From my own point of view it's about what job your doing at the time A lot of devs take they're favored language and say it's the bee's knees regardless, so don't often provide an objective view
Device Drivers Ideally you want maximum speed and the least amount of code as it's likley the routines within Drivers will be called lots and lots of times by applications further up the chain Usually **C** is the favored choice for this
Desktop / Window Managers Again your facing a lot of code thats going to be called repeatedly lots of times but there's going to be a lot more complexity involved here So ideally you want something as close to **C** as possible but with object orientations with Class's etc, i.e. **C++**
Desktop Applications This is one of the two that most people will write for usually Linux tends to favor **C++ or Java**, Windows tends to favor managed **.Net** Applications I see Java being more of a forerunner of.Net but it's libraries have become a mess The latest.Net Core has the ability to compile down to native code, and is more feature rich meaning you get a whole bunch of syntactic sugar you simply don't get with other languages (see Reactive Extensions or Entity Framework) More features / easier to use = less time to get it to work, less code, easier to read, quicker to fix
Website Applications This is the second of the two that most people will write for Again the number of options available is massive, but personally I see.Net (specifically.Net Core) jumping ahead It's more feature rich, which means businesses will need less work time to implement a given feature and it's more type safe (vs PHP for example) meaning less likley to have problems with hacks or leaks
Administrative Scripts A lot of this depends on the environment your using, Linux for example has Bash scripts Ruby etc Windows has Powershell **Python** is my favorite here as it's cross compatible and easy to debug with Visual Studio or PyCharm, easy to read and has object orientation built in with a ton of libs
The people that are Xamarin are also the same people that maintain mono for running.Net apps under Linux For a while now they've been making money by selling a product that allows you to run.Net apps under Android and IOS The main down side is that it's quite expensive and an additional cost on top of Visual Studio. The main up side is that you can write apps for Android or IOS while using.Net and avoiding java
The above announcement means lots of.Net developers can now write apps for Android and IOS for free if they already have Visual Studio which is quite a big thing and opens the door for a lot of people to write Android apps
I was kind of expecting this when MS bought up Xamarin recently. Microsoft have been going the open source route recently in a big way with they're new.Net Core which is basically a complete re-write of.Net for 5.0 merging in mono at the same time. The target being the likes of Google / Facebook where you can have lots of websites running on linux boxes with docker isolation to compartmentalize security breaches
1. software that monitors every file change on the system, dll's exe's running apps, running services 2. software that monitors all event logs and emails you when certain patterns emerge such as brute force attempts 3. spending months turning off a gazillion group policy settings, or cisco settings to harden kit 4. Nessus is very good at flagging up open ports / (such as Avira's remote management ports for example), or the fact your not using ldaps for your domain
That is not checking boxes, and that is required to get a certificate That being said there are different auditors and from a higher management point of view it's going to pay to go with the ones that cause the least amount of hassle The last auditors we had included an ex police officer and a pro sys admin, the ones we're currently with also study our cisco configs for the switches and the firewalls to generate reports on advisories for stuff to change.
Being an admin myself that's had to lock down kit for PCI DSS standards, these work a little differently
1. First you need to be audited by an external auditor that provides the certificate If you don't follow the rules then no certification, bribes don't work ether, and most of these guys are really thorough.
2. The network needs to be seperated into DMZ and Protected zones, the credit card data only exists within the Protected zone and there's no direct contact from that zone to the internet, it has to go through a hardware firewall via the DMZ to get to the outside.
3. Typically you install software such as NNT or Tripwire, this monitors every change on the box from dll's being replaced to the smallest change such as Antiirus updates. Filtering and managing this can be a full time job as an admin, usually the software has stuff inbuilt to filter down av updates for example.
4. Next you usually have a set of reports usually built into the same monitoring software that run against all the hardware and check a large number of security settings, most of these can be setup via GPO's some can actually lock it down to the point where the hardware becomes unusable so it can be a comprimise sometimes.
