Yeah, especially since MS *DID* in fact release 8.1 RTM to developers early. So the question posed in the article is based on a false premise.
WTF? Are you really just this stupid? What exactly do captcha's have to do with password brute forcing?
Nothing, idiot. So STFU.
The hardest thing programmers have to do is think like non-programmers. Or maybe even think like someone other than them.
None of these things are rocket science. Some of them are computer science, but that's kind of the point.
Programmers are typically forced to develop software to demanding schedules which leave no room for the things in the list. They CAN do those things, they are just never given the time to do them.
Yes, many programmers won't do them even if given the time, or will goof off if given the time until they have to write crap code to meet the deadline, but that's a different story. Or maybe not.
The hardest thing a programmer has to do is Think like someone else, Not goof off when you think you can get away with it, and to push back to have the time to do the things that are necessary to write AND MAINTAIN good code.
Of course, circumstances vary. The difference between a startup succeeding and failing may in fact require being first to market with crap code. But at some point, you have to pay back the technical debt you build up.
Ok, so lets add that to the list as well.
Oh, and making end users understand the impact of their crazy changes.
How exactly is it a "comprehensive analysis" if it ignores dictionary attack strength?
How is it "comprehensive" if it ignores the fact that an attack can be crafted specifically for this technique?
All it discusses is brute force, which is pointless beyond a few characters.
You should read your own links moron.
Usernames are not passwords. They're brute forcing usernames (which tend to have a much smaller keyspace because they usually have limitations on what they can contain, and they are usually case-insensitive) and likely using dictionary attacks for passwords.
None of your links say otherwise.
The prompt also had a link to skip logging in. You should pay more attention.
Ummm... How can you on one hand talk about your giddiness of moving to Git, and then complain about how things aren't accessible in VS? You have to drop to the git command line for a lot of things...
TFS does bug tracking. If they're not using it, that's their fault. It has change set integration (tying work items to changesets), and agile templates, although they're pretty out of date as agile has come a long way_
VS 2010 and TFS 2008 are dated, but they give you the tools you need. Bugzilla and Trac may have more features, but that comes at the cost of ridiculously complex interfaces which mere mortals can't figure out how to use (non-developers).
TFS has a web interface to allow end users to enter bugs, and there's a stand-alone client if they want to use that.
There are also tons of tools to integrate with more featureful tools like Jira and Trac, so you can map workitems and changesets, etc..
This isn't meant as a sales pitch, just that it *DOES* do what you need it to.. and there are ways to introduce better tools and still integrate.
Actually, the real question is... WTF are you talking about?
Nuget gets broken when using the standard mode. Part of the problem is that when you check in, it doesn't automatically select all files for checkin, and most people don't pay attention.
This is why the new(er) Package Restore mode works so much better (on top of not filling up your version control database with binaries).
The UI was largely addressed after a couple of months by a new version of the Theme Switcher and a hack to add in color icons. Many of the icons in 2013 are still monochrome, but a large number of important ones are color, and that helps.
I've always pronounced it Post-Grey-Sequel
Gibson has not learned his lessons. You want a laugh? Check out one of his more recent attempts at "security"
His argument is based totally on pure brute force, which nobody does. The danger comes from dictionary attacks, and i'm pretty sure this technique can be easily accounted for and a "Haystack" password cracked in a matter of days, if not hours.
The guy just doesn't understand that his problem is not that he's not smart... it's that he doesn't share his ideas with others before he pontificates on them.
No you won't. If you really were going to, you'd do it now. Not wait for some magical date to make your ultimatum go into place.
People like you have been making this empty threat since DOS every time there's a major change.
If your laptop contains the credit card and health information for 1 million users, yes. It should be your biggest concern. If your laptop contains sensitive corporate information trusted to you, it should be your biggest concern. If your laptop contains information you wouldn't want public, it should be your biggest concern. If your laptop contains anything about anyone THEY wouldn't want public, it should be your biggest concern. If it contains your pr0n collection, then probably not.
The stuff in your wallet is easily cancellable and easily replaced (other than the actual cash, and any information you might have written on a scrap of paper), the stuff on your laptop, once out there in the wild.. probably not.
Regarding your USB dongle, are you certain you will *ALWAYS* remember to remove the dongle and pack it separately? What happens if you are forcibly required to give up your usb key (say, when crossing a border, and the oppressive government believes you may be a dissident or spy).
Certainly, you can still be forced to give up your password if you are willing to. But it can't be taken from you, unlike a dongle. And the master keys can't taken from a TPM if the system is shut down and correctly configured. (there are some attacks under certain conditions that can lead to exposure, but that's an implementation issue which you can control through careful selection of hardware).
The only systems I know of that ship with TPM's are business class systems, not your normal laptops you get at newegg, amazon, or best buy.