The problem is, USB thumb drives are more wide-spread, cheap as chips and, from a security stand-point, easy to loose.
Thankfully I havent lost any of my USB drives, I usually securely wipe them every few weeks JIC.
512 MB is very damaging, what corporations are scared of, are the copying of sensitive documents. Documents such as network diagrams, disaster recovery plans, security plans etc etc are usually no larger than 10 megs, but could deliver a damaging blow to business confidentality concerns.
I'm seeing a definate rise in large businesses I'm dealing with are already banning USB thumb drives.
I prefer QT over any other GUI toolkit available. But if QT is not going to be included in this distribution, its just another distribution I won't consider to install or offer to my clients.
Strikes me as being a bit harsh. I hate spam as much as the next person but the US legal system seems to go over the top in (especially) cyber sentences.
Accidently sending a malformed request to a web server could land you in the clink for years!
Send a spam criminal away for 5 years and I doubt he will do it again.
Next we'll be watching our back for sending 'wall' messages on at budding unix systems.
I thought about this technique a few years ago. Simply put, if I don't log into a unix system for more than 1 month it will fire off emails to said recipients on my behalf.
Of course, the cron job could to tuned not to fire off if I'm on holidays but yeah - this website is a neat idea!
This is one of the most fundimental plans that must be tested every 12 months. Fitted with scenerios such as this one.
An organisation with so much clout as the Alcohol Beverage Control division, they should have enough money to keep at least *one* person looking at it. Shame on them!
Crashing systems by applying updates to software, where it be OS or App is nothing new and certainly can happen on any artitechture.
It also doesn't help that slashdot has created another problem, slashdotting their webserver!:)
Ahhh, thank goodness I keep a stock pile in my cellar, now, where was I......
It's great to see the man has been able to cash in on his technical ability without loosing his vision and ethics. Cashing in his stock was a good "option"!
I still thought he drove a beaten up sedan and still lived a shed:)
He seems to have employed a stylist, the last time I saw him he was wearing glasses and had the real geek thing happening - a spring chicken!
Thanks for the intel, I checked the status of a supposed patch for the Yahoo login problem not 6 hours ago, with no luck.
Must of just been released.
Pays to be a paying Trillian member.
Cheers.
Vision of security isnt as bad as ./ make it
on
Secure Programming
·
· Score: 3, Informative
Been in the security game for 10 years...
From all these posts, it seems that all programmers don't have a clue about programming in a secure manner. I disagree, its just that times have changed.
Surely, a few years ago this was the case. But certainly not as bad as now. Most PHB worth their weight usually know the security buzz words associated with an implementation are. If they don't give support to the developers to create a secure solution, they arent just lacking in security skills - they are lacking in overall management skills and an understanding of IT. Security has to be part of the overall process when in development, PHB's must invest *training* for programmers and develop standards to follow.
Previous posters saying that it should be manditory for all post grads to have indepth security skills is down right short sighted. Security is a bottomless pit with many variables, a general subject can be taught. However, security can't stem strictly by programming practices. It is a collection of standards from all types, from the network, operating system to the application level. Not to mention the usual deal of people, process and technology.
I've lost count of how many pen tests I've completed where the application design was rock solid, however they had a bad password on their admin portal.
The KDE team have done a fantastic job at providing the necessary tools for even a slightly tech savvy user to upgrade to the latest development release.
Checkout Konstruct to learn how to run a simple script to download, verify, compile and install the components to get KDE working on your machine.
My understanding of the C language is rather limited. Reason being, never needed to development anything other than perl, php and python so I have a pretty good understanding of programming concepts.
I am interested in developing some C++ apps for the GUI, should I get out a C book first?
Admins (ect) from NY post your funny/heart breaking/serious stories from the outcome that was the black out.
Stuff like: 1. Systems that went down and stayed down. 2. Pointy haired bosses that realised that investing in Solaris instead of those "Linux Hobby" boxes was a bad move because none of the Solaris came back to life 3. You were just about to go-live with a product after 2 years of development, and then the power went out 4. Everyone went home because no-one could work, except your hot looking system admin babe couldnt resist you in the data center
ect ect
We, from the other side of the globe are interested:)
It has come to my attention a recent discussion on the so called "News for Nerds. Stuff that matters: Slashdot.org" website concerning the use of the terms "flavour" and "flavour".
I hereby state that the whole english language, when used in conjuction to develop a *nix platform belongs to SCO.
No! Actually - Bugger that, we *own* the english langage!
Without the proper purchased licenses, the rest of the world is obligated to speak another language.
Slashdot Mirror
we can apply the same fine structure for every junk email was receive......
wouldn't be so eager to start cracking media files.
:)
I mean, his just been let off on the DVD fiasco, his got some guts now going after the music industry by cracking the AAC format.....oh well
The problem is, USB thumb drives are more wide-spread, cheap as chips and, from a security stand-point, easy to loose.
Thankfully I havent lost any of my USB drives, I usually securely wipe them every few weeks JIC.
512 MB is very damaging, what corporations are scared of, are the copying of sensitive documents. Documents such as network diagrams, disaster recovery plans, security plans etc etc are usually no larger than 10 megs, but could deliver a damaging blow to business confidentality concerns.
