Balancing Security

3. October, 2014

For your IT security, you want

  • Security
  • It must be cheap
  • And comfortable

Now choose at most two.

As always in life, everything has a cost. There is no cheap way to be secure which is also comfortable. Home Depot chose “cheap” and “comfort” – you’ve seen the result. Mordac would prefer “secure” and “cheap“.

Those example show why the answer probably is “secure” and “comfortable”. Which means we’re facing two problems: “cheap” is out of the question and the two contradict each other. Secure passwords are long, hard to remember, contain lots of unusual characters (uncomfortable the first time you travel to a different country – yes, people there use different keyboard layouts). Turns out there is a “cheap” part in “comfortable”.

Taking this on a social level, the price for security is freedom. To quote Benjamin Franklin: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” I don’t know about you but I feel bad about terrorists dictating us how much of our freedom we have to give up.

In a similar fashion, you can either punish criminals or prevent future crimes but you have to choose one. We have learned through bad experience (witch hunts, flaws of the US penal system) or good (like the Norwegian system) that punishment doesn’t always help nor does it make victims happy. Which leaves us with the only conclusion: We, as a society, pay money to prevent future crimes because that’s the most reasonable thing to do.

Even if it leads to people mistakenly attribute modern penal system as “holiday camps.”


150K on stackoverflow.com

19. September, 2014

Just noticed that I have 150,225 reputation on stackoverflow.com.

Yay ^_^

 


Tonematrix

6. August, 2014

Tonematrix is small toy written in Shockwave Flash that gives you a simple way to experiment with sound.

Click these links for a couple of examples:

Hopper

Waterdrops

Nervous


CameraSim: Ego Shooter With a Camera

29. July, 2014

To help people to learn how to make good photos (and what lighting, distance, focal length, aperture, ISO, etc. means), Jon Arnold created a game called “CameraSim” that looks a lot like an ego shooter. But instead of enemies, you have several stages where you can shoot photos.

Gamification for the win!


Avocados

19. July, 2014

Not yet

Not yet

Not yet

Not yet

Not yet

EAT ME NOW

TOO LATE!

- Avocados

Original


Good Introduction to Threads and Shared Data Structures

20. June, 2014

Soon, we’ll have computers with 1024 cores but that won’t help unless software developers write code that make use of them.

To do that, you need a fundamental understanding on how threads work and what parallel algorithms are and what the real-world problems might be.

Dmitry Vyukov has created a web site “1024cores” which gives you both an introduction to the basics (what are we talking about? which tools to we have? what is a memory model and why should I care?) as well as some practical algorithms like concurrent skip lists with detailed descriptions of the problems that you will encounter and how to fix them.

If you want to know what the discussion is all about or if you want to polish your knowledge or if you need a specific solution, this is a good place to start :-)


YouDebug, the Non-interactive Debugger

7. May, 2014

“Non-interactive” and “debugger” seem to be contradictory but bear with me. YouDebug is a tool which allows you to debug a running Java application with a script.

How could this be useful? From the website:

[…]your program fails at a customer’s site with an exception, but you can’t (or don’t want to) reproduce the problem on your computer[…]

Sounds like a familiar problem: Customer has a problem but they can’t give you access for security, legal or technical reasons. You can’t go there (too far away) of even if you could, security won’t let you touch anything.

In a nutshell, YouDebug is a debugger that is controlled by a Groovy script:

breakpoint("com.acme.SubStringTest",7) {
  println "s="+s;
}

This sets a breakpoint in line 7 of “SubStringTest” and then prints the value of the local variable “s”.

Granted, it’s more time-consuming then doing it yourself (and you may need several attempts to get at the bottom of things) but you don’t have to install an IDE at your customer site, you don’t have to bring the source code along and technically, the customer is already running code that you wrote so from a legal and security point of view, this isn’t much different.


Follow

Get every new post delivered to your Inbox.

Join 341 other followers