Forgot your password?
typodupeerror

Comment: Different use case than standard RPI (Score 5, Informative) 51

by Radium_ (#46685709) Attached to: Raspberry Pi Compute Module Release

As discussed on the Raspberry forum, there is some integrated memory, but no USB or Ethernet are present.
Liz from the RPI foundation writes that "there’s much more IO, so you can add your own . The idea here is that it’s the barest minimum, so folks working on industrial applications can add the ports and extra connectivity they need."

Linux

+ - Interview: Linus on Linux->

Submitted by
Radium_
Radium_ writes "Along with the 20th anniversary of the release of the 1st Linux kernel, Linuxfr -a french speaking Linux website- published an interview of Linus Torvalds. The creator of Linux answers questions about Linux kernel licensing, his contributions to the kernel development model and Linux in 2031."
Link to Original Source

Comment: This will change nothing in the long run (Score 2, Insightful) 129

by Radium_ (#27517583) Attached to: French Assembly Rejects Three Strikes Bill

Don't fool yourself, this (temporary) rejection was only possible because some of the left wing party sneaked at the last minute to vote AGAINST the proposal. There were not enough right wing (government) politicians in the assembly to vote for it and the text was rejected.

This, however, changes NOTHING in the long run: despite being a stupid, non-applicable, lobbied-by-the-SACEM*-to-maintain-the-outdated-cash-machine, this law *will* be accepted in the end, since the government has enough of its own members of the Assemblee Nationale to vote for it, regardless of what the other "deputes" do.

When this stupid law is effective everybody loses, except maybe for recoding companies which will be able to seat for 20 more years on their obsolete business plan.

Comment: Focus on the methodology rather than the company (Score 1) 93

by Radium_ (#26411273) Attached to: Best Security / Vulnerability Testing Firms for Web Apps?

I do not think anyone can recommend the "best" company as the criteria for "best" depend on your business needs.
That being said, I would recommend sending a request for proposal (or call for tender, I never know the correct name for this) to 5 companies with local offices so you can meet the ethical hackers if needed. This is good to avoid relying on a bunch of "not so white hackers" with little knowledge of collateral damages and potential impact of the pentest on the information system.

Make sure the intruders do not rely on automated tools. I have seen Eeye/ISS reports labelled as actual pentests reports, sold at pentest prices. A good pentest on a 3/3 application requires at least 8-10 days from my experience. These figures should be adapted to the complexity of the infrastructure of course.

I would also ask for information regarding
- system tests vs application tests. The latter cannot be automated to be effective, but both are necessary for a pentest to be meaningful
- the pentest methodology (do they have anything set or do they do it "as they feel" for each project),
- audit trails gathering (all traffic between the pentest lab and your information system should be archived)
- alert processes (what should they do if a critical vulnerability is discovered) and so on

Many companies with little knowledge of professional penetration testing sell intrusion services, from my point of view it is your job to select the best one, nobody on Slashdot can do that for you.

Windows

Why "Vista" Nick White Left Microsoft 130

Posted by ScuttleMonkey
from the spinning-the-spin-control dept.
An anonymous reader writes "Earlier this week Nick White, Product Manager for Windows Vista and blogger at WindowsVistaBlog, announced that he was leaving Microsoft. Geek.com previously interviewed Nick about what SP1 for Vista was all about, so they sat down with him yesterday to get the details behind his departure, his proudest moments at Microsoft, a few regrettable moments, and more."

Save the whales. Collect the whole set.

Working...