lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dufresne at winternet.com (Ron DuFresne)
Subject: Windoze almost managed to 200x repeat 9/11


	[SNIP]

> > 2> considering "how often" you seems to run into this same issue with
> > other coders in the windows realm, windows coders tend to be especially
> > lazy/clueless as compared to coders in other OS'
>
> This is possibly true, but you may well find that this correlated back
> to the whole usage of WYSIWYG OS and design tools and the general non
> "tech" nature of the average windows user. It is also possible that
> the IDE in use can also contribute to reduced reading of proper API
> documents which leads to errors of this sort due to their ease of use
> and a lack of attention to detail on the programmers side. Poor
> quality assurance practices are what leave this kind of error
> unnoticed (least we not forget however that this error WAS noticed and
> documented).

And yet relied upon a reboot of the system to correct, large gamble here,
it's not that uncommon for a system to *not* recover from a reboot, and
murphy's law is seriously implied, even of the systems were redundant.

Yet, and I must admit, my post in this thread was kind of a ringer, damned
if you do, damned if you don't.  But, I'm surprised at how quickly folks
are latching into my assertion that windows coders might not be up to the
task, especially in mission critical and life on the line systems.  the
implications are strong here that systems either mission critical or where
lives are on the line should not be tasked to an env whence the folks
'behind the sceens' are likely to not be up to the task.

and this goes hand in hand with the advice I have been giving to my
present employer on web hosting; do not put your most visible and critial
sites on an OS not only prone to issues due to it's imaturity, but, also
one so easily targetted for exploit that your most visible and high
profile sites are going to be sploited and defaced...the flaw in most
these cases is that mgt only understand point and click and ease, and has
troubles wrapping the brainpower upon the concept of durable resistance
and experience being a critical factor.


I think of all the asertions I made after reading this thread, this was
the most damaging one for annyone to agree to a level of correctness on...

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