Hmm. Maybe Hans didn't actually mean to kill his wife, he just had a shovel handy and being the FOSS geek he is saw the easiest, cheapest resolution to the problem so he could get back to writing his file system...
Another useful read (albeit not focused on PHP per-se) is David Wheelers Secure Programming (http://www.dwheeler.com/secure-programs/)
I have a simple guide when I write code, it's not flawless but it covers a lot of bases - every time I load a variable that has anything to do with generated content (i.e. from a user) I sanitise it - I don't report errors, I just strip out invalid characters (as a rule). It's not the best way to do it, but combined with a good site design it helps a lot.
Is the common approach simply to pop up a password-protected screensaver?
You should be doing that anyway. Defence in depth and all that.
Everyone seems to hail TrueCrypt (or any other full disk encryption) as the second coming but, like any other security mechanism, it should not be your only. So yes, pop up a password-protected screen saver - a cooler feature would be if TrueCrypt "hooked" into said screen saver and destroyed keys/dismounted volumes on two or three false passwords.
Actually the second server is sitting behind a NAT box running FreeBSD 6.4-STABLE - whether that affects it or not. Perhaps if the box in front was doing TCP Proxying rather than, say, NAT?
Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Warning: Hostname www.hotmail.com resolves to 12 IPs. Using 64.4.38.249.
Interesting ports on 64.4.38.249:
PORT STATE SERVICE VERSION
25/tcp filtered smtp
80/tcp open http Microsoft IIS webserver 6.0
443/tcp filtered https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING) : FreeBSD 6.X (85%)
Aggressive OS guesses: FreeBSD 6.2-RELEASE (85%)
No exact OS matches for host (test conditions non-ideal).
Service Info: OS: Windows
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 15.76 seconds
lg:~ root# nmap -sV -O -p 80 -PN -n xxx.xxx.xxx.xxx
Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Interesting ports on xxx.xxx.xxx.xxx:
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 6.0
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
Service Info: OS: Windows
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 8.46 seconds
lg:~ root#
The second server is obviously a known IIS/Win2003 box.
So obviously this is one person we wouldn't be converting to Linux, or we would be converting and then giving a Terminal server so she can't get infected or shot to hell but can use the software she wants to use.
Also, nobody was saying we should change the workflow at a critical time - last time I changed anyones workflow it was done via slow, behind the scenes scripts to offload a lot of the tasks, and then a final, skinned application that slowly evolved into the new software. Anyone who pushes the big red button without preparing their users is just an idiot, anyone who thinks that anyone would do the same thing with no preparation is probably not much better.
The right tool for the right job. Some days, that's just not Linux (or OS X).
Probably because we'd really like something going up that's not likely to poison us all in the highly unlikely even of an accident (wimpy bastards, want omelette, break eggs). Our current fuel might not be the most efficient, but a lot of people get nervous when nuclear materials go up (anyone remember WANK).
Whether you agree with it or not, Linux has a very small market share in the two places it counts: gaming and the office. It's "big news" here when we find a government organisation or a school going with a Linux installation, and until it stops being so we can never consider Linux *as good* as MS or OS X, purely because of usage base. This functionality is an excellent step in the right direction for the office software, because we (as sysadmin's) can build a server that silently integrates with all the XP/Vista machines on a network, without "telling" anybody about it. After a few months of having a stable linux server in place, we can start pushing stable Linux onto the less-than-important PC's - like the receptionist (who can/should be trained) or the marketing department. Slowly (but surely) bringing across all the machines possible we can to Linux. Having AD functionality is definitely the first step. Getting a decent-free Exchange-replacement will be the next (and I mean free in the same way that Debian is free, unrestricted as much as possible) in the chain. Simply put, any OSS supporter needs to make some compromises to get their software into the enterprise. People grow up on Windows, or on OS X (as a rule it is one or the other) not (necessarly) on Linux, so we need to ease them in.
Oh and Linux has its own Directory functionality, it's OpenLDAP. It's just not necessarily as easy to maintain as Open/Active Directory.
A basic understanding of the spectrum (and absolutely no RTFA on my behalf) would suggest that they mean one colour of the spectrum. So if they can cloak, say, the red spectrum, you'd show up looking a different colour than your normal sort.
Imagine looking at some purple paper and then removing the red visibility/light from it. Is it still purple to your eyes?
On the other end of the spectrum, I don't trust other companies to protect my data. At least when data is stolen off servers I control I know who is to blame.
