|
To be fair some of the Microsoft classes can be difficult to use.
After a few months battling my way through problem with the configuration classes, I really regretted my decision to use those MS classes.
In future, I might roll my own or find an alternative. My point being, is that we all will have bad experiences that influence our future decisions. In time, you may forget what those reasons were and just stick to the libraries and patterns you're familiar with.
Arguing over performance was the wrong argument to have. You should have really dug into the statement 'weren't any good.
|
|
|
|
|
True story...
When I was a system engineer with Sperry-UNIVAC back in the day, one of the account reps told us a story about an IT manager that he swore was true.
A client IT director was complaining about the slowness of printing reports from one of our small mainframe machines. As most of these directors did not want to spend the monies to upgrade to the far faster printers, this particular account rep suggested that the director put the disk drive units on their third floor, the mainframe unit on the second and the printer on the first. This way the electrons would be going down and as a result, much faster to the printer.
About a month later when the account rep visited the account for a regular checkup-call he found the director immersed in blue-prints for the reconstruction of the IT department. Asked what the director was doing he told the account rep that he had gotten permission to start rebuilding the IT areas to implement the account rep's previous month's suggestion for faster printing...
Our profession is just littered with stories of such stupidity, which are more often than not completely true. The reason for this is that the quality of technical management in our field tends to be quite low despite all the hype about how they consistently try to hire the best and brightest. In short, most such management are irrational, incompetents who barely have the ability to reason beyond what the company expects of them.
They in turn hire buffoons who the original poster of this thread described.
Rational, technical personnel who understand this perpetuation of irrationality in our field slowly go insane over the many years we attempt to deal with such people in during our career.
It is no wonder that our profession is such a mess?
Steve Naidamast
Sr. Software Engineer
Black Falcon Software, Inc.
blackfalconsoftware@outlook.com
|
|
|
|
|
|
Steve Naidamast wrote: This way the electrons would be going down and as a result, much faster to the printer.
Totally speechless on that one! I've seen a lot of stupidity over the 25 years of my career, but that one is epic.
Great story and a fantastic summary of the IT industry (at least 90%), unfortunately.
|
|
|
|
|
I will never forget the expression of the account rep's face when he told us that story. He said the day that he went into that company and found out what was going on he was incredulous to the point of shock that someone could be so stupid as to actually believe what he had told them...
Steve Naidamast
Sr. Software Engineer
Black Falcon Software, Inc.
blackfalconsoftware@outlook.com
|
|
|
|
|
|
I wandered around on his blog too. It does have a lot of interesting articles.
|
|
|
|
|
I think what you describe here can be hypothetically (partially) explained by the "Dunning-Kruger" research: [^]; however, I suspect there are other dimensions to the dynamic of your interactions, as well, such as: maintenance of "face" by the nominally senior role-holder who feels challenged by you, technically.
Without more information on context, like where, when, public/private, who else was present, etc., useless to speculate more.
cheers, Bill
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
|
|
|
|
|
We have a large corporate client that is asking for our Windows 10 software (network service) and Windows mobile 6.5 hardware/software to be Penetration (PEN) tested. Does anyone out there have any experience in this area?
1. Recommend a vendor to provide PEN-testing
2. Suggest what it might cost to PEN-Test a Windows application and/or a device
3. Have suggestions to avoid hazards in going down this unknown road?
We are being given results back from Qualys w.r.t. how our system performs. Anyone have experience with them?
|
|
|
|
|
|
See my post below
Just be sure that pen test != DDoS attack
Last year we got some good results that helped us secure the system though.
We even learned a thing or two in the process
The costs depend on the size of your system.
A coworker told me the pen test at his previous employer took three to four weeks (for a team of 2-4) and cost about €40.000,-.
That was a big system.
Our current pen test takes about a week and I don't know the costs involved.
|
|
|
|
|
Sander Rossel wrote: Our current pen test takes about a week and I don't know the costs involved. When the lawsuit's over, you should be at least a million up on the deal.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
No one is suing anyone over a slow system.
This isn't America
|
|
|
|
|
Sander -
If you can find out who gave you good results, I would love to hear from whom.
David
|
|
|
|
|
Best I don't, they're the same people that DDoSed us yesterday
|
|
|
|
|
What you really want is a Vulnerability Assessment, which may or may not include a pen test. If they're insisting on that, it's fine, but a pen test alone will only give you specific details, not an actual overview of system vulnerabilities (and therefore a road map as to how to fix it).
Just make sure it's an established security consultant (if they've been in business less than a year, move on) and that they hold a certain level of certification (SANS, CISSP, etc). Any consultant or service worth their salt should be able to provide references.
If the client has a specific parameter for who they want, or what accreditation they hold, and they're really that big of a client, it's likely best to follow their model.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
Benjamin -
(I feel like a broken record here) - do you have any recommendations that have done good jobs for you?
Thanks,
David
|
|
|
|
|
I have used several companies in the past most recently NCC (recommended) and Pentura. Both UK based.
Costs approx £5-10,000 for a system with 2 web services, one web portal and an Android app.
Main suggestion is to get them to include a "re-visit" of issues found once you think you have fixed them - there will be vulnerabilities .
|
|
|
|
|
Thanks and great suggestion on having them revisit the site afterwards.
|
|
|
|
|
One of our large corporate clients had some organization do penetration testing for us a couple of years ago. Some good feedback, some crap.
However, when it came to "o.k., who's going to pay for implementing all this?", nothing happened. I wonder what ever became of that information.
So, before setting out on this, make sure that someone has the wherewithal to actually act upon the results, or don't waste time.
|
|
|
|
|
Ok, time to lower the tone 'cos this topic recently came up at work and I'm not allowed to do this in the office.
Cue Eric Idle ...
Penetration Testing? Nudge nudge. Know what I mean. Nods as good as a wink to blind budgerigar. Say no more squire. Say no more.
(Nudge Nudge - Monty Python's Flying Circus - YouTube[^]
|
|
|
|
|
Got some initial prices for Pen Test from a vendor today.
Looks like range of prices are:
$ 2K - you do the work to get the application to comply
$20K - They hand hold you to get the application to comply
Some of the breakdowns are:
$2500 / day for onsite testing - usually 3-5 days
$8000 for code review.
$2000 for subscription to Dynamic Scan of application for one year. Can be run as many times as required and includes 3hrs of support (total)
$7000 for 3hrs per month of support.
Hope this helps others looking.
|
|
|
|
|
Paula Januszkiewicz is very good.
|
|
|
|
|
I leave for a few years and holy crap, the only things I recognize from the site is bob, the color orange, and some of the posters (OriginalGriff, Nish, Joan Murt, Nagy, Marc Clifton, Chris [of course, the hamster whisperer lives here!])..
How is everyone?
|
|
|
|
|
When did you move to Canada?
Good to see you again on the site. Last time you posted, that I remember, you were talking about some cool recipes you were working on.
|
|
|
|