5. Section 10 means that all event logs from all devices need to be captured into a database, this also has a reporting mechanism setup for example if someone tries to brute force the firewall within x minuites or so. minimum storage time is 12 months, also there should be off site backups
6. Every month windows updates need to take place, every 3 months there needs to be scans via software such as Nessus internally, external scans usually via the auditor. Every 6 months a review of the firewall rules, updates to all the software such as cisco firmwares etc.
7. 2 factor authentication is mandatory (yubikey and a password), all access to the kit should also be ip restricted.
8. All code is audited, software devs have to go on training courses, read up on security standards (try googling secure string in C#, or wasp)
The paperwork is horrendous, but it's far from checking boxes, a lot of work has to go into hardening kit for the PCI DSS complaince. Most of the settings you have to change on the kit to harden it usually originate from ether Nessus scans or the complaince reports run from the monitoring software and there's a lot of it.
One question to ask is, were Talk Talk PCI DSS 3.1 Compliant? Were they using software for change control, and logging of device event logs?
If your storing credit card data, then these standards require you to use software that recomends locking down kit, and logging via event logs to see who's broken in etc Also to get the certified you need to be audited by an external auditor, have monthly updates, 3 monthly scans, 6 monthly sotware updates etc. I can't help but think with all these break ins, it's just piss poor admin / or cheapness that's at fault
One of the things I've setup in the past is a server environment with PCI DSS compliance
by default comms between internal servers and the wsus server are also not protected via ssl (since you'd need to install the certs for the wsus onto the client machines if it's self signed)
one of the first things I turned on was SSL WSUS Support (along with SSL Active directory, and SSL everything else)
If your doing your job properly when it comes to securing environments usually you'll install a piece of software like tripwire or NNT or Nessus part of which checks over all the settings, like group and local policy, with port scans to list all the crap to be turned off or changed (wsus ssl in the group policy was at the top of the list btw)
I always thought the main issue with life on mars was the lack of a magnetic field On earth we have a big lump of metal spinning at the core, this generates the field needed to protect us from the solar wind but in the case of mars it's theorised that this isn't the case
without a magnetic field, this means more solar wind lots of radiation goodness and thinner atmosphere since the solar wind blasts the edge of the atmosphere away from the planet, similar to constantly thinning it out also less pressure equals liquids boiling off, which is probably why all the water is ether only frozen or underground
although I'd admit if they did get something to grow there it'd be fun to see all the fallout style mutations cropping up at the poles
The way I see it historically there were large differences between what you could do with VB.Net and C# but with each newer framework those differences have become less and less to the point where it's now just a question of syntax since both compile down to IL anyways
Personally I can write in C / C++ and understand C# if I want to I just find the syntax easier / quicker to write, my brain is just more in tune with VB.Net rather than C# although I recognise it can work the other way as well
With C# for example every line needs a terminating semicolon which is something inherited from the old C days (I find that irritating) with VB.Net it assumes every line is independent, if you want to put mutiple lines of code on one line you can use a colon:, or an underscore to continue a line which in practice just feels to work out better also if blocks / while blocks / other blocks are a bit more clearly defined with If / End If, While End While rather than curly braces { } for every block type
I see it as just personal preference in terms of syntax at this stage since essentially both are the same framework / to the point you can easily convert one to the other
I work in a medium sized software development company, and we work exclusively with.Net usually Visual Basic C# is also an option in.Net land, typically with the newer frameworks the differences functionality wise are fairly minor we started with.Net 2,0 web forms and are now on.Net 4.0, everything is backwards compatible as far as I can tell between frameworks Another direction would be php, or something more specialised such as Ruby for example
If you want rapid development cycles then having intelisense / auto completion / linq / entity framework is definitely something to look into these languages are server side, you also may want to consider how much of your website wants to be written in client side languages such as javascript. Personally I'm planning on learning Typescript which is a subscript of javascript, basically easier to write and more class based with intelisense
It all comes down to what kind of functionality you want to put into your web apps, and what your developers feel comfortable with
thanks for the info it wasn't tongue in cheek it was just something I remember off sneakers I just got it the wrong way round https://www.youtube.com/watch?... setec astronomy
In the UK we've had this for ages, I can't comment on how secure it is but it's very easy to use you just insert the card into a small reader, and use the same pin number as you use for the cash machine
There is a form of wireless chip and pin called contact less It's actually NFC which is sort of the next generation of RFID (not sure how secure it is), and is limited to about £20 or so for purchases you just swipe your wallet over the same chip and pin reader to pay for something under £20 (although you do have to watch out when you have multiple cards)
In the near future you'll be able to load an app onto your phone from the bank to allow contactless from the phone (we don't have that just yet) I was surprised at the US at the lack of it, but I suspect a lot of things is cash in hand over there (no sales tax)
Or how about Mars big brother it should be fun to watch the 'astronauts' or contestants slowly lose they're sanity while trapped in a metal can on the way to mars being watched on camera everywhere they go of course you'd have to dedicate a large chunk of the craft to the cameras and the big chair and to keep those supplies coming, we need ratings send a couple of bots called Huey Dewey And Louie (see Silent running), or for a bit more deranged fun how about that bot from Saturn 3
Slashdot Mirror
Can someone please re-phrase the story in the form of a car analogy
From my own point of view it's about what job your doing at the time
A lot of devs take they're favored language and say it's the bee's knees regardless, so don't often provide an objective view
Device Drivers
Ideally you want maximum speed and the least amount of code as it's likley the routines within Drivers
will be called lots and lots of times by applications further up the chain
Usually **C** is the favored choice for this
Desktop / Window Managers
Again your facing a lot of code thats going to be called repeatedly lots of times
but there's going to be a lot more complexity involved here
So ideally you want something as close to **C** as possible but with object orientations with Class's etc, i.e. **C++**
Desktop Applications .Net but it's libraries have become a mess .Net Core has the ability to compile down to native code, and is more feature rich
This is one of the two that most people will write for usually
Linux tends to favor **C++ or Java**, Windows tends to favor managed **.Net** Applications
I see Java being more of a forerunner of
The latest
meaning you get a whole bunch of syntactic sugar you simply don't get with other languages (see Reactive Extensions or Entity Framework)
More features / easier to use = less time to get it to work, less code, easier to read, quicker to fix
Website Applications .Net (specifically .Net Core) jumping ahead
This is the second of the two that most people will write for
Again the number of options available is massive, but personally I see
It's more feature rich, which means businesses will need less work time to implement a given feature
and it's more type safe (vs PHP for example) meaning less likley to have problems with hacks or leaks
Administrative Scripts
A lot of this depends on the environment your using, Linux for example has Bash scripts Ruby etc
Windows has Powershell
**Python** is my favorite here as it's cross compatible and easy to debug with Visual Studio or PyCharm, easy to read and has object orientation built in with a ton of libs
I'd recommend switching to MSYS2 since it can handle updates via the pacman command and does everything Cygwin can do
Sounds like what you need is E-Trial
https://www.youtube.com/watch?...
safeguards, I do not think that word means what you think it means
Since the article didn't explain things very well
The people that are Xamarin are also the same people that maintain mono for running .Net apps under Linux .Net apps under Android and IOS .Net and avoiding java
For a while now they've been making money by selling a product that allows you to run
The main down side is that it's quite expensive and an additional cost on top of Visual Studio.
