|
A survey reveals a deep divide between developer aspirations for security and organizational practices. Do as we say, not do as we do?
|
|
|
|
|
He didn't mention the #1 reason that it all goes undone:
Quote: Booooorrr-rrrrrrrrinnnngggggg
|
|
|
|
|
It's more like do what we say we want to do, not what we are given time and resources to do. In other words, a lot of that falls on the deaf ears of management. Some of them realize that it needs to be done, few actually get behind it and make it happen. Things like that have to be done in spite of management. At least, that's been my experience. They seem to have the attitude that it's never been a problem for us in the past so why should we worry about it now?
|
|
|
|
|
It's the kind of thing that needs a "champion", within an organisation.
The rest of us are just too damned busy with the other things we're championing.
If you find one of those guys, send him my way.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Remote management features that have shipped with Intel processors for almost a decade contain a critical flaw that gives attackers full control over the computers that run on vulnerable networks. That's according to an advisory published Monday afternoon by Intel. Fortunately, no one uses those chips
|
|
|
|
|
A "critical flaw" that is, for the most part, prevented from being exploited by a whole pile of other security measures.
|
|
|
|
|
Hi Rick,
Not sure why you felt the need to downplay this security issue. I refrained from replying initially... and decided to wait until this thread left the front page.
If you have a recent Intel processor[^]... there is a second ARC SoC[^] on the chip running the ThreadX operating system[^].
As it turns out... all you need to do is pass a NULL hash in the HTTP authentication header[^] to gain complete control of any machine on the network managed via AMT.
Let me put this into perspective... Microsoft[^], Google and thousands of other companies are utilizing Intel AMT[^] on some employee devices... including R&D software engineers. Someone could walk into the guest lobby... connect to the guest WiFi and potentially connect to any AMT enabled device on the network and clone the hard drives. AMT enabled devices listen on port 16992 and this port is generally whitelisted to allow system administrators access to employee machines on all networks.
Best Wishes,
-David Delaune
modified 6-May-17 2:33am.
|
|
|
|
|
What are tech workers' heart's desires? Consider how many of them you could implement in your shop, and make the staff's dreams come true. "I hope I die before I get old"
Yeah, too late.
|
|
|
|
|
Microsoft announced a new code-builder addition to Minecraft: Education Edition, meant to help students learn coding skills through the popular game. I'd make a 'code block' joke, but that would be lame
|
|
|
|
|
“Everything that runs on Windows 10 S is downloaded from the Windows Store,” says Microsoft’s Windows chief Terry Myerson. Just don't call it Windows RT 2.0
|
|
|
|
|
Windows 10 Store?
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
Afzaal Ahmad Zeeshan wrote: Windows 10 Store? It's actually called the windows store, but there are only 10 apps worth downloading from it -- which no-one can find, anyway, because they're buried under the millions and millions of worthless apps.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Fixed that for you...
Sudden Sun Death Syndrome (SSDS) is a very real concern which we should be raising awareness of. 156 billion suns die every year before they're just 1 billion years old.
While the military are doing their part, it simply isn't enough to make the amount of nukes needed to save those poor stars. - TWI2T3D (Reddit)
|
|
|
|
|
Y'know, I can't help but wonder how many people are wandering the halls of Redmond, fingering their prayer-beads, and muttering the mantra "Please let us call it windows 11. Please let us call it windows 11..."
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Sounds like a poor attempt to get people to write UWP apps.
i cri evry tiem
|
|
|
|
|
|
Coinbase sees a lot of motivated attackers, it’s one of the things that makes working in security at Coinbase so interesting. Addendum to the 'Microsoft is replacing the password' article
modified 1-May-17 21:35pm.
|
|
|
|
|
Why does the link go to an InfoWorld article about YAJSF (yet another JS framework) ?
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
Prolly because I need a nap. Fixing. (And thank you)
TTFN - Kent
|
|
|
|
|
"Invisible Manipulators of Your Mind" by Tamsin Shah, New York Review, 04/27/17 [^] Quote: In 2007, and again in 2008, Kahneman gave a masterclass in “Thinking About Thinking” to, among others, Jeff Bezos (the founder of Amazon), Larry Page (Google), Sergey Brin (Google), Nathan Myhrvold (Microsoft), Sean Parker (Facebook), Elon Musk (SpaceX, Tesla), Evan Williams (Twitter), and Jimmy Wales (Wikipedia).3 At the 2008 meeting, Richard Thaler also spoke about nudges, and in the clips we can view online he describes choice architectures that guide people toward specific behaviors but that can be reversed with one click if the subject doesn’t like the outcome. In Kahneman’s talk, however, he tells his assembled audience of Silicon Valley entrepreneurs that “priming”—picking a suitable atmosphere—is one of the most important areas of psychological research, a technique that involves offering people cues unconsciously (for instance flashing smiley faces on a screen at a speed that makes them undetectable) in order to influence their mood and behavior. He insists that there are predictable and coherent associations that can be exploited by this sort of priming. If subjects are unaware of this unconscious influence, the freedom to resist it begins to look more theoretical than real. Even though Mark Z. wasn't there, you can bet he and the social-teratoma-posing-as-playground-for-screen-addicts he created are no slouch in the manipulation synapse-race as suggested by this very recent story: [^].
They are after us ... all of u$.
p.s. "Thinking, Fast and Slow" by Kahneman (2002 Nobel Prize in Economics) is a humbling read: if you are feeling suicidal, I don't recommend it.
«When I consider my brief span of life, swallowed up in an eternity before and after, the little space I fill, and even can see, engulfed in the infinite immensity of spaces of which I am ignorant, and which know me not, I am frightened, and am astonished at being here rather than there; for there is no reason why here rather than there, now rather than then.» Blaise Pascal
|
|
|
|
|
This was the only biggish problem I found with the Person of Interest show (apart from the fact that it devolved into endless A-Team shoot-fests).
In the Real World, it will happen like it's happening; which was incredibly predictable.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
A study comparing acceptance rates of contributions from men and women in an open-source software community finds that, overall, women's contributions tend to be accepted more often than men's - but when a woman's gender is identifiable, they are rejected more often. No comment
|
|
|
|
|
I'm sure if they used their best Tinder photo as a gravatar the results would be different.
|
|
|
|
|
So when the men don't know that you're a woman your commit will be accepted, when the men know you're a woman the same commit will not be committed, but when you're a sexy woman your commit will be accepted again.
Results will be different, but it's still biased
|
|
|
|
|
A response from Dalek Dave, when finding a female member of CP, sticks in my mind like a dagger that I'd like to jab in his eyes.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|