Slashdot videos: Now with more Slashdot!
Passcode speaks to security experts like Joe Weiss, who claims to have a list of around 400 incidents in which failures in software and electronic communications lead to a failure of confidentiality, integrity or availability (CIA) — the official definition of a cyber incident. Few of them are considered cyber incidents within critical infrastructure circles, however.
His list includes some of the most deadly and destructive public sector accidents of the last two decades. Among them: a 2006 emergency shutdown of Unit 3 at the Browns Ferry nuclear plant in Alabama, the 1999 Olympic Gas pipeline rupture and explosion in Bellingham Washington that killed three people and the 2010 Pacific Gas & Electric gas pipe explosion in San Bruno, Calif., that killed eight people and destroyed a suburban neighborhood.
While official reports like this one about the San Bruno pipeline explosion (http://www.cpuc.ca.gov/NR/rdonlyres/85E17CDA-7CE2-4D2D-93BA-B95D25CF98B2/0/cpucfinalreportrevised62411.pdf) duly note the role that the software failure played in each incident, they fail to characterize them as 'cyber incidents' or note the cyber-physical aspects of the adverse event.
Weiss says he has found many other, similar omissions that continue even today. One obstacle to properly identifying such incidents is that the popular understanding of a cyberincident borrows too much from the information technology industry, which focuses on malicious actors and software based threats operating in traditional IT environments. “In the IT world, ‘cyber’ is equated with malicious attacks,” Weiss said. “You’re worried about a data breach and stolen data, or denial of service attacks.”
Weiss argues that applying an IT mindset to critical infrastructure results in operators overlooking weaknesses in their systems. “San Bruno wasn’t malicious, but it easily could have been,” Weiss notes. “It’s a nonmalicious event that killed 8 people and destroyed a neighborhood.”"
Link to Original Source
Programmers familiar with the language and its community may recognize the author's name, because he is the creator of PHP The Right Way, a website which he describes as "an easy-to-read, quick reference for PHP popular coding standards, links to authoritative tutorials around the Web and what the contributors consider to be best practices at the present time," in 21 different languages.
Yet rest assured that the book under review is not merely a dead-tree version of the website. Instead, the book covers the more recent advancements within the language, while the website covers best practices and standards. This should be borne in mind, otherwise the reader may be baffled by the absence from the book of certain topics on the website essential to the language, such as SPL, PEAR, and PHPDoc. Moreover, of the topics shared between the book and the website, the information is generally organized quite differently, with more example code in the book.
This title was published on 1 March 2015, under the ISBN 978-1491905012, by O'Reilly Media, who kindly provided me with a review copy. Its material is presented in 268 pages, organized into 13 chapters (The New PHP; Features; Standards; Components; Good Practices; Posting; Provisioning; Tuning; Deployment; Testing; Profiling; HHVM and Hack; Community), which are grouped into three parts (Language Features; Good Practices; Deployment, Testing, and Tuning) — as well as two appendices (Installing PHP; Local Development Environments) and an index. The publisher's page does not offer much of interest. However, all of the example code is available from the book's GitHub repository. There are differences between the GitHub code and what is printed in the book, e.g., a baffling require 'vendor/autoload.php'; in the first example code file. The author claims that the reader does not need to know PHP, but at least "a basic understanding of  fundamental programming concepts" (page xiv). However, anyone without at least intermediate skills and experience with PHP could conceivably struggle with these more advanced subjects.
The first chapter is only a brief overview of the history of PHP, its current state, and some possible future changes to the language's engine. The real content starts in the second chapter, in which the author gives the reader a fast-paced introduction to his seven favorite major new features in PHP: namespaces, class interfaces, traits, generators, closures, Zend OPcache, and the built-in HTTP server. In some regards, the coverage is a bit too fast-paced, as some topics and questions likely in the reader's mind are not addressed — for instance, namespace case-sensitivity and techniques for ensuring that a chosen namespace is globally unique (page 9). For each topic, its purpose and advantages are explained, and sometimes illustrated with code examples, although none are extensive.
The second part of the book opens with a chapter on some of the new standards in the PHP ecosystem that are intended to move the common development process from a reliance upon one isolated framework, with an idiosyncratic coding style, to distributed components that can interoperate through the use of interfaces, industry-wide coding standards, and the use of autoloaders for finding and loading classes, interfaces, and traits at runtime. Components are covered in more detail in the subsequent chapter, as is Composer, for installing components and managing dependencies. The fifth chapter is a lengthy but information-packed exposition of numerous best practices regarding input data sanitization, password handling, dates and times, and safe database queries, among other topics. Some of the advice can be found in other PHP books and online, but all of this is neatly explained, updated with the newer PHP versions, and worthwhile as a refresher.
Deployment, testing, and tuning are the broad subject areas of the third and final part of the book. The author discusses the options for hosting your PHP applications, as well as provisioning any self-managed web server and tuning a server for optimal performance. All of the instructions assume you are using Linux and nginx, and thus would be of less value to those using Windows or Apache, for instance. The material on application deployment is relatively brief, and focuses on use of the Capistrano tool. Testing is often neglected in real-world projects, but certainly not in this book, as the author explains unit and functional testing, illustrated through the use of PHPUnit. This is followed by information on how to use a development or production profiler to analyze the performance of your application, with detailed coverage of Xdebug and XHProf, among other tools. The next two chapters dive into topics related to the (possible) future of PHP — specifically, Facebook's HHVM PHP interpreter and their Hack derivative language. The final chapter briefly discusses the PHP community. The two appendices explain how to install PHP on Linux or OS X for commandline use, and how to set up a local development environment. The author mentions a free edition of Zend Server, but the vendor page mentions no such pricing.
