Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
So I was messing around looking at different ways to operate a computer under total security. I found ways people were using specialized operating systems like Tails and that got me thinking, could a computer be secured by running an operating system that nobody has ever seen?
Obviously this would take a lot of work to make an OS from the ground up without any help, but would that be safe? Could having no information available about an OS make it invulnerable to attack?
P.S. I am talking about anti-hacking and anti-malware, not private web browsing.
What you're suggesting sounds a lot like security through obscurity.
Firstly, there's the issue that if you write your own operating system from ground up, it won't have exposure to close scrutiny and it's very likely you would have undiscovered exploitable bugs and vulnerabilities. A lot like cryptography, anyone can design a secure operating system that they, themselves, can't break into. Unfortunately, there's always someone in the world that's smarter than you who will be able to break in.
Secondly (and following up on the first point), the entire security of your architecture will essentially rely on the secrecy of your implementation. The moment someone manages to get a copy of your operating system or source code, you can be sure the security of your whole system will come crashing down like a ton of bricks before you can finish saying "oops". This is a very fragile defence against attack.
Lastly, there's no provable 'invulnerable to attack'. The closest thing to it is to have as many people using it as possible and hope the good guys find the vulnerabilities before the bad guys. But then you'd be back to square one since this is pretty much what most major operating systems already do.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I would like to know what Docker on VM implies regarding the performances, will I have issue ?
To me, adding a "layer" would decrease the performances. Is it right or wrong and most importantly, why ?
I want to be able to know what is the best way to deal with new projects when containers are on the line.
Thanks in advance :)
Every part of the system stack has some performance cost, but it’s probably close to immeasurable. In what you describe the cost of the VM will probably be greater than the cost of Docker, but the cost of either will be dwarfed by the cost of any database I/O you do. As always database tuning and algorithmic tuning will probably make the biggest difference.
An additional layer in a Docker image has approximately zero performance impact. It’s mildly “nicer” to have fewer layers but it doesn’t really matter that much.
If your program is in an interpreted language like Ruby or Python, or if you’re frequently starting JVMs, the performance difference from using a virtual machine or not is noise compared to the sheer overhead of these systems.
As always, the real answer is to run real benchmarks, and profile the system/application if it’s too slow. The sorts of questions you’re asking aren’t things you need to optimize for early and often aren’t things you need to optimize for at all.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I want to write a bot for 500px.com which automatically likes pictures and follows random people. Sadly I don't have a clue where to start, are there any good tutorials or something? I googled, but could't find anything useful really!
I work at 500px. We'd really rather you didn't try to game the system, it hurts the community when you do and isn't fair to other users.
I mean, I'm a developer, I get that this might just be a curiosity thing for you. Maybe you just want to see what you can do. But maybe your efforts would be better spent, say, playing with our REST API.
But if it is that you're just trying to get more exposure, I hope that you'll reconsider your strategy. Focus your efforts instead on contributing meaningful content, engaging with your fellow users, working on your craft. When you game the system, you're advancing yourself on the backs of other photographers. The more people that engage in this sort of behaviour, the harder it becomes to find meaningful content, and over time everyone suffers.
No
Your problem is concept -- you want to write a automatic function that acts as if it is a human entity. This means that even if this is desired by the company behind the http://www.500px.com website, this does come across as something impersonating a valid human user, and as such will need to face and overcome the usual challenges of such thing as filling in online forms, logins and verification methods automatically and reliably without being detected as a 'bot .
This is potentially a very significant undertaking, and not to be underestimated. By posting this question on stack overflow you're pretty much giving away that you've very likely not got the basic skill-sets required for carrying out this task.
If this task is however in partnership or for the company behind the 500px.com website, then you will have access to very specific and first hand information about the details and website code and structure they use.
Both of the above conclusions - to me - imply that you're far below the very-probably required level of knowledge and you're going about finding that knowledge in entirely the wrong way.
Instead, find a programming language of your choice and learn it inside out and upside down, then you'll have (slightly) more chance at doing something like this.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
Is it possible to get into legal trouble for identifying vulnerabilities in a web application even if you don't exploit them?