The main up side is that you can write apps for Android or IOS while using
The above announcement means lots of .Net developers can now write apps for Android and IOS for free if they already have Visual Studio which is quite a big thing and opens the door for a lot of people to write Android apps
I was kind of expecting this when MS bought up Xamarin recently. Microsoft have been going the open source route recently in a big way with they're new .Net Core which is basically a complete re-write of .Net for 5.0 merging in mono at the same time. The target being the likes of Google / Facebook where you can have lots of websites running on linux boxes with docker isolation to compartmentalize security breaches
The key things are:
1. software that monitors every file change on the system, dll's exe's running apps, running services
2. software that monitors all event logs and emails you when certain patterns emerge such as brute force attempts
3. spending months turning off a gazillion group policy settings, or cisco settings to harden kit
4. Nessus is very good at flagging up open ports / (such as Avira's remote management ports for example), or the fact your not using ldaps for your domain
That is not checking boxes, and that is required to get a certificate
That being said there are different auditors and from a higher management point of view it's going to pay to go with the ones that cause the least amount of hassle
The last auditors we had included an ex police officer and a pro sys admin, the ones we're currently with also study our cisco configs for the switches and the firewalls to generate reports on advisories for stuff to change.
Being an admin myself that's had to lock down kit for PCI DSS standards, these work a little differently
1. First you need to be audited by an external auditor that provides the certificate
If you don't follow the rules then no certification, bribes don't work ether, and most of these guys are really thorough.
2. The network needs to be seperated into DMZ and Protected zones, the credit card data only exists within the Protected zone and there's no direct contact from that zone to the internet, it has to go through a hardware firewall via the DMZ to get to the outside.
3. Typically you install software such as NNT or Tripwire, this monitors every change on the box from dll's being replaced to the smallest change such as Antiirus updates. Filtering and managing this can be a full time job as an admin, usually the software has stuff inbuilt to filter down av updates for example.
4. Next you usually have a set of reports usually built into the same monitoring software that run against all the hardware and check a large number of security settings, most of these can be setup via GPO's some can actually lock it down to the point where the hardware becomes unusable so it can be a comprimise sometimes.
5. Section 10 means that all event logs from all devices need to be captured into a database, this also has a reporting mechanism setup for example if someone tries to brute force the firewall within x minuites or so. minimum storage time is 12 months, also there should be off site backups
6. Every month windows updates need to take place, every 3 months there needs to be scans via software such as Nessus internally, external scans usually via the auditor. Every 6 months a review of the firewall rules, updates to all the software such as cisco firmwares etc.
7. 2 factor authentication is mandatory (yubikey and a password), all access to the kit should also be ip restricted.
8. All code is audited, software devs have to go on training courses, read up on security standards (try googling secure string in C#, or wasp)
The paperwork is horrendous, but it's far from checking boxes, a lot of work has to go into hardening kit for the PCI DSS complaince.
Most of the settings you have to change on the kit to harden it usually originate from ether Nessus scans or the complaince reports run from the monitoring software and there's a lot of it.
One question to ask is, were Talk Talk PCI DSS 3.1 Compliant?
Were they using software for change control, and logging of device event logs?
If your storing credit card data, then these standards require you to use software that recomends locking down kit, and logging via event logs to see who's broken in etc
Also to get the certified you need to be audited by an external auditor, have monthly updates, 3 monthly scans, 6 monthly sotware updates etc.
I can't help but think with all these break ins, it's just piss poor admin / or cheapness that's at fault
In the future all programmers will be super fit and experts at dance dance revolution
http://www.wired.com/2015/07/b...
One of the things I've setup in the past
is a server environment with PCI DSS compliance
by default comms between internal servers and the wsus server are also not protected via ssl
(since you'd need to install the certs for the wsus onto the client machines if it's self signed)
one of the first things I turned on was SSL WSUS Support
(along with SSL Active directory, and SSL everything else)
If your doing your job properly when it comes to securing environments
usually you'll install a piece of software like tripwire or NNT or Nessus
part of which checks over all the settings, like group and local policy, with port scans
to list all the crap to be turned off or changed (wsus ssl in the group policy was at the top of the list btw)
I always thought the main issue with life on mars was the lack of a magnetic field
On earth we have a big lump of metal spinning at the core, this generates the field needed to protect us from the solar wind
but in the case of mars it's theorised that this isn't the case
without a magnetic field, this means more solar wind
lots of radiation goodness and thinner atmosphere since the solar wind blasts the edge of the atmosphere away from the planet, similar to constantly thinning it out
also less pressure equals liquids boiling off, which is probably why all the water is ether only frozen or underground
although I'd admit if they did get something to grow there it'd be fun to see all the fallout style mutations cropping up at the poles
But it goes all the way to 11 ...
