Steve Jones - SSC Editor (9/20/2016)

---

roger.plowman (9/20/2016)

---

No, no small releases to new systems (other than bug fixes, of course).

The reason I say this is that new systems are not known...

Gary Varga (9/20/2016)

---

roger.plowman (9/20/2016)

---

...I do like the idea of small releases (1 small feature, maybe) but even then that applies to a long standing system that's largely already stable. It...

Gary Varga (9/20/2016)

---

The mistake is that people are trying to do too much too quickly. Small...

Haste makes waste.

Yes, it's good to issue a *fix* rapidly. However, I am profoundly unimpressed with the "we gotta release it every X months or we're toast" mentality when it...

This one is "convenience over security" to me, not to mention feature creep.

xp_cmdshell really is a kind of a bad idea from an architectural standpoint, isn't it?

I mean the...

sknox (8/23/2016)

---

roger.plowman (8/23/2016)

---

sknox (8/23/2016)

---

roger.plowman (8/23/2016)

---

ANSI_WARNINGS are basically concerned with Null values (ignoring the divide by 0 issue which is really a seperate one). I believe the better solution is never...

sknox (8/23/2016)

---

roger.plowman (8/23/2016)

---

ANSI_WARNINGS are basically concerned with Null values (ignoring the divide by 0 issue which is really a seperate one). I believe the better solution is never allowing Nulls...

ANSI_WARNINGS are basically concerned with Null values (ignoring the divide by 0 issue which is really a seperate one). I believe the better solution is never allowing Nulls in data...

One of the best defenses (if you can actually use it) is a *perfect* defense.

Don't store information you don't need, ESPECIALLY personally identifying information. After all, you can't reveal what...

Mononymics are fairly straightforward as far as I'm concerned.

The mononymic would go in the given/first name and "N/A" would go in the family name.

Also, nulls are abominations, since you...

Steve Jones - SSC Editor (8/1/2016)

---

LastPass had an issue, but not incredibly unsecure. The issue was patched quickly.

It's not game over if your password manager is compromised. It's no worse...

ddodge2 (8/1/2016)

---

Check out LastPass at https://lastpass.com/

Steve Gibson & Leo Laporte

July 10, 2010

Entire - https://www.youtube.com/watch?v=r9Q_anb7pwg (Starts around 2nd hour)

Mercifully, someone broke it into reasonable chunks:

Part 1 - https://www.youtube.com/watch?v=sLejIcOYk3o

Part 2 - https://www.youtube.com/watch?v=9n7n2P7tgbo

Part...

The problem *isn't* passwords--the problem is mutually exclusive problem domains.

We are asking our login/authentication/identification/etc procedures to do mutually exclusive things.

1. Be easy to use

2. Identify the user (remotely!)

3. Authenticate the...

Steve Jones - SSC Editor (7/20/2016)

---

roger.plowman (7/20/2016)

---

Cloud security is an oxymoron.

Those who say cloud security problems will be solved are actually saying "The Cloud can't be trusted yet".

I would...

Cloud security is an oxymoron.

Those who say cloud security problems will be solved are actually saying "The Cloud can't be trusted yet".

I would go further. One critical concept in...