|
ts;db (too ess aitch one tee, didn't bother)
Thanks for your contribution.
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
But how much do you want them to spend? You are making the assumption that Microsoft does not care and actively ignores security vulnerabilities? Maybe they have in the past, but do you have any recent examples? Microsoft has stepped up it's security game in recent years and news I received from this website, indicates Microsoft software, despite its ubiquity does not have any vulnerabilities in the top ten exploited vulnerabilities?
A better analogy, perhaps would be if you have a broken lock in your house and I sold knowledge of the lock to a local cat burglar - closer to being an accessory to the crime.
Idaho Edokpayi
|
|
|
|
|
The issue of an exact (or ballpark) figure for the sum paid is not something I have examined or considered. It's the willingness to approach and offer to pay something that I'm looking for..
Not quite sure what of my words has led you to conclude that I assume Microsoft to be either/both dissinterested/actively ignoring known vulnerabilities.
In fact, I read just yesterday a request by one of their staff that adequate time to enact a fix be allowed between revealing the vulnerability to them and the general public. (I'll look for a link when I'm done here)
Presumably, they are in the position of asking (rather than dictating) as a direct consequence of failing to enter into a commercial agreement with the holders of said vulnerabilities. My employer pays me, and before doing so has me sign an NDA. Simple.
Paypal have a 'find-the-flaw' system, whereby they OFFER to pay for information related to security flaws in their products. Bad idea, or clever and practical?
I like your analogy - did you approach the lock's maker first, offering you the information you learned to them for a sum, in the interests of them improving their product? Or was this not a consideration, with you instead choosing to go straight to the thieves?
In fact, something somewhat similar happened recently - the maker of electronic door-locks for hotel rooms has had their sloppy work exposed. (I understand that the lock manufacturer was not made aware of this earlier than others. )
Surely this situation is to the benefit of all except those that had formerly been taking advantage of the hack?
http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/[^]
Thanks for your thoughts, I appreciate them.
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
MehGerbil wrote: An old lady pulls into her driveway and slowly unloads groceries. In the
process, she accidentally leaves her purse on the hood of her car. It's now
dark and there sits the purse - just brimming with cash.
Your analogy is flawed. It also ignores that the person wandering by need not do anything at all (neither steal nor tell her.)
A much better analogy...
An old lady runs a profitable, very profitable, dress shop.
And she drives other thriving shops out of business either by buying them out or by reproducing wares and undercutting the price.
Someone walks by every day, every hour, for a year and spends time looking for an open vent.
And then they ask to be paid, by anyone, for the work that had done (every day for a year.)
And note that they did not in fact use the vent.
|
|
|
|
|
Perhaps the best analogy of the thread. +5
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
enhzflep wrote: Do you wonder how the writers of these virii, or the finders of the exploits
that facilitated their activities live with themselves? I realize that most everyone that does hacking, viruses, spyware, etc... is in it for the money. And I realize that money is a powerful motivator.
However, I don't think I could live with myself if I knew was endangering other people (or their electronic lives). It's just not something I can fathom doing.
|
|
|
|
|
It's because I agree with your 2nd line, that I think the Stuxnet and Flame virii were the lesser of a number of evils. In planting the virii, the time taken to successfully enrich uranium in Iran was increased. Thus, providing more time to analyze the threat (perceived or real) posed by a rogue state controlling nuclear materials.
A quite possible alternative would have involved bombing the place into oblivion in the dead-of-night, much to the detriment of any staff in the facility at the time. Israel has certainly done that kind of thing before.
But, that's all a small facet of the problem at hand - it would be a shame to inflate it's importance (I hope I haven't been seen to do so)
Thank-you for your thoughts, GeekForChrist. I appreciate them.
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
enhzflep wrote: Thank-you for your thoughts, GeekForChrist. I appreciate them. Thank you.
|
|
|
|
|
System AND browser? Maybe just browser? If so, which one of the 2 IEs?
|
|
|
|
|
eh depends on the vulnerability, and it's not a security firm cause they just lost access to MS detail information. Microsoft gives real / honest security firms added details / access to some of their underlying items, to try and ward off some of this stuff to begin with. When you bite the hand that feeds you, it stops feeding you. Not to mention exploits for sale have to be super deeply rooted or they rarely go anywhere, problem is exploits only work if the developer has no idea they are there. Once made publically aware you end the value of the exploit. Not to mention add so much risk one of Microsofts investigation teams which I hear are better than the CIA and FBI combined, will end up tracking you down, and sending you off to jail for long time. So... while it is probably a legit exploit that could of been a problem by taking the direction they did, it instantly lost all its possible value.