Maybe some of the GP's post were a bit off, but he has a great damned point. I'm reminded of working a drive through and seeing a guy in a nice hotted up car, the full kit - a gorgeous rumble, nice rims, interior done right up, custom paint job and so on - counting out 5c pieces so he could get three meals for 4 kids who looked so damned grubby they could have come out of the deep fry along with the burger I was giving them. I'm not claiming to know their exact situation, but I had the distinct impression that he put everything into the car at the detriment of his partner and children. The same annoyance happens when I see cable or sat. dishes on government housing out here in Aus.
I don't hope we have another depression, but I'd like to see some enforced restrictions on what you can use your unemployment money for. Like not getting fox or 52" screens.
Mmmm no I believe the term I tend to use for the Mac admins I know who refuse to think outside the box is "Windows Admin". The rest of us are just fine with how we do things thanks.
You're putting a bit too much faith in the user I think.
Perhaps if the browser stored every certificate the first time it was seen, then flagged the user when it was changed (combined with relying on certificate chains and the like) we wouldn't be having so many issues with MiTM.
Unless the increase in noise levels causes a fluctuation in the power going to the write capability of the SSD thus causing it to "write harder", thereby burning out the sectors much faster. Of course this won't increase latency noticeably as the increased power will write just as fast, though it may cause requirements for larger capacitors so that the drop won't cause further delays farther down the line. Hmmm.
Dear $DEITY don't start pulling that apart, I'm joking.
My parents are the scariest support people I have to deal with. And having the mouse upside down I can see happening. Though my mothers complaint that her scanner wasn't working because she wasn't putting the paper on the glass.....
Or maybe looking for recruits? I'd imagine that if you're an American then working for some agency which will go un-named you would be earning a stack of money, and if you're a foreign national then they're going to set you up with a visa and a passport and some covert operation to fly your geeky self into the United States. Thus maintaining the "best of the best" cryptographic team, or at least trying to.
Hate to see what happens to the guy who finds the flaw and then says "Sorry, I want to work for [the Chinese]"...
Apart from the data-charges (which are *lethal*), the office that I have in Dubai is more highly paid for the 8 people there than the 16 (including a CEO) in the Australian office.
Just a note, didn't really have anything to say but thought the "slave wages" was a bit of a stretch. At least for my set of foreign workers.
Slashdot Mirror
Hmm. Maybe Hans didn't actually mean to kill his wife, he just had a shovel handy and being the FOSS geek he is saw the easiest, cheapest resolution to the problem so he could get back to writing his file system...
Not that I would use the same pin for my bank card as my iphone, thats crazy talk.
That's only because you know the bank won't let you use 1234 on your card ;)
Another useful read (albeit not focused on PHP per-se) is David Wheelers Secure Programming (http://www.dwheeler.com/secure-programs/)
I have a simple guide when I write code, it's not flawless but it covers a lot of bases - every time I load a variable that has anything to do with generated content (i.e. from a user) I sanitise it - I don't report errors, I just strip out invalid characters (as a rule). It's not the best way to do it, but combined with a good site design it helps a lot.
Is the common approach simply to pop up a password-protected screensaver?
You should be doing that anyway. Defence in depth and all that.
Everyone seems to hail TrueCrypt (or any other full disk encryption) as the second coming but, like any other security mechanism, it should not be your only. So yes, pop up a password-protected screen saver - a cooler feature would be if TrueCrypt "hooked" into said screen saver and destroyed keys/dismounted volumes on two or three false passwords.
Actually the second server is sitting behind a NAT box running FreeBSD 6.4-STABLE - whether that affects it or not. Perhaps if the box in front was doing TCP Proxying rather than, say, NAT?
The second server is obviously a known IIS/Win2003 box.
So obviously this is one person we wouldn't be converting to Linux, or we would be converting and then giving a Terminal server so she can't get infected or shot to hell but can use the software she wants to use.
Also, nobody was saying we should change the workflow at a critical time - last time I changed anyones workflow it was done via slow, behind the scenes scripts to offload a lot of the tasks, and then a final, skinned application that slowly evolved into the new software. Anyone who pushes the big red button without preparing their users is just an idiot, anyone who thinks that anyone would do the same thing with no preparation is probably not much better.
The right tool for the right job. Some days, that's just not Linux (or OS X).
"Do not open until Christmas 40010"
Probably because we'd really like something going up that's not likely to poison us all in the highly unlikely even of an accident (wimpy bastards, want omelette, break eggs). Our current fuel might not be the most efficient, but a lot of people get nervous when nuclear materials go up (anyone remember WANK).
