zitat

Log filtering

Written by  on Juli 1, 2016

Sensitive information should be filtered at the source during log generation.

Schützenswerte Daten, sollten erst gar nicht auf eventuell schlechter geschützte Systeme kommen.

CRL contents

Written by  on Juni 30, 2016

Per RFC 5280 specification, a complete CRL contains all unexpired certificates that have been revoked whithin the CA scope. Thus, each CA maintains its own CRL such that a relying party needs to deal with more than one CRL. The various CRL are posted on an accessible site where relying parties can download the certificate status information.

Zitat des Tages

Written by  on Juni 29, 2016

Certificate suspension should not be supported due to the complexities and side effects of managing authorized individual possibly from different organizations. Many CA software products do not support certificate suspension.

Zitat des Tages

Written by  on Juni 27, 2016

Certificate modification changes the key lifecycle its original operational period, which is a risky practice; certificates should not be modified; they should always be rekeyed.

Zitat des Tages

Written by  on Juni 26, 2016

Certificate renewal extends the key lifecycle beyond its original operational period, which is a risky practice; certificates should not be renewed; they should always be rekeyed.

Zitat des Tages

Written by  on Juni 22, 2016

i’VE NEVER MET A CUSTOMER YET that wasn’t all too happy to tell me what they wanted—usually in great detail. The problem is that customers don’t always tell you the whole truth. They generally don’t lie, but they speak in customer speak, not developer speak. They use their terms and their contexts. They leave out significant details. They make assumptions that you’ve been at their company for 20 years, just like they have. This is compounded by the fact that many customers don’t actually know what they want in the first place! Some may have a grasp of the “big picture,” but they are rarely able to communicate the details of their vision effectively. Others might be a little lighter on the complete vision, but they know what they don’t want.

97 Things Every Programmer Should Know

Zitat des Tages

Written by  on Juni 21, 2016

Good code doesn’t pop out of thin air. It isn’t something that happens by luck when the planets align. To get good code, you have to work at it. Hard. And you’ll only get good code if you actually care about good code.

97 Things Every Programmer Should Know

Zitat des Tages

Written by  on Juni 20, 2016

You know what I’m talking about: when clicking a single link on a normal flow on a web page results in a deluge of messages in the only log that the system provides. Too much logging can be as useless as none at all.

97 Things Every Programmer Should Know

Zitat des Tages

Written by  on Juni 19, 2016

Too many programmers feel that it is their employer’s job to train them. Sorry, this is just dead wrong. Do you think doctors behave that way? Do you think lawyers behave that way? No, they train themselves on their own time, and their own nickel. They spend much of their off-hours reading journals and decisions. They keep themselves up to date. And so must we. The relationship between you and your employer is spelled out nicely in your employment contract. In short: your employer promises to pay you, and you promise to do a good job.

97 Things Every Programmer Should Know

Zitat des Tages

Written by  on Juni 18, 2016

May you be granted the serenity to accept the things you cannot change, the courage to change the things you can, and the wisdom to know the difference.

97 Things Every Programmer Should Know