, or not, shouldn't contain the coding errors (they aren't bugs) that this and other fuzzing tools do find. Having, and awarding for such tools, leads, I believe, to an ecosystem of acceptability for poor coding. The correct avenue is to audit code and correct bad habits....but that takes deep knowledge of C/C++.
There is a vast difference between buggy code and poorly written code. The article and subject are about finding faults in poorly written code, which is something good programmers (and ones who are aware of a language's pitfalls and nuances) rarely produce. Testing is for finding bugs, rarely does testing involve analyzing code for purity.
Many a tool builder has come along to build tools to overcome failures. Fuzzing, or whatever you call it, is just a poor man's method of finding errors (the real problem) in some code. Glorified greps.
Nobody believes them anymore.... they just seem to do knee-jerk reactions to any and everything. Next thing you know the RNC will favor marijuana and homosexuality.
> Intelligence reports on a possible attack were made and not followed up on
That pretty much sums it all up. I say prosecute *everyone* involved who failed to "follow up", as you say. If we're not going to prosecute them, at least do pay them "talking head" money, nor give credence to their words.
Singapore has EXCELLENT coverage to all of Asia (sans West Asia). From Singapore you can easily serve content to both India and China (with http://cablemap.info/ to see the pipes going into and out of Singapore. In 2015, Singapore will gain improved connectivity to Australia (APX West). Taiwan is similarly situated, albeit further from India/Pakistan/etc.
I'm a receiver, I use UCEProtect to score emails, they help to block a LOT of recent and bleeding edge spam. I don't have to pay them anything for their assistance.
Slashdot Mirror
> You need to know the application domain and all parts of it.
I agree with that, 100%! I'm not doubting some of your statements, but you seem to be missing my main point. Forget fuzzing, type casting, tool sets, etc., I'm just arguing for purity in code as a better long term solution than post-processing object code.
I believe you are misconstruing what I've been saying. Tools are great, but they are no replacement for good solid code. Complex systems, or not, shouldn't contain the coding errors (they aren't bugs) that this and other fuzzing tools do find. Having, and awarding for such tools, leads, I believe, to an ecosystem of acceptability for poor coding. The correct avenue is to audit code and correct bad habits....but that takes deep knowledge of C/C++.
There is a vast difference between buggy code and poorly written code. The article and subject are about finding faults in poorly written code, which is something good programmers (and ones who are aware of a language's pitfalls and nuances) rarely produce. Testing is for finding bugs, rarely does testing involve analyzing code for purity.
Many a tool builder has come along to build tools to overcome failures. Fuzzing, or whatever you call it, is just a poor man's method of finding errors (the real problem) in some code. Glorified greps.
1) learn something that older people learned decades ago
2) write document warning people, who ignored history..., of the dangers!!
3) profit!
Nobody believes them anymore.... they just seem to do knee-jerk reactions to any and everything. Next thing you know the RNC will favor marijuana and homosexuality.
> Nagios is a stupid name
I Agreed, I always preferred NetSaint
Nope. It's sad, but modern medicine is more about the mercedes than the miracles.
> Appendicitis
I'm not so convinced that that's a disease, although I imagine it's quite painful.
It's more lucrative to treat a disease than it is to cure it.
> Intelligence reports on a possible attack were made and not followed up on
That pretty much sums it all up. I say prosecute *everyone* involved who failed to "follow up", as you say. If we're not going to prosecute them, at least do pay them "talking head" money, nor give credence to their words.
..who was on guard duty before 9/11.... why should anyone listen to him?
...grasping for straws.
Singapore has EXCELLENT coverage to all of Asia (sans West Asia). From Singapore you can easily serve content to both India and China (with http://cablemap.info/ to see the pipes going into and out of Singapore. In 2015, Singapore will gain improved connectivity to Australia (APX West). Taiwan is similarly situated, albeit further from India/Pakistan/etc.
Wikileaks has always stated they desire responsible disclosure.
Reality check: Who cares about companies hiding behind 3 letter names? AAF, ANA, DMA, IAB, NAI..... The internet was nicer before they came along.
Dude, Thanks for fixing this. Awesome effort!
When following a link to /., if I answer Yes to the pop-up prompt, i get redirected to http://m.slashdot.org/ and NOT the story I was linking to
won't won't
...a better love story than Twilight.
Rarely a FP, perhaps one a year. Like I said, I don't use them (or any RBL) to block, I do use them to aid in scoring.
I'm a receiver, I use UCEProtect to score emails, they help to block a LOT of recent and bleeding edge spam. I don't have to pay them anything for their assistance.
It's no different than business school examples vs real world practice.
...like mandatory auto insurance regulations of the 80s....
The UK could simply revoke the embassy permit, even for 30 mins.