I have considered using tools like NetSparker on occasion to see if a site has any vulnerabilities and I'd like to contact the owner of the site to see if they'd be interested in me fixing it. I suspect that some of these people might get angry or misinterpret my intentions and I'm curious if I could get into any trouble for simply finding these security issues.
If you are looking for vulnerabilities in open source software or commercially distributed software and you are a US citizen you are protected by the 1st amendment. It is legal for you to write exploit code and do whatever you want (as long as it isn't selling it to terrorists/the mob). If you do find a flaw, report it to BugTraq and put it on your resume. I have racked up a lot of CVE numbers over the years and I actively write exploit code.
In Germany and France the laws are a bit different, the possession of "hacking tools" like exploit code or even NMAP can land you in jail. You might also be interested in the laws of full disclosure.
On the flip side, if you go around scanning people's web sties looking for vulnerabilities you are breaking the law and the FBI will investigate you. Do not look for vulnerabilities in random websites without the owners permission.
You shouldn't get into trouble but depending on how big of a prick and who gets embarrassed and who feels threatened you could easily turn into the next Adrian Lamo.
What one can get into trouble doing often comes down to what "they" can convince a judge. It's certainly possible that a company can see such an act as a genuine attack (the wrong person in the company gets the wrong idea and yells loud enough about it) and seek some kind of damages from you. Just remember that "being right" or "being reasonable" or "making sense" don't really mean much in the US legal system (assuming US here).
That said, as a developer I absolutely encourage vulnerability testing and reporting back to the developer for the product being tested. But, unfortunately, you should tread carefully.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
When a large system developed by Agile process requires a sudden large-scale change that affects most everything, what is the best way to go about it using Agile? Does the iterative part change at this point?
For example, what if a decision is made to make a centralized system a distributed one? Or choose another large pervasive example.
Arguably large changes should have been planned for, but it's never a perfect world which is one of the reasons Agile exists, so assume that suddenly a major change is introduced that shakes the foundation.
Edit to summarize solutions:
It's incremental all the way no matter how large or small the change may be.
"Does the iterative part change at this point?"
Never.
No matter how "pervasive" the change appears to be, you still have to work incrementally, in iterations you can manage.
You still have to prioritize the changes and make them in a way that will continue to pass unit tests and can be released when needed.
You may, for example, find that fixing 80% of the system is sufficient, and you may release. Or may be required to fix 100% of the system before releasing.
You still work incrementally. In sprints. Irrespective of when you release.
Agile has no magic answers.
There's a number of approaches :-
Plot a path of reasonably incremental changes to change the system from one archtecture to another. If you have reasonably well factored code, you should be ditching the code that is made redundant by the change and keeping stuff thats independent of the change.
Another approach if things are really different, start a parallel development of components for the new system.
Or, start new and steal as much as you can from the old project.
Depends how BIG the change really is.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
After reading E-myth Revisited, I realize that I can do a better job at making my company less reliant upon me... I spend a tremendous amount of time answering silly questions (silly to me, but necessary for my developers to get the job done).
I need to write a set of operating manuals for what to do in certain situations...
For instance:
How to make a build
How to write test cases
How to report status
How to fix a bug
How to handle support question A, B, C, etc...
What to do when you are stalled
What to do when the power goes out (really, I need to do this)
etc...
What are some useful, generic operating manuals that you can think of, for a software development company?And please, if you have some good, short, online versions that you know of, please post them. I would much rather use a starter manual and modify it for my needs, than start from scratch.
What about a wiki - at least then other people can start to contribute.
Otherwise they are just going to rely on you for the manuals
I disagree with the wiki. As the owner of the company -- it is your responsibility to write the manuals, or delegate it in a very controlled fashion. People should rely on you for the manuals.
Really though, back to the question. The obvious standards, coding, SQL, etc for your platform and programming languages. You'll be able to find examples of these anywhere on the internet. As for customer support, you should probably write that yourself, you know how you want your customers treated. As for test cases, again, you'd have expect your developers or testers to have a professional understanding of what needs to be done, you might indicate the acceptable minimums however.
What to do when you are stalled. That's what managers are for :-)
I think it boils down to writing the manuals that are unique to your business, and trying to steal or borrow manuals for the generic processes.