The Security Reporting Conundrum
@ 2008-10-22 23:03:43
Filed under: Frustration Security Tech
I'm sitting here browsing the web and I come across an XSS in a popular hosted website/application. My immediate reaction is to alert the company ... but then I think about it .... some companies get offended when you report security issues or, worse yet, freak out and think your some kind of evil guy when all your trying to do is be helpful.
No one should have to think about it this way. If you see someone leave their keys in their door they won't freak out if you knock on their door and tell them ... they are happy! If someone leaves their front door open and you point it out they are thankful you caught it before someone walked in. Reporting a security vuln should work like that ... companies should be happy they get the report!
In the end I think I'll go ahead and report it to them. If they freak out then, well, they freak out ... I should do the right thing.
digg it
seed it
del.icio.us
ma.gnolia
Installing Linux on Acer's M4641 Desktop @ 2008-10-18 13:44:46
Filed under: Frustration Linux Tech
For about 3 hours last night I could not figure out why F10 x86 and x86_64 and Gentoo x86 and x86_64 install CD's all failed. It was really frustrating. After a bit of time I found out that there is a bios setting related to the OS that is booted .... Changing this from the default to the last setting (I think it was ANY or ALL or something like that) allowed me to start the installation. The funny thing is that by default it is NOT set to Windows (that was the second option) but it seems the first two only work with a Windows install ... and, well, I don't use Windows :-).
digg it
seed it
del.icio.us
ma.gnolia
A Web OS? Are You Dense? A Great Post @ 2008-09-20 11:39:04
Filed under: Code Frustration Tech
Tedd's post on chrome being an OS killer is spot on.
digg it
seed it
del.icio.us
ma.gnolia
Google Chrome ... Really? Windows Only? @ 2008-09-09 15:22:16
Filed under: Code Frustration Tech
That worries me ... a lot. Without a lot of community involvement I have a bad feeling that Google Chrome won't be anything but Windows only. When I've seen such strong usage of OS specific items it usually means the developers who wrote the code only know how to work with one system (not counting the IDE project files which is a big warning on it's own). It may not be true, but from first look it is something to worry about.
digg it
seed it
del.icio.us
ma.gnolia
Software Engineering Still Is In The Dark Ages @ 2008-09-01 20:11:00
Filed under: Code Frustration
I was reading about the fella who came up with Object Oriented Programming and how C++ and Java do not resemble what he was going after. I was reading about the more biological ideas behind oop and how it was suppose to pull together code and data so that everything that the object needed came along with it. It goes to show that when people have good ideas they seem to get bastardised into something that hardly resembles the idea if at all in the software engineering world. In a funny way people are mimicking biological systems in other ways. Take the idea of a service bus ... it's a lot like a digestive tract absorbing up items and placing other items back on. Note that service buses exist in spite of what we call oop today, not because of it. Unfortunately a lot of software engineers see patterns as binary ... you either always have a service bus or never (aka it's a great idea or it's a stupid idea). If we look to nature not everything has a digestive tract ... the simpler the organism the less likely one will exist. If we took that into software engineering we would then use service buses when things get very complicated ... yet we use service buses on web apps that are not really complicated until the bus is added! In nature such an organism would probably end up being wiped out. In the software world the complexity would be abstracted and built on top more than likely resulting in weird stability/logic issues.
digg it
seed it
del.icio.us
ma.gnolia
Filed under: Frustration Security Tech
I'm sitting here browsing the web and I come across an XSS in a popular hosted website/application. My immediate reaction is to alert the company ... but then I think about it .... some companies get offended when you report security issues or, worse yet, freak out and think your some kind of evil guy when all your trying to do is be helpful.
No one should have to think about it this way. If you see someone leave their keys in their door they won't freak out if you knock on their door and tell them ... they are happy! If someone leaves their front door open and you point it out they are thankful you caught it before someone walked in. Reporting a security vuln should work like that ... companies should be happy they get the report!
In the end I think I'll go ahead and report it to them. If they freak out then, well, they freak out ... I should do the right thing.
digg it
seed it
del.icio.us
ma.gnolia
Installing Linux on Acer's M4641 Desktop @ 2008-10-18 13:44:46
Filed under: Frustration Linux Tech
For about 3 hours last night I could not figure out why F10 x86 and x86_64 and Gentoo x86 and x86_64 install CD's all failed. It was really frustrating. After a bit of time I found out that there is a bios setting related to the OS that is booted .... Changing this from the default to the last setting (I think it was ANY or ALL or something like that) allowed me to start the installation. The funny thing is that by default it is NOT set to Windows (that was the second option) but it seems the first two only work with a Windows install ... and, well, I don't use Windows :-).
digg it
seed it
del.icio.us
ma.gnolia
A Web OS? Are You Dense? A Great Post @ 2008-09-20 11:39:04
Filed under: Code Frustration Tech
Tedd's post on chrome being an OS killer is spot on.
digg it
seed it
del.icio.us
ma.gnolia
Google Chrome ... Really? Windows Only? @ 2008-09-09 15:22:16
Filed under: Code Frustration Tech
[steve@tachikoman src]$ pwd
/tmp/chrome/src
[steve@tachikoman src]$ for ITEM in `echo "*.bat" "*.dll" "*.vcproj"`; do
echo -n "$ITEM: ";
find . -name $ITEM | grep -v ".svn" | wc -l;
done
*.bat: 22
*.dll: 114
*.vcproj: 284
[steve@tachikoman src]$
That worries me ... a lot. Without a lot of community involvement I have a bad feeling that Google Chrome won't be anything but Windows only. When I've seen such strong usage of OS specific items it usually means the developers who wrote the code only know how to work with one system (not counting the IDE project files which is a big warning on it's own). It may not be true, but from first look it is something to worry about.
digg it
seed it
del.icio.us
ma.gnolia
Software Engineering Still Is In The Dark Ages @ 2008-09-01 20:11:00
Filed under: Code Frustration
I was reading about the fella who came up with Object Oriented Programming and how C++ and Java do not resemble what he was going after. I was reading about the more biological ideas behind oop and how it was suppose to pull together code and data so that everything that the object needed came along with it. It goes to show that when people have good ideas they seem to get bastardised into something that hardly resembles the idea if at all in the software engineering world. In a funny way people are mimicking biological systems in other ways. Take the idea of a service bus ... it's a lot like a digestive tract absorbing up items and placing other items back on. Note that service buses exist in spite of what we call oop today, not because of it. Unfortunately a lot of software engineers see patterns as binary ... you either always have a service bus or never (aka it's a great idea or it's a stupid idea). If we look to nature not everything has a digestive tract ... the simpler the organism the less likely one will exist. If we took that into software engineering we would then use service buses when things get very complicated ... yet we use service buses on web apps that are not really complicated until the bus is added! In nature such an organism would probably end up being wiped out. In the software world the complexity would be abstracted and built on top more than likely resulting in weird stability/logic issues.
digg it
seed it
del.icio.us
ma.gnolia
