Radium_ - Slashdot User

Submission + - Interview: Linus on Linux (linuxfr.org)

Submitted by

Radium_

on Thursday May 05, 2011 @11:16AM

Radium_ writes: "Along with the 20th anniversary of the release of the 1st Linux kernel, Linuxfr -a french speaking Linux website- published an interview of Linus Torvalds. The creator of Linux answers questions about Linux kernel licensing, his contributions to the kernel development model and Linux in 2031."

Comment This will change nothing in the long run (Score 2, Insightful) 129

by Radium_ on Thursday April 09, 2009 @09:53AM (#27517583) Attached to: French Assembly Rejects Three Strikes Bill

Don't fool yourself, this (temporary) rejection was only possible because some of the left wing party sneaked at the last minute to vote AGAINST the proposal. There were not enough right wing (government) politicians in the assembly to vote for it and the text was rejected.

This, however, changes NOTHING in the long run: despite being a stupid, non-applicable, lobbied-by-the-SACEM*-to-maintain-the-outdated-cash-machine, this law *will* be accepted in the end, since the government has enough of its own members of the Assemblee Nationale to vote for it, regardless of what the other "deputes" do.

When this stupid law is effective everybody loses, except maybe for recoding companies which will be able to seat for 20 more years on their obsolete business plan.

Comment Focus on the methodology rather than the company (Score 1) 93

by Radium_ on Sunday January 11, 2009 @08:01PM (#26411273) Attached to: Best Security / Vulnerability Testing Firms for Web Apps?

I do not think anyone can recommend the "best" company as the criteria for "best" depend on your business needs.
That being said, I would recommend sending a request for proposal (or call for tender, I never know the correct name for this) to 5 companies with local offices so you can meet the ethical hackers if needed. This is good to avoid relying on a bunch of "not so white hackers" with little knowledge of collateral damages and potential impact of the pentest on the information system.

Make sure the intruders do not rely on automated tools. I have seen Eeye/ISS reports labelled as actual pentests reports, sold at pentest prices. A good pentest on a 3/3 application requires at least 8-10 days from my experience. These figures should be adapted to the complexity of the infrastructure of course.

I would also ask for information regarding
- system tests vs application tests. The latter cannot be automated to be effective, but both are necessary for a pentest to be meaningful
- the pentest methodology (do they have anything set or do they do it "as they feel" for each project),
- audit trails gathering (all traffic between the pentest lab and your information system should be archived)
- alert processes (what should they do if a critical vulnerability is discovered) and so on

Many companies with little knowledge of professional penetration testing sell intrusion services, from my point of view it is your job to select the best one, nobody on Slashdot can do that for you.

Why "Vista" Nick White Left Microsoft 130

Posted by ScuttleMonkey on Friday April 04, 2008 @05:29PM from the spinning-the-spin-control dept.

An anonymous reader writes "Earlier this week Nick White, Product Manager for Windows Vista and blogger at WindowsVistaBlog, announced that he was leaving Microsoft. Geek.com previously interviewed Nick about what SP1 for Vista was all about, so they sat down with him yesterday to get the details behind his departure, his proudest moments at Microsoft, a few regrettable moments, and more."

Slashdot Top Deals