Miscellaneous Software Nightmare
44 views | +0 today
Follow
Miscellaneous Software Nightmare
Miscellaneous Software Nightmare
Your new post is loading...
Your new post is loading...
Scooped by softwarenightmare
Scoop.it!

Upgrading Castle from 2.1 to 2.5 | .Net | Marcos Placona Blog

Upgrading Castle from 2.1 to 2.5 | .Net | Marcos Placona Blog | Miscellaneous Software Nightmare | Scoop.it
A post describing how to upgrade .NET Castle from 2.1 to 2.5 and what the caveats are.
more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

Security flaw in the Windows Fingerprint Reader | Remote Administration For Windows

Security flaw in the Windows Fingerprint Reader | Remote Administration For Windows | Miscellaneous Software Nightmare | Scoop.it
If you have laptops floating around that have a Windows fingerprint reader, you better take a closer look at them right now. Up until a few months ago,
more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

John Resig: The DOM is a Mess

jQuery creator John Resig stopped by Yahoo! in 2009 to visit the YUI team. While here, he gave a talk on the current state of JavaScript and DOM programming.
softwarenightmare's insight:

http://www.youtube.com/watch?v=Y2Y0U-2qJMs

more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

Tutorials, demos and projects in Ajax (XMLHTTPRequest) Programming

Tutorials and example source code for Ajax (Asynchronous Javascript And XML), used with PHP to provide a rich user experience in internet applications, using remote scripting, by updating page content without a page refresh.
more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

Coders at Work: Reflections on the Craft of Programming

Coders at Work: Reflections on the Craft of Programming | Miscellaneous Software Nightmare | Scoop.it

“The problem with object-oriented languages is they’ve got all this implicit environment that they carry around with them. You wanted a banana but what you got was a gorilla holding the banana and the entire jungle.”—Joe Armstrong


http://spin.atomicobject.com/2012/11/15/message-oriented-programming/


more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

svn - How do I return to an older version of our code in Subversion? - Stack Overflow

more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

Faut-il brûler vos certificats ?

HTTPS illusion ou gain de sécurité ?
Toutes les objections de cette première partie sur les qualités et les défauts des serveurs et surtout des clients HTTPS sontelles si graves ? Pour répondre à cette question, il faut préalablement savoir quels objectifs l’administrateur poursuit en
installant une solution SSL. Trois réponses sont affichées :
• identifier les utilisateurs dotés de certificats
• contrer la menace de la mise en place d’un faux serveur. Cette attaque est peut probable car elle demande
préalablement d’installer de fausses informations dans le DNS puis l’installation d’un faux serveur à l’apparence
crédible mais qui serait facile à détecter
• contrer la menace du « reniflage » des mots de passe
Le premier objectif est très difficile à atteindre sauf dans des communautés réduites d’utilisateurs car le déploiement de
certificats personnels est une véritable gageure. Notre expérience au sein de la communauté des RSSI ou des correspondants
logiciels d’établissement, bien ciblée sur une population d’informaticiens et d’experts sécurité montre de très grosses
difficultés et un besoin d’assistance important. La menace du faux serveur est surtout théorique, de plus un certificat ne
saurait nous protéger contre le détournement d’un nom de domaine dans un autre « top level domain » . Exemple le serveur
de JRES est-il www.jres.fr, www.jres.org, jres.edu ou www.jres.info ?
C’est donc bien le chiffrement de la session HTTP qui est la raison du succès de HTTPS. A cet égard, un certificat serveur
auto-signé est tout à fait suffisant.
Dans la sphère des serveurs commerciaux, nombre d’administrateurs affichent fièrement l’emploi de session SSL comme un
véritable label de sécurité du serveur. En effet, les utilisateurs ont vite fait l’amalgame entre un « serveur sécurisé » et une
« session sécurisée » vers un serveur qui peut-être contient lui-même de nombreuses failles et accueille quelques pirates. A
défaut d’une politique de sécurité, le chiffrement des sessions HTTPS peut n’être qu’un gadget.

more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

X.509 Style Guide Peter Gutmann

Click here to edit the title

softwarenightmare's insight:

, pgut001@cs.auckland.ac.nz October 2000 [This file is frequently cited as a reference on PKI issues, when in fact it was really intended as X.509 implementation notes meant mostly for developers, to tell them all the things the standards leave out. If you're looking for a general overview of PKI that includes most of what's in here but presented in a more accessible manner, you should use "Everything you never wanted to know about PKI but have been forced to find out", http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf, a less technical overview aimed at people charged with implementing and deploying the technology. If you need to know what you're in for when you work with PKI, this is definitely the one to read. Further PKI information and material can be found on my home page, http://www.cs.auckland.ac.nz/~pgut001/].

more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

We got hacked | Plumbr blog

We got hacked | Plumbr blog | Miscellaneous Software Nightmare | Scoop.it
Two weeks ago we got hacked. Which was something we have anticipated for the long time - after all, you cannot expect to run a reasonable business and not be a target of some malicious attacks.
more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

True OAuth Confessions, or Why My Hand-Rolled Calls All Blew Chunks - kentbrewster.com

more...
No comment yet.
Scooped by softwarenightmare
Scoop.it!

A Simple TODO list using HTML5 IndexedDB - HTML5 Rocks

You've got to be kidding. It's a joke, right? This is the state of the art in databases? No, it's a bunch of children recreating database assembly code from the 1960's. This is awful, awful stuff.

more...
No comment yet.