Search Results

Search found 22301 results on 893 pages for 'software sources'.

Page 70/893 | < Previous Page | 66 67 68 69 70 71 72 73 74 75 76 77  | Next Page >

  • What Can We Learn About Software Security by Going to the Gym

    - by Nick Harrison
    There was a recent rash of car break-ins at the gym. Not an epidemic by any stretch, probably 4 or 5, but still... My gym used to allow you to hang your keys from a peg board at the front desk. This way you could come to the gym dressed to work out, lock your valuables in your car, and not have anything to worry about. Ignorance is bliss. The problem was that anyone who wanted to could go pick up your car keys, click the unlock button and find your car. Once there, they could rummage through your stuff and then walk back in and finish their workout as if nothing had happened. The people doing this were a little smatter then the average thief and would swipe some but not all of your cash leaving everything else in place. Most thieves would steal the whole car and be busted more quickly. The victims were unaware that anything had happened for several days. Fortunately, once the victims realized what had happened, the gym was still able to pull security tapes and find out who was misbehaving. All of the bad guys were busted, and everyone can now breathe a sigh of relieve. It is once again safe to go to the gym. Except there was still a fundamental problem. Putting your keys on a peg board by the front door is just asking for bad things to happen. One person got busted exploiting this security flaw. Others can still be exploiting it. In fact, others may well have been exploiting it and simply never got caught. How long would it take you to realize that $10 was missing from your wallet, if everything else was there? How would you even know when it went missing? Would you go to the front desk and even bother to ask them to review security tapes if you were only missing a small amount. Once highlighted, it is easy to see how commonly such vulnerability may have been exploited. So the gym did the very reasonable precaution of removing the peg board. To me the most shocking part of this story is the resulting uproar from gym members losing the convenient key peg. How dare they remove the trusted peg board? How can I work out now, I have to carry my keys from machine to machine? How can I enjoy my workout with this added inconvenience? This all happened a couple of weeks ago, and some people are still complaining. In light of the recent high profile hacking, there are a couple of parallels that can be drawn. Many web sites are riddled with vulnerabilities are crazy and easily exploitable as leaving your car keys by the front door while you work out. No one ever considered thanking the people who were swiping these keys for pointing out the vulnerability. Without a hesitation, they had their gym memberships revoked and are awaiting prosecution. The gym did recognize the vulnerability for what it is, and closed up that attack vector. What can we learn from this? Monitoring and logging will not prevent a crime but they will allow us to identify that a crime took place and may help track down who did it. Once we find a security weakness, we need to eliminate it. We may never identify and eliminate all security weaknesses, but we cannot allow well known vulnerabilities to persist in our system. In our case, we are not likely to meet resistance from end users. We are more likely to meet resistance from stake holders, product owners, keeper of schedules and budgets. We may meet resistance from integration partners, co workers, and third party vendors. Regardless of the source, we will see resistance, but the weakness needs to be dealt with. There is no need to glorify a cracker for bringing to light a security weakness. Regardless of their claimed motives, they are not heroes. There is also no point in wasting time defending weaknesses once they are identified. Deal with the weakness and move on. In may be embarrassing to find security weaknesses in our systems, but it is even more embarrassing to continue ignoring them. Even if it is unpopular, we need to seek out security weaknesses and eliminate them when we find them. http://www.sans.org has put together the Common Weakness Enumeration http://cwe.mitre.org/ which lists out common weaknesses. The site navigation takes a little getting used to, but there is a treasure trove here. Here is the detail page for SQL Injection. It clearly states how this can be exploited, in case anyone doubts that the weakness should be taken seriously, and more importantly how to mitigate the risk.