How long do you think it'll take berfore someone uses a windows vunrability
to substitute the 3d model with a large penis with the Microsoft Logo on
I'll just leave this printing overnight, wtf
I hear the random number generation is one of the new key features
int darpaRandomNumber() // chosen by fair dice roll. guaranteed to be random.
{
return 4;
}
will it be using excited bromide in an argon matrix?
https://www.youtube.com/watch?...
The real question is how to get the sharks into orbit
One of the things I've read about is that individuals with Aspergers may have different than normal levels of oxytocin
http://www.autism.org.uk/livin...
Hope you enjoyed the ride ha ha
The way I see it historically there were large differences between what you could do with VB.Net and C#
but with each newer framework those differences have become less and less to the point where it's now just a question of syntax
since both compile down to IL anyways
Personally I can write in C / C++ and understand C# if I want to .Net rather than C#
I just find the syntax easier / quicker to write, my brain is just more in tune with VB
although I recognise it can work the other way as well
With C# for example every line needs a terminating semicolon which is something inherited from the old C days (I find that irritating) .Net it assumes every line is independent, if you want to put mutiple lines of code on one line you can use a colon :, or an underscore to continue a line which in practice just feels to work out better
with VB
also if blocks / while blocks / other blocks are a bit more clearly defined with If / End If, While End While rather than curly braces { } for every block type
I see it as just personal preference in terms of syntax at this stage since essentially both are the same framework / to the point you can easily convert one to the other
I work in a medium sized software development company, and we work exclusively with .Net usually Visual Basic .Net land, typically with the newer frameworks the differences functionality wise are fairly minor .Net 2,0 web forms and are now on .Net 4.0, everything is backwards compatible as far as I can tell between frameworks
C# is also an option in
we started with
Another direction would be php, or something more specialised such as Ruby for example
If you want rapid development cycles then having intelisense / auto completion / linq / entity framework is definitely something to look into
these languages are server side, you also may want to consider how much of your website wants to be written in client side languages such as javascript. Personally I'm planning on learning Typescript which is a subscript of javascript, basically easier to write and more class based with intelisense
It all comes down to what kind of functionality you want to put into your web apps, and what your developers feel comfortable with
thanks for the info
it wasn't tongue in cheek it was just something I remember off sneakers
I just got it the wrong way round
https://www.youtube.com/watch?...
setec astronomy
Isn't this supposed to be the job of the CIA?
I thought the NSA were only supposed to operate locally
In the UK we've had this for ages, I can't comment on how secure it is but it's very easy to use
you just insert the card into a small reader, and use the same pin number as you use for the cash machine
There is a form of wireless chip and pin called contact less
It's actually NFC which is sort of the next generation of RFID (not sure how secure it is), and is limited to about £20 or so for purchases
you just swipe your wallet over the same chip and pin reader to pay for something under £20 (although you do have to watch out when you have multiple cards)
In the near future you'll be able to load an app onto your phone from the bank to allow contactless from the phone (we don't have that just yet)
I was surprised at the US at the lack of it, but I suspect a lot of things is cash in hand over there (no sales tax)
who set the code for this thing shatner?
Code zero zero zero. Destruct. Zero.
Or how about Mars big brother
it should be fun to watch the 'astronauts' or contestants slowly lose they're sanity while trapped in a metal can on the way to mars
being watched on camera everywhere they go
of course you'd have to dedicate a large chunk of the craft to the cameras and the big chair
and to keep those supplies coming, we need ratings
send a couple of bots called Huey Dewey And Louie (see Silent running), or for a bit more deranged fun how about that bot from Saturn 3