Pie charts


What not to code

The NSA, with contributions from, among others, :

  • CERT
  • Symantec
  • Aspect Security
  • Secunia
  • iDefense Labs at VeriSign
  • Microsoft
  • Oracle Corporation
  • Red Hat Inc.
  • Fortify Software
  • Veracode
  • Breach Security
  • Security Division of EMC Corporation
  • Apple Product Security
  • Department of Homeland Security (DHS) National Cyber Security Division

have published a list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.

Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale.

These Top 25 Errors are divided in three categories:

  • Category: Insecure Interaction Between Components (9 errors)
  • Category: Risky Resource Management (9 errors)
  • Category: Porous Defenses (7 errors)

The list will be constantly updated and augmented with resources to help combat/prevent these errors.

Full article here : http://www.sans.org/top25errors/

Full list here : http://cwe.mitre.org/top25/


Just used wordle to greate a word cloud of this blog…
Wordle: Untitled
…and my twitter atom feed…
Wordle: http://twitter.com/statuses/user_timeline/17945466.atom
Click images to zoom.


I lol’d my cat this Christmas. It’s far enough behind me now that I can talk about it openly. It’s an easy trap to fall into :
  • I was sorting out family photos
  • I came across pictures from last Christmas
  • Some of them were of my cat
  • I was weak
It’s a sad but familiar story. As part of achieveing closure on this whole sorry episode I need to come clean so here they iz (I mean here they are, dammit) :

The keys to success

There is a list here of all the keyboard shortcuts in Windows. Wow ! That’s a lot of shortcuts. I’ve been using Windows forever and I’ll admit right now I only know a fraction of those.
Speaking of keyboards, there’s a great article here about the give and take in a software project, i.e. what developers should expect to contribute and what they should expect to receive in return. In short :

What can the project do for you?

First up we have a bunch of items along the lines of “I expect — maybe demand — that management will provide me with…”

  1. Two monitors
  2. A fast PC with a crapload of RAM
  3. Choice of mouse and keyboard
  4. A comfortable chair
  5. Quiet working conditions
  6. Internet unlimited
  7. Freedom to install software
  8. The best software
  9. Good coffee
  10. Sensible working hours
  11. Separate Environments for dev, qa and production

What can you do for the project?

But it’s not all “take take take”.

The other side of the equation are items along the lines of “I am committed to ensuring that these practices are performed…”

  1. Source Control
  2. Continuous integration
  3. Track bugs
  4. Unit testing
  5. Code analysis
  6. Continual peer review
  7. Peer training
  8. Keep yourself up to date
  9. Learn to Communicate with non-technical people
  10. Refactor!
  11. Passion
It’s a good list, but go read the full article as it goes into each item in more detail and with extra funny thrown in. File under “funny but true”.
Finally, check out Favrd. It’s a tracker that maintains a feed of all the tweets from twitter that are “yellow starred” or “favourited” (that is a thing, I swear) and ranks them daily by number of stars. It’s like cutting out all the mining and just being handed the gold.

Reading between the lines

So much of what I read is on the Internet these days. Actually almost all now I think about it, and a huge percentage of that is fed, blogged, tweeted, aggregated, dugg, posted etc. Somehow reading a book (and I mean a novel here) has become a luxury activity. It’s almost a secret guilty pleasure, selfishly consuming something just for me in a completely non-interactive, non-collaborative and very non-web-2.0 way.

My novel reading rate has slowed right down. A couple of pages every other day. I’ve become like Charlie Bucket, eking out my bar of Wonka’s Fudge Mallow Whipple Scrumptious Delight one tiny, tongue-tingling morsel at a time.

Getting into and then through a whole novel is quite an investment both emotionally and in terms of time so I’ve become much more picky about which novels I read. I’m so used to skim-reading hypertext, flitting from blog to feed to wiki, two or three threads at a time, both monitors flashing. As a result the slow, single-focused, total emersion, the suspension not only of disbelief but of the whole world around me required to get into and out of a good session of novel reading is quite a wrench.

At the moment I’m reading Anathem by Neal Stephenson and by God it’s good, but still I’m pacing myself, determined not to guzzle it down and dreading the real sense of loss, bereavement even, when it’s gone.


Great/appalling web site names for fashion conscious Goths who like a good play on words :

%d bloggers like this: