Skip to main content

Posts

Showing posts from March, 2015

Cynical bugger that I am...

I can be a little cynical sometimes though going through the morning news it seems there's been a couple of rather heartwarming moves by a some  of our overlords today... Microsoft to require suppliers to provide paid leave to workers  (though Bill doesn't look too happy in the photo he's got my respect for the work of the Gates Foundation ). Apple boss Tim Cook 'to donate millions' to charity  (and he can pay my sons university fees if he wants to as well!). I suspect the shareholders of neither MS or Apple will care much though as it doesn't really affect them and there's a long way to go yet to address the inequality but... oops, there goes my cynicism again... :)  

Security Vulnerability Review

Secunia have released an interesting report on the number of vulnerabilities found across various products. There's much talk about MS and non-MS products which kind of makes sense from a Windows perspective but the report also contains a list of "20 core products" with most vulnerabilities identified in 2014. Trouble is the report doesn't specify where and how this "core" list was compiled; contrary to the 50 portfolio products which is based on the Secunia client running on Windows devices. If it's the same Secunia client - and I suspect it is since the number of vulnerabilities match for those products in both lists where I would expect some potential variance (Chrome on Windows v OSX for example) - then it's rather odd that OSs such as Oracle Solaris and Gentoo Linux crop up... Hypervisors perhaps... Another shocking thing for me was the number of IBM products in that top 20; 8 out of 20! Really? 40% of the products with most vulnerabilities are

Session Abolition

I've been going through my bookcase; on orders from a higher-being , to weed out old, redundant books and make way for... well, I'm not entirely sure what, but anyway, it's not been very successful. I came across an old copy of Release It! by Michael T. Nygard and started flicking through, chuckling occasionally as memories (good and bad) surfaced. It's an excellent book but made me stop and think when I came across a note reading: Serve small cookies Use cookies for identifiers, not entire objects. Keep session data on the server, where it can't be altered by a malicious client. There's nothing fundamentally wrong with this other than it chimes with a problem I'm currently facing and I don't like any of the usual solutions. Sessions either reside in some sort of stateful pool; persistent database, session management server, replicated memory etc., or more commonly exist stand-alone within each node of a cluster. In either case load-balancing is needed