I'm seeing a definate rise in large businesses I'm dealing with are already banning USB thumb drives.
and thus, is my job as a consultant to ensure that my clients best interests are met. My target market isnt GTK, there is enough work to go around.
I use QT because its clearly the best multi-platform development tool available.
I prefer QT over any other GUI toolkit available.
But if QT is not going to be included in this distribution, its just another distribution I won't consider to install or offer to my clients.
you mean, there is 3?!?!?
Strikes me as being a bit harsh. I hate spam as much as the next person but the US legal system seems to go over the top in (especially) cyber sentences.
Accidently sending a malformed request to a web server could land you in the clink for years!
Send a spam criminal away for 5 years and I doubt he will do it again.
Next we'll be watching our back for sending 'wall' messages on at budding unix systems.
Of course, the cron job could to tuned not to fire off if I'm on holidays but yeah - this website is a neat idea!
btw nice website mike. my html skills need a major ramp up i moved to melbourne this year - great place :)
Can somebody describe what Han shoots first is all about?
someone should then create a shell script to "package" it up and offer it for free...
ahh the smell of opensource
maybe its just me, but theres a possibility he was joking...... :)
their Disaster Recovery process?
:)
This is one of the most fundimental plans that must be tested every 12 months. Fitted with scenerios such as this one.
An organisation with so much clout as the Alcohol Beverage Control division, they should have enough money to keep at least *one* person looking at it. Shame on them!
Crashing systems by applying updates to software, where it be OS or App is nothing new and certainly can happen on any artitechture.
It also doesn't help that slashdot has created another problem, slashdotting their webserver!
Ahhh, thank goodness I keep a stock pile in my cellar, now, where was I......
It's great to see the man has been able to cash in on his technical ability without loosing his vision and ethics. Cashing in his stock was a good "option"!
:)
I still thought he drove a beaten up sedan and still lived a shed
He seems to have employed a stylist, the last time I saw him he was wearing glasses and had the real geek thing happening - a spring chicken!
Well done Linus!
Heheh. I haven't listened to the audio transcript yet, but his persona does sound like that of Teacher from South Park!
'Gather round Linux Children, mmmmkay we're going to talk about court injunctions and the greediness of our school' mmmmkay
yes it did!
Unfortunately I am in the same position as you. I'm still waiting.........
Wow!
Thanks for the intel, I checked the status of a supposed patch for the Yahoo login problem not 6 hours ago, with no luck.
Must of just been released.
Pays to be a paying Trillian member.
Cheers.
Been in the security game for 10 years...
From all these posts, it seems that all programmers don't have a clue about programming in a secure manner. I disagree, its just that times have changed.
Surely, a few years ago this was the case. But certainly not as bad as now. Most PHB worth their weight usually know the security buzz words associated with an implementation are. If they don't give support to the developers to create a secure solution, they arent just lacking in security skills - they are lacking in overall management skills and an understanding of IT. Security has to be part of the overall process when in development, PHB's must invest *training* for programmers and develop standards to follow.
Previous posters saying that it should be manditory for all post grads to have indepth security skills is down right short sighted. Security is a bottomless pit with many variables, a general subject can be taught. However, security can't stem strictly by programming practices. It is a collection of standards from all types, from the network, operating system to the application level. Not to mention the usual deal of people, process and technology.
I've lost count of how many pen tests I've completed where the application design was rock solid, however they had a bad password on their admin portal.
Nuff said....
The KDE team have done a fantastic job at providing the necessary tools for even a slightly tech savvy user to upgrade to the latest development release.
Checkout Konstruct to learn how to run a simple script to download, verify, compile and install the components to get KDE working on your machine.
http://www.smh.com.au/articles/2003/09/05/10625490 00698.html
(Remove the space between the two zeros in the URL - Don't know, some slashdot phenomenon
Thanks Brave Guy.
The website looks good!
My understanding of the C language is rather limited. Reason being, never needed to development anything other than perl, php and python so I have a pretty good understanding of programming concepts.
I am interested in developing some C++ apps for the GUI, should I get out a C book first?
Admins (ect) from NY post your funny/heart breaking/serious stories from the outcome that was the black out.
:)
Stuff like:
1. Systems that went down and stayed down.
2. Pointy haired bosses that realised that investing in Solaris instead of those "Linux Hobby" boxes was a bad move because none of the Solaris came back to life
3. You were just about to go-live with a product after 2 years of development, and then the power went out
4. Everyone went home because no-one could work, except your hot looking system admin babe couldnt resist you in the data center
ect ect
We, from the other side of the globe are interested
It has come to my attention a recent discussion on the so called "News for Nerds. Stuff that matters: Slashdot.org" website concerning the use of the terms "flavour" and "flavour".
I hereby state that the whole english language, when used in conjuction to develop a *nix platform belongs to SCO.
No! Actually - Bugger that, we *own* the english langage!
Without the proper purchased licenses, the rest of the world is obligated to speak another language.
Regards,
Darl McBride
C Programming Language (2nd Edition)
:)
by Brian W. Kernighan, Dennis Ritchie, Dennis M. Ritchie
For some reason the link doesnt work