    Read the article

  • I dont get the Graphics software

    - by Nicky Bailuc
    I have AMD Radeon HD 4850, with the latest drivers. I just dont get several things, what is x.org? What is FGLRX? Also, what is RandR? And why in the info section of the control centre it says Catalyst version is 12.6, but Catalyst control centre is 2.14, what is the difference between Catalyst and Catalyst control centre? Also, why is the Driver packaging version 8.98 while the Driver package says 12.6? I am extremely confused! As well as in the installer, what is the difference between choosing "Install Driver 8.98 on X.Org 6.9 or later" and "Generate Distribution Specific Driver Package"?

    Read the article

  • Linux distro for software development support?

    - by Xie Jilei
    I've spent too much time on setup & maintain a development server, which contains following tools: Common services like SSH, BIND, rsync, etc. Subversion, Git. Apache server, which runs CGit, Trac, Webmin, phpmyadmin, phppgadmin, etc. Jetty, which runs Archiva and Hudson. Bugzilla. PostgresSQL server, MySQL server. I've created a lot of Debian packages, like my-trac-utils, my-bugzilla-utils, my-bind9-utils, my-mysql-utils, etc. to make my life more convenient. However, I still feel I need a lot more utils. And I've spent a lot of time to maintain these packages, too. I think there maybe many developers doing the same things. As tools like subversion, git, trac are so common today. It's not to hard to install and configure each of them, but it took a long time to install them all. And it's time consuming to maintain them. Like backup the data, plot the usage graph and generate web reports. (gitstat for example) So, I'd like to hear if there exist any pre-configured distro for Development Server purpose, i.e., something like BackTrack for hackers?

    Read the article

  • Microsoft Plays the Open Source Software Game

    <b>Serverwatch:</b> "Microsoft has been busy these past few days reminding the world that it really is an organization of monstrous proportions and its tendrils reach from the humblest consumer desktop right up to the level of super-computing."

    Read the article

  • Microsoft Plays the Open Source Software Game

    OS Roundup: Microsoft appears to have woken up to the fact that free open-source Office clones may be the thin end of a very slippery wedge. Its response is loud and clear, as it tells the world, when it comes to operating systems Microsoft intends to be a formidable competitor for some time to come.

    Read the article

  • Microsoft Plays the Open Source Software Game

    OS Roundup: Microsoft appears to have woken up to the fact that free open-source Office clones may be the thin end of a very slippery wedge. Its response is loud and clear, as it tells the world, when it comes to operating systems Microsoft intends to be a formidable competitor for some time to come.

    Read the article

  • Software development project inception phase

    - by john ryan
    Currently our team develops Web Applications and now we are going to Windows Forms applications. I have created the inception phase for our Windows Forms project structure. eg: ApplicationSolution --> Security Project(Login Authentication) a. Users will be registered with different applications in our application database. eg: ProjectApplicationId|ProjectName | UserId 1 |ProjectApplication1| user 2 |ProjectApplication2| user b. Execute Application (Start) c. On Security dialog, application automatically get the userid of the user and see all the application it is registered using System.Security.Principal.WindowsIdentity.GetCurrent() eg: Prototype Welcome User! Please Choose Appliations you are registered on below: ProjectApplication1 <--this will be a dropdown ProjectApplication2 Password: [*********************] [Access Application Button] d. User selects the application with its password e. If the password is incorrect (application.exit()) else execute Selected Application eg: ProjectApplication1 is selected then execute ProjectApplication1 --> ProjectApplication1 --> ProjectApplication2 --> Many to come ++ if ProjectApplications has been closed then restart security Application. My questions on this use case: Is my use case possible? Can you give me any recommendations ? Currently we use setup and deployment to create installer in each Windows Forms application.

    Read the article

  • What are the basic skills a beginner JavaScript programmer should have?