Despite its technical subject matter, this book is not a difficult read. The author's writing style is usually light and friendly, especially in the preface. In a few places, the phrasing is a bit too terse, which might prove momentarily confusing to some readers, e.g., "Function and constant aliases work the same as [those of] classes" (page 11). The text has some errata (aside from the two, as of this writing, already reported): "curl" (pages 15, 220, and 222; should read "cURL"), "a an argument" (page 33), "Prepared statement [to] fetch" (pages 99 and 100), "with [the] php://filter strategy" (page 110), "2 Gb" (page 129; should read "2 GB"), "the the" (page 154), "path to a the code" (page 176), and "Wordpress" (page 190; should read "WordPress").
One weakness with the book is that for several of the topics — including some critical ones — there is not enough detailed information provided that would allow one to begin immediately applying that technique or resource to one's own coding, but instead just enough information to whet one's appetite to learn more (presumably from another book or a website). Secondly, some of the narrative — particularly near the end of the book, when discussing various tools — would be of less value to anyone not developing analytics environment. Beware that some of the tools require numerous dependencies. For instance, do you have Composer, Git, MongoDB, and its PHP extension installed? If not, then you won't be using XHGUI. Also, some of the installation and configuration steps are quite lengthy, with no details provided for troubleshooting issues that might arise. Lastly, despite the promise that any reader with only basic programming knowledge will be able to fully understand the book, such a reader would likely find much of its contents mystifying without further preparation from other sources.
Nonetheless, the book has much to offer, despite its slender size. Numerous resources are recommended — most if not all apparently vetted by the author, who clearly has considerable experience in this arena. Some valuable techniques are presented, such as those instances in the text where the author shows how to use iteration on large data sets to minimize memory usage. In addition, the example code demonstrates that the author has made the effort to produce quality code that can serve as a model to others. Modern PHP does a fine job overall of explaining and advocating the newer capabilities of PHP that would attract developers to choose the language for building state-of-the-art websites and web applications.
Michael Ross is a freelance web developer and writer."
I have visited a few of the major players' websites. They seem (mostly) similar in prices and services. I have also seen both positive and negative reviews for those companies. I am concerned about being locked in, or surprised with hidden fees. (I paid $75US for a year of service in 1999, now it is only $10.99US?)
Which is the most trustworthy company to use for registration? Which ones have hidden fees or privacy problems?
— Black & Decker
— Some random store brand
— Unlisted choice
— Manual tools all the way"
I'd prefer something a bit less bulky than the G15, which has an area at the top for media controls and a tiny screen. I don't mind a thicker bottom bezel so much. I'm not a huge fan of ergonomic/split keyboard, but if you know a really excellent one, I wouldn't rule it out. Same with mechanical keyboards — love the action, but the noise is an issue. I don't need any particular bells and whistles, but don't mind them. As for a budget... as I said, it's for a heavy-use machine, so I don't mind investing in something. (That said, if I'm spending $150+, it better automatically make sure all my semicolons are in the right place.) So, what keyboard has served you well?"
Link to Original Source
I've been working with Linux and in a lower extent Windows setups for 10 years now. During most time of my career I've been involved with IT consulting firms. Last year I've joined a retail store company that was in dire need of someone with good debugging skills. Their team is awfully unskilled and during the course of the year I was able to improve a lot of their network and server systems including automation, backups and restore strategies, complicated image deployment strategies and so on. I've also worked in improving the performance of their database and ERP systems and solved every fucking problem they’ve thrown at my direction including some they didn’t really knew they existed. The company office was a great bazaar and overall fun to work and comfortable to boot because their needs were always simple for someone with my skills so in the end I would always blow their minds with the results. I should note that I never have problem with knowledge sharing and documentation.
But recently the managers were replaced and the new guys don't seem to like me. They are pushing for ITIL doctrine on the IT department (and the whole company afterwards). For starters they keep pushing me administrative tasks that I'm not really fond of like keeping in touch with our suppliers and managing project dependencies so I’ve been spending more time attending meetings and mailing people than typing on a terminal. I've heard somewhere that the cult of ITIL somewhat hates the "hero culture" and people like me are not really healthy for their dogmas and I’m considered a “risk". I feel that even as I have so much that I can do for the company I'll probably be cockblocked by their new "project management" department and whatnot.
As this is happening it seems that people on the IT consulting firms really like my job and there are plenty of oportunities around. I know many slashdoters like me that are more experienced have encountered similar situations. Do ITIL really creative and skilled people? Is my kind doomed to oblivion and I’ll face stuff like this anywhere I go?"
I want to suggest something like an issue tracker. It would have to work for tasks both large (year-long investigations) and small (arranging catering for a meeting).
The issue trackers I'm familiar with with are too software-development-oriented, or make too many assumptions about your "agile" religion. Are there any good options for non-engineers?
They use mainly Windows and have iPads. I don't like web-based tools, but that might work better for them because they don't have administrative privs on their machines. Something that also incorporates a wiki might be nice. There will be resistance if it's not really easy to use."
The federal program, called TechHire, will get its money from H-1B visa fees, and the major users of this visa are IT services firms that outsource jobs."
Link to Original Source