By Soulskill from Slashdot's discovering-you-trusted-something-way-too-much department
Carcass666 writes "It is usually good to use existing libraries, rather than reinventing the wheel, especially with open source. Unfortunately, sometimes we have to work with closed source implementations. Recently, we were diagnosing a .NET assembly and, after getting nowhere with the vendor, ran it through a decompiler. The code was a morass of SQL concatenation, sloppy type conversions, and various things that are generally thought of as insecure.
My question is: What are Slashdot readers' preferred tools for analyzing .NET and Java compiled libraries (not source code) for potential security vulnerabilities? Ideally, I would like to know if a library is a security liability before I code against it. For example, Microsoft used to have something called FxCop, but it hasn't been updated for current versions of the .NET framework."Read Replies (0)
By Unknown Lamer from Slashdot's didn't-see-that-one-coming department
sfcrazy writes "It's not Onion: Red Hat has partnered with Uhuru Software to bring Microsoft .NET Apps and SQL server capabilities to Red Hat's Platform-as-a-Service solution OpenShift."
This brings OpenShift to Windows
, and not .NET applications to GNU/Linux OpenShift installations. RedHat customers have apparently been asking for this for a while. The source is available: "The consistent model for managing both Linux and Windows systems that OpenShift provides allow organizations to achieve greater efficiency and agility. Windows is now a full-fledged member of the Open Source world of OpenShift
. In keeping with the spirit of Open Source, Uhuru has made all of its OpenShift integration software for Windows available
to the community and is working to have it officially integrated into OpenShift Origin
In related news (OpenShift is usually used on top of OpenStack
), darthcamaro writes "The OpenStack cloud platform keeps on gaining new converts. The latest is GoDaddy which today announced it is now officially supporting the OpenStack Foundation. How GoDaddy came to officially join the OpenStack Foundation is interesting, apparently the OpenStack Foundation found out that GoDaddy was using OpenStack though job postings."Read Replies (0)
By Unknown Lamer from Slashdot's developers-developers-developers-rage-quit department
mrspoonsi writes with this excerpt from Business Insider on Steve Ballmer's final months as Microsoft CEO: "Ballmer decided to announce his retirement a few years before anyone expected him to. It all came to a head in one board meeting with Ballmer in June 2013. According to Businessweek, Ballmer got into a shouting match with Microsoft's board when directors said they didn't want to buy Nokia and start making smartphones. Ballmer told the board last June that if he didn't get what he wanted, he wouldn't be CEO any more. Businessweek said Ballmer's shouts could be heard in the hall outside the conference room. In the end, the board compromised with Ballmer. Ballmer wanted to buy both Nokia's handset business and its mapping platform called HERE. Instead, Microsoft ended up buying just the handset business for $7.2 billion and licensed HERE maps from Nokia."
Ballmer seems to be regretting not getting into hardware sooner
(although given that not
making hardware propelled them to success in the 90s...)Read Replies (0)
By Unknown Lamer from Slashdot's thanks-to-officials-flipping-out department
v3rgEz writes "After the Snowden revelations, President Obama promised greater transparency on how the federal government collects and uses data on its citizens, including a three-leg 'privacy tour' to discuss the balance between security and privacy. Well, the first leg of the tour is up and — surprise, surprise — it's not much of a conversation, with official dodging questions or, in one case, simply walking out of the conference."
There's a video of the workshop at MIT
, and the article says not all of it was spent watching politicians be politicians: "The review, led by White House counselor John Podesta ... is not confined to intelligence gathering but is meant also to examine how private entities collect and use mass quantities of personal information, such as health records and Internet browsing habits. On the latter subject, the conversation was robust. Experts from places like MIT, Harvard, Nielsen, and Koa Labs traded pros and cons, and proposed high-tech compromises that could allow people to contribute personal information to big data pools anonymously. "
An Anonymous reader also wrote in that "Outgoing National Security Agency boss General Keith Alexander says reporters lack the ability to properly analyze the NSA's broad surveillance powers and that forthcoming responses to the spying revelations may include 'media leaks legislation.' 'I think we are going to make headway over the next few weeks on media leaks. I am an optimist. I think if we make the right steps on the media leaks legislation, then cyber legislation will be a lot easier,' Alexander said."Read Replies (0)
By Soulskill from Slashdot's gotta-pay-for-those-fighter-jets-somehow department
sciencehabit writes "President Barack Obama has released a $3.901 trillion budget request to Congress, including proposals for a host of federal research agencies. Science Magazine has the breakdown, including a big win for advanced computing, a big cut for fusion, and status quo for astronomy. 'In the proposed budget, advanced computing would see its funding soar 13.2% to $541 million. BES, the biggest DOE program, would get a boost of 5.5% to $1.807 billion. BER would get a 3% bump to $628 million, and nuclear physics would enjoy a 4.3% increase to $594 million. In contrast, the fusion program would take a 17.6% cut to $416 million—$88 million less than it's getting this year. Although far from final, the numbers suggest another big dip for a program that has enjoyed a roller coaster ride in recent years. In its proposed 2013 budget, DOE called for slashing spending on domestic fusion research to help pay for the increasing U.S. contribution to the international fusion experiment, ITER, in Cadarache, France.'"
The Association of American Universities has issued a letter disapproving of the amount of research funding
. The Planetary Society has broken down the proposed NASA budget
.Read Replies (0)