    - by Sanford
    In NYC, we are working on creating a collaborative community programming environment and trying to segment out software engineers into differing buckets. At present, we are trying to define: Beginners Intermediates Advanced Experts (and/or Masters) Similar to an apprenticeship, you would need to demonstrate specific skills to achieve different levels. Right now, we have identified beginner programming skills as: Object - method, attributes, inheritance Variable - math, string, array, boolean - all are objects Basic arithmetic functions - precedence of functions String manipulation Looping - flow control Conditionals - boolean algebra This is a first attempt, and it is a challenge since we know the natural tension between programming and software engineering. How would you create such a skills-based ranking for JavaScript in this manner? For example, what would be the beginner JavaScript skills that you would need to have to advance to the intermediate training? And so on.

    Read the article

  • Repacked proprietary software keeps updating the same deb

    - by Johannes
    I repacked a proprietary program delivered as tar file to a deb file for having a company wide repository. I used reprepro to set up a repository and signed it. A unix timestamp is faking a versioning numbering, so I can have different (real) versions installed at the same time. Almost everything works as expected. The deb file looks like this: mysoft8.0v6_1366455181_amd64.deb Only problem on a client machine it tries to install the same deb file over and over again because it thinks its an update. What do I miss: control file in deb package looks like this: Package: mysoft8.0v6 Version: 1366455181 Section: base Priority: optional Architecture: amd64 Installed-Size: 1272572 Depends: Maintainer: me Description: mysoft 8.0v6 dpkg repackaging and the config in the repository: /mirror/mycompany.inc/conf/distributions: Origin: apt.mycompany.inc Label: apt repository Codename: precise Architectures: amd64 i386 Components: main Description: Mycompany debian/ubuntu package repo SignWith: yes Pull: precise Help much appreciated Added guide: This Is the guide I used to create the repository.

    Read the article

  • In a multidisciplicary team, how much should each member's skills overlap?

    - by spade78
    I've been working in embedded software development for this small startup and our team is pretty small: about 3-4 people. We're responsible for all engineering which involves an RF device controlled by an embedded microcontroller that connects to a PC host which runs some sort of data collection and analysis software. I have come to develop these two guidelines when I work with my colleagues: Define a clear separation of responsibilities and make sure each person's contribution to the final product doesn't overlap. Don't assume your colleagues know everything about their responsibilities. I assume there is some sort of technology that I will need to be competent at to properly interface with the work of my colleagues. The first point is pretty easy for us. I do firmware, one guy does the RF, another does the PC software, and the last does the DSP work. Nothing overlaps in terms of two people's work being mixed into the final product. For that to happen, one guy has to hand off work to another guy who will vet it and integrate it himself. The second point is the heart of my question. I've learned the hard way not to trust the knowledge of my colleagues absolutley no matter how many years experience they claim to have. At least not until they've demonstrated it to me a couple of times. So given that whenever I develop a piece of firmware, if it interfaces with some technology that I don't know then I'll try to learn it and develop a piece of test code that helps me understand what they're doing. That way if my piece of the product comes into conflict with another piece then I have some knowledge about possible causes. For example, the PC guy has started implementing his GUI's in .NET WPF (C#) and using LibUSBdotNET for USB access. So I've been learning C# and the .NET USB library that he uses and I build a little console app to help me understand how that USB library works. Now all this takes extra time and energy but I feel it's justified as it gives me a foothold to confront integration problems. Also I like learning this new stuff so I don't mind. On the other hand I can see how this can turn into a time synch for work that won't make it into the final product and may never turn into a problem. So how much experience/skills overlap do you expect in your teammates relative to your own skills? Does this issue go away as the teams get bigger and more diverse?

    Read the article

  • How can I get a list of installed programs and corresponding size of each in Ubuntu?

    - by Philip Baker
    I would like to have a list of the installed software on my machine, with the disk space consumed by them. A previous answer here says "you can do this via GUI in Synaptic". This doesn't mean anything to me. I don't know what GUI is, and when I click on Synaptic, I do not get anything like the display shown in the answer, i.e. with "Settings ? Preferences" and "Columns and Fonts". In Windows, you just select 'Programs and Applications' in the Control Panel, and the list comes up immediately, with sizes. Is there something similar and simple with Ubuntu? Could the size of each program be included on the list of installed software? This would be the most obvious place to put it.

