Nice catch. That must be the most obscure bug I've ever heard of.
I blame communism.
Nice catch. That must be the most obscure bug I've ever heard of.
I blame communism.
@Mr. Gibbons said:
If you have the source code, you have the key (though can still be argued), if you get a packet capture session or an admin's web history you get the key too, which is no different as if the number in the URL was replaced by a key passed in the URL :)
I'm not sure I see what you're getting at. It's entirely possible to create a system which remains secure even when a hacker gets a packet capture session or a web history. I'd argue that anything less than that suffers from security through obscurity issues.
@Mr. Gibbons said:
And why you assumed the magic number would be in the source code? Maybe it is stored in .htpasswd.
Valid point. I guess I assumed that anyone who would think of encrypting the magic number would take the time to make a proper login mechanism :)
Those scans showed up in my inbox a couple of years ago. Nice.
The maximum speed limit in New Zealand is 100km/h, though a good percentage of the population tend to drive open roads at about 110 to 120.
As a nation, we're fairly obsessed over road safety. "The road toll" is a popular phrase on the 6 o'clock news, and every holiday season we get a nightly bodycount, along with a comparison to last year's figures for the same period. Every year the Land Transport Safety Authority spends a couple of million dollars on ads showing people dying horribly in car accidents. It's all a bit morbid, really.
Police can fine you for anything over the speed limit, forty over and you lose your license. Usually they'll let you off with up to ten k's over the limit, though from time to time, when this year's road toll isn't as good as last year's, the government will have them enforce a "zero tolerance policy", where the police will fine you for anything over the limit. IMO, all this does is create a general resentment towards law enforcement. Getting done for 101 kind of sucks.
Interestingly, a technicality means that police officers can't give you a fine unless they're wearing their hat.
What about WTF code written by professors? Here is compiler written by one of our professors, intended to parse a simple language "PL/0" into a mockup assembly language. Our assignment was to add a couple of language constructs of our choosing.
He's an excellent professor, just not a very good lecturer.
Kerckhoffs' law: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
In this case, if I have the source code, a packet capture session, or an admin's web history (amongst other things) the system becomes compromised. This is definitely security through obscurity, though definitely not as bad as the controlpanel.php?loggedin example.
I think you scared everyone away. She looks about ready to go for the jugular.
Interesting. I would have said that in the real world the project requirements can't be expected to remain static for several months at a stretch. But of course, every project is different.
At a first glance, agile methods look a lot like cowboy programming. So naturally, people will use the phrase to hide the fact that they're just cowboys. Which, in turn, makes agile methods look more like cowboy programming, since a lot of it just is. If someone using "agile methods" tells you that it requires no design basically, they are cowboys. Do not confuse them with dedicated agile programmers. Agile methods rely on very good design in the short term to enable good design to emerge in the long term. This is not the same as just winging it.
And of course, there are the people who just plain do it wrong. As you say, peer programming is a practise not used often enough. People have this idea that it's just a fringe concept of agile methods. It's not. It's an integral part of the process, along with ownerless code, that ensures code remains at a standard where self-documentation is viable.
Basically, agile methods will only work if you take them seriously.
You know what I think? I think agile is getting such a bashing here because peer programmers don't surf the net when they're supposed to be coding :)
I don't quite get where the "agile will fail" camp is coming from. Agile can and has succeeded, sometimes spectacularly. To state your position so absolutely is simply wrong. Equally, to suggest that spiral dev was "perfected" in the 70s is a misnomer. I'm not saying spiral isn't good (the sheer volume of spiral products in the wild attests to that) but it's not perfect. Spiral dev will still fail, especially if you take the approach "spiral dev is perfect, if I use spiral nothing will go wrong".
Exactly the same thing can be said of agile methods, though. I'd agree with just about every negative comment made about agile dev in this thread, but I still use agile methods. The important thing is to recognise and avoid all the common mistakes associated with your chosen dev method.
Some things I like about agile:
@ammoQ said:
A link about the Iran Oil Bourse etc.
Fascinating. Assuming that article is astute (a better assumption than trusting my own uneducated opinion), what bothers me is this:
@article said:
At this stage, only a direct and immediate action on the part of the US administration aimed at preventing a military confrontation with Iran on the one hand, and at giving up the idea to monetarise the US foreign debt on the other hand, could change the course of events. For LEAP/E2020 it is obvious that not only such actions will not be initiated by the current leaders in Washington, but that on the contrary they have already chosen "to force the destiny" by shirking their economic and financial problems at the expense of the rest of the world.
Why? LEAP/E2020 seem fairly convinced that this course of action leads to a massive collapse of the US economy. The US administration must surely be aware of these consequences. So what's their motivation for "forcing destiny"? Do they know something LEAP/E2020 doesn't?
Dunno where it was first posted on these forums, but the quote is originally from a Simpsons episode. Reiner Wolfcastle gets swept away by a bunch of toxic waste and screams the line in a thick Austrian accent. Dunno if you knew that or not, but, you know, FYI.