Hai do joo w@ntz $$$?
up scotty is the last place I'd want to be beamed.
Whether you agree with it or not, Linux has a very small market share in the two places it counts: gaming and the office. It's "big news" here when we find a government organisation or a school going with a Linux installation, and until it stops being so we can never consider Linux *as good* as MS or OS X, purely because of usage base. This functionality is an excellent step in the right direction for the office software, because we (as sysadmin's) can build a server that silently integrates with all the XP/Vista machines on a network, without "telling" anybody about it. After a few months of having a stable linux server in place, we can start pushing stable Linux onto the less-than-important PC's - like the receptionist (who can/should be trained) or the marketing department. Slowly (but surely) bringing across all the machines possible we can to Linux. Having AD functionality is definitely the first step. Getting a decent-free Exchange-replacement will be the next (and I mean free in the same way that Debian is free, unrestricted as much as possible) in the chain. Simply put, any OSS supporter needs to make some compromises to get their software into the enterprise. People grow up on Windows, or on OS X (as a rule it is one or the other) not (necessarly) on Linux, so we need to ease them in.
Oh and Linux has its own Directory functionality, it's OpenLDAP. It's just not necessarily as easy to maintain as Open/Active Directory.
My $0.02 AU.
"one color" (whatever that means)
A basic understanding of the spectrum (and absolutely no RTFA on my behalf) would suggest that they mean one colour of the spectrum. So if they can cloak, say, the red spectrum, you'd show up looking a different colour than your normal sort.
Imagine looking at some purple paper and then removing the red visibility/light from it. Is it still purple to your eyes?
Because none of us are worried about raptor attacks...
On the other end of the spectrum, I don't trust other companies to protect my data. At least when data is stolen off servers I control I know who is to blame.
Sorry, Fox (aka Foxtel depending where you are) in Australia is pay-tv. We only have hmm 5 free-to-non-digital-air channels.
Note to self: Convert doomsday device to look like a hippy "good-vibe" machine.
Maybe some of the GP's post were a bit off, but he has a great damned point. I'm reminded of working a drive through and seeing a guy in a nice hotted up car, the full kit - a gorgeous rumble, nice rims, interior done right up, custom paint job and so on - counting out 5c pieces so he could get three meals for 4 kids who looked so damned grubby they could have come out of the deep fry along with the burger I was giving them. I'm not claiming to know their exact situation, but I had the distinct impression that he put everything into the car at the detriment of his partner and children. The same annoyance happens when I see cable or sat. dishes on government housing out here in Aus.
I don't hope we have another depression, but I'd like to see some enforced restrictions on what you can use your unemployment money for. Like not getting fox or 52" screens.
Mmmm no I believe the term I tend to use for the Mac admins I know who refuse to think outside the box is "Windows Admin". The rest of us are just fine with how we do things thanks.
You're putting a bit too much faith in the user I think.
Perhaps if the browser stored every certificate the first time it was seen, then flagged the user when it was changed (combined with relying on certificate chains and the like) we wouldn't be having so many issues with MiTM.
Unless the increase in noise levels causes a fluctuation in the power going to the write capability of the SSD thus causing it to "write harder", thereby burning out the sectors much faster. Of course this won't increase latency noticeably as the increased power will write just as fast, though it may cause requirements for larger capacitors so that the drop won't cause further delays farther down the line. Hmmm.
Dear $DEITY don't start pulling that apart, I'm joking.
parents excluded
Included dude... Included .
My parents are the scariest support people I have to deal with. And having the mouse upside down I can see happening. Though my mothers complaint that her scanner wasn't working because she wasn't putting the paper on the glass.....
Or maybe looking for recruits? I'd imagine that if you're an American then working for some agency which will go un-named you would be earning a stack of money, and if you're a foreign national then they're going to set you up with a visa and a passport and some covert operation to fly your geeky self into the United States. Thus maintaining the "best of the best" cryptographic team, or at least trying to.
Hate to see what happens to the guy who finds the flaw and then says "Sorry, I want to work for [the Chinese]"...
Yeah because that's proven to be safe so far.
Defence in depth people, defence in depth.
Apart from the data-charges (which are *lethal*), the office that I have in Dubai is more highly paid for the 8 people there than the 16 (including a CEO) in the Australian office.
Just a note, didn't really have anything to say but thought the "slave wages" was a bit of a stretch. At least for my set of foreign workers.
In Russia, First Pots
That's "In Soviet Russia" and "Frist Psot" you insensitive clod!