software development, security, opinion
Web Review: The Myth of 800×600. Developing fixed-size Web pages is a fundamentally flawed practice. Not only does it result in Web pages that remain at a constant size regardless of the user’s browser size, but it fails to take advantage of the medium’s flexibility. Nonetheless, Web site creators continue to develop fixed pages. [Tomalak’s Realm]
Robert Scoble: “This is how Microsoft defined HailStorm to the developers on March 15…”
See also:
Directory of HailStorm sites
[Jake’s Brainpan]
developerWorks: CVS for the developer or amateur “This free, dW-exclusive tutorial introduces you to CVS, the Concurrent Versions System, used by developers around the world to develop software in a flexible and collaborative manner. Intended for those new to CVS, this tutorial will get both general users and new developers up to speed quickly. Whether you’d like to use CVS to check out the latest sources of a particular software package, or whether you’d like to begin using CVS as a full-fledged developer, this tutorial is for you.” [Zope Newbie News]
The Rise of “Worse is Better”
by Richard Gabriel
Counterpane Internet Security, Inc – Crypto-Gram — March 15, 2001.
Notable In this issue:
Security based on patches is inherently fragile. Any large network is going to have hundreds of vulnerabilities. If there’s a vulnerability in your system, you can be attacked successfully and there’s nothing you can do about it. Even if you manage to install every patch you know about, what about the vulnerabilities that haven’t been patched yet? (That same alert service listed 10 new vulnerabilities for which there is no defense.) Or the vulnerabilities discovered but not reported yet? Or the ones still undiscovered?
Good security is resilient. It’s resilient to user errors. It’s resilient to network changes. And it’s resilient to administrators not installing every patch. For the past two years I have been championing monitoring as a way to provide this resilient security. If there are enough motion sensors, electric eyes, and pressure plates in your house, you’ll catch the burglar regardless of how he got in. If you are monitoring your network carefully enough, you’ll catch a hacker regardless of what vulnerability he exploited to gain access. Monitoring makes a network less dependent on keeping patches up to date; it’s a process that provides security even in the face of ever-present vulnerabilities, uninstalled patches, and imperfect products.
CVS-based Software Release Steps.
For my main project on SourceForge, Redfoot, I’ve
developed a set of steps to follow to do a release. I’ve started using
them on all my CVS-based projects. I’d be interested in getting
feedback on the steps and what steps others follow. [Advogato]
CNET NEWS.COM – ICQ logs spark corporate nightmare.
Thousands of confidential messages between the CEO of an Internet company and top executives have been posted on the Web, stirring up a hornet’s nest of corporate intrigue and providing a rare glimpse into a dot-com as it struggled to cope with a brutal shakeout.
Last week, hundreds of pages of the ICQ instant messaging logs were posted on the Web and copied onto various sites, creating the kind of information security breach that has become one of the worst corporate nightmares of the digital age. The logs, which were apparently snatched from a PC used by Sam Jain, CEO of eFront, have nearly paralyzed his company and created a personal nightmare for Jain.
Linux-HA 0.4.9 (Stable). Heartbeat subsystem for High-Availability Linux project [freshmeat.net]
