Monday, December 27, 2010

Emperors and airports

"Proper and effective security requires multiple layers of systems, procedures and policies that are interlaced and constantly monitored," the airport said. "The vast majority of the widespread layers of this security program are behind the scenes and transparent to casual observers."  -- SFO flunky quoted at the end of this CNN article.

Turns out, the emperor wasn't naked.  His clothes were just transparent to casual observers.

Monday, December 20, 2010

Why let users choose their passwords?

As the release notes for the Gawker debacle illustrate, users make up sucky passwords.  Maybe the real lesson is that users should not be allowed to produce their own passwords.  Instead, websites should auto-generate passwords for users --- passwords that have real complexity, rather than "password" or "123456".   

Sure, this would force most users to write their passwords down --- or keep them in something like KeePass --- but that pushes the point of failure to the user.  The overall risk is way lower than the risk that all 50 websites for which said user used an identical, identically-lame password will remain indefinitely uncompromised.


Thursday, February 18, 2010

Notes on using boost

  1. Using the boostpro Windows installer is substantially slower than downloading and building boost from scratch.
  2. I like to set the compile-time flag BOOST_ALL_NO_LIB so that I can manually manage what's getting glued into my program.  The same manual link-list then serves as a list of what has to go into the installer package.
    // BOOST_ALL_NO_LIB: Tells the config system not to automatically select 
    // which libraries to link against.  
    // Normally if a compiler supports #pragma lib, then the correct library 
    // build variant will be automatically selected and linked against, 
    // simply by the act of including one of that library's headers.  
    // This macro turns that feature off.
    // #define BOOST_ALL_NO_LIB
  3. "ALL" doesn't mean what you think it means:
    // BOOST_ALL_DYN_LINK: Forces all libraries that have separate source, 
    // to be linked as dll's rather than static libraries on Microsoft Windows 
    // (this macro is used to turn on __declspec(dllimport) modifiers, so that 
    // the compiler knows which symbols to look for in a dll rather than in a 
    // static library).  Note that there may be some libraries that can only 
    // be statically linked (Boost.Test for example) and others which may only 
    // be dynamically linked (Boost.Threads for example), in these cases this 
    // macro has no effect.
    // #define BOOST_ALL_DYN_LINK