|
|
|
|
|
Color is great in an application, but it’s only meaningful if it stands out from what’s normal in your application. Here are some simple examples of color used to subtle-but-useful effect in an application.
|
|
|
|
|
Unfortunately he forgot just about every design rule in there. The colour schemes seem arbitrary and don't seem to have a valid reason behind them. The changing colours in the text areas actually made the differently coloured toggle disappear.
|
|
|
|
|
An issue tracker is a valuable asset for any serious software development. Beside serving as a bug database, the tracker can be easily leveraged for technical discussion. GitHub, a popular code hosting service, provides a basic issue tracking system. How does it compare against another established player, Google Code Project Hosting? Do you like your issue tracker? Which features help you the most?
|
|
|
|
|
I use FogBugz
And just like it is all.
|
|
|
|
|
I often hear people say something like “if you need it once, build it. If you need it twice, abstract it.” People often say then in the context of the “DRY” – or Don’t Repeat Yourself – principle. In theory this sounds great because you’re removing duplication in your code. This falls apart pretty quickly in a lot of circumstances, though. The idea of DRY needs to be tempered with YAGNI – “You Aint Gonna Need It“. With that, we end up with The Rule Of Three, and it clearly says that code can be copied once but the third time you need it, you should abstract it. Once, twice, three times... a pattern.
|
|
|
|
|
The developer world is divided into two camps. Language mavens wax rhapsodic about the power of higher-level programming — first-class functions, staged programming, AOP, MOPs, and reflection. Tool mavens are skilled at the use of integrated build and debug tools, integrated documentation, code completion, refactoring, and code comprehension. Language mavens tend to use a text editor such as emacs or vim — these editors are more likely to work for new languages. Tool mavens tend to use IDEs such as Visual Studio, Eclipse, or IntelliJ, that integrate a variety of development tools. From the archives: a look at tool-versus-language approaches to development.
|
|
|
|
|
The TouchDevelop web app, which requires Internet Explorer 10, enables developers to publish their scripts so they can be shared with others using TouchDevelop. As with the Windows Phone version, a touchdevelop.com cloud service enables scripts to be published and queried, and when you log in with the same credentials, all of your scripts are synchronized between all your platforms and devices. Program your Windows Phone on your Windows Phone.
modified 1-Nov-12 18:26pm.
|
|
|
|
|
Terrence Dorsey wrote: Apollo Flight Controller 101: Every console explained Copy-paste gremlin.
/ravi
|
|
|
|
|
Thank you.
Director of Content Development, The Code Project
|
|
|
|
|
Apollo Flight Controller 101: Every console explained
Mission Operations Control Room 2 was used for almost every Gemini and Apollo flight, and in the late 1990s was restored to its Apollo-era appearance. You can visit it if you're in Houston, but you won't get any closer than the glassed-in visitor gallery in the back, and that's just not close enough. Strap yourselves in and prepare for an up-close look at the MOCR consoles, Ars style. Your handy reference to each station in the Apollo Mission Control room.
|
|
|
|
|
Powering cellular base stations around the world will cost $36 billion this year—chewing through nearly 1 percent of all global electricity production. Much of this is wasted by a grossly inefficient piece of hardware: the power amplifier, a gadget that turns electricity into radio signals. The versions of amplifiers within smartphones suffer similar problems. If you’ve noticed your phone getting warm and rapidly draining the battery when streaming video or sending large files, blame the power amplifiers. As with the versions in base stations, these chips waste more than 65 percent of their energy—and that’s why you sometimes need to charge your phone twice a day. Reducing the overhead of missing packets means fewer transmission and less power consumption.
|
|
|
|
|
Cool
|
|
|
|
|
Terrence Dorsey wrote: missing packets
For some reason that immediately triggered my recollection of this[^]:
Quote: If a packet hits a pocket on a socket on a port,
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Dan Neely wrote: For some reason that immediately triggered my recollection of this[^]: That is hilarious!
I love it!
|
|
|
|
|
Color has its uses beyond the text editor.Good syntax highlighting employs both contrast and meaning. Type names, string values, and delimiters are given different weight or color treatment from the rest of the code. As with any good thing, moderation is the key to colorizing. Call out what's important, aim for readability. Colorize all the things!
|
|
|
|