    Read the article

  • Best free wireframe software for websites

    - by Fritz Meissner
    Working on a non-profit project and wondering if there's a standout wireframing tool for website design. I've taken photos of collaborative whiteboard drawings and now I want to put the results into something slightly more professional looking for review. For obvious reasons I'm not interested in anything that looks too much like the finished product or takes longer than it would for me to write the HTML. I checked out jumpchart, but that only seems to let you do content panes, not draw whole page layouts. Free or close to free is desirable - for instance jumpchart licensing seems very reasonable.

    Read the article

  • Software Design Idea for multi tier architecture

    - by Preyash
    I am currently investigating multi tier architecture design for a web based application in MVC3. I already have an architecture but not sure if its the best I can do in terms of extendability and performance. The current architecure has following components DataTier (Contains EF POCO objects) DomainModel (Contains Domain related objects) Global (Among other common things it contains Repository objects for CRUD to DB) Business Layer (Business Logic and Interaction between Data and Client and CRUD using repository) Web(Client) (which talks to DomainModel and Business but also have its own ViewModels for Create and Edit Views for e.g.) Note: I am using ValueInjector for convering one type of entity to another. (which is proving an overhead in this desing. I really dont like over doing this.) My question is am I having too many tiers in the above architecure? Do I really need domain model? (I think I do when I exposes my Business Logic via WCF to external clients). What is happening is that for a simple database insert it (1) create ViewModel (2) Convert ViewModel to DomainModel for Business to understand (3) Business Convert it to DataModel for Repository and then data comes back in the same order. Few things to consider, I am not looking for a perfect architecure solution as it does not exits. I am looking for something that is scalable. It should resuable (for e.g. using design patterns ,interfaces, inheritance etc.) Each Layers should be easily testable. Any suggestions or comments is much appriciated. Thanks,

    Read the article

  • Using Online Backup Software for Remote Workers

    More and more companies are giving workers laptops and sending them in the field. In fact, laptops and netbooks actually outsold desktops last year. Good new for those of you that love the mobility, ... [Author: Ken Totura - Computers and Internet - April 01, 2010]

    Read the article

  • What is a business problem?

    - by Juha Untinen
    Can you give an example or two of what a business problem is? I hear this word thrown around a lot, but even after searching, I cannot find a clear answer. Especially when it comes to software development. Are any of these classified as a business problem? Convert invoice from format A to format B Send data from Company A database to Company B database Create a program for time reporting Make the financial software retrieve data faster Generate a weekly data transfer volume statistic Or is a business problem something else?

    Read the article

  • Best accounting software for freelance/contractor programmer? [closed]

    - by user1352034
    I know this isn't exactly a programming question but I am hoping to find some programmers who freelance or do contractor work in the US. I have started to work on side jobs and have been billing my clients using Paypal. I then would store those records in a Google excel doc but realize this will get out of hand as time goes on and am looking for a good solution. I am no accountant so I am not sure of everything I would need but I am guessing basic invoicing, expenses, reporting, integration with paypal, etc.. Any contractors or freelancers in here could recommend what they use? I have researched a few but would like to hear what other people are using and how it is working out for them. Thanks for your time!

    Read the article

  • Software consultancy or in-house developement?

    - by JefClaes
    What are the benefits and drawbacks of working as an in-house developer versus working as a consultant and vice versa? I am pretty sure both breeds can be found on these forums and I hope you are willing to share your experience. Edit: Let me clarify the question. I wonder how the experience is like being a developer. For example: Being an in-house developer, you are able to learn from your mistakes. Being a consultant is often more challenging, because there is more variety in the problems you have to solve. PS: Although I realise that this is a subjective question, I don't necessarily see it as one of those bad-subjective questions.

    Read the article

< Previous Page | 66 67 68 69 70 71 72 73 74 75 76 77  | Next Page >