Category Archive for 'Security'

Force and Excellence

Monday, August 13th, 2007

I read a quote this week that sums up a large part of why policies often fail to achieve their objectives: Just remember: people tend to resist that which is forced upon them. People tend to support that which they help to create. —Vince Pfaff Policies fail because they are forced upon people without any […]

Security of Ruby’s Kernel#rand

Tuesday, August 7th, 2007

Last night I was at the Chicago Area Ruby Group, and there was a presentation by Trevor Turk on his El Dorado project. While he was showing us the code I saw the method that generates the application’s authentication token. I could not help but notice that the security of the authentication tokens depends greatly […]

An Idea for Process Teams

Thursday, August 2nd, 2007

My previous post on Process Hell generated some thoughts from my friend Ryan at his blog in a posting called Policy, Subjectivity and Inteligence. It seems last year he had some similar thoughts in another post titled The “What isn’t easily measurable, doesn’t exist” Rule. I think he was spot on with why many costs […]

Policy Hell

Tuesday, July 31st, 2007

One thing that I learned in five years of working for an FDA regulated company: policies are usually written to address fears instead of to solve problems or provide a return on investment. Often when one challenges the usefulness of a troublesome policy the answer is that Something Bad might happen if we did not […]

Ruby, Rails, Applicaton Security, and more!

Wednesday, June 20th, 2007

I’ve decided that should be dedicated to my favorite computer topics: Ruby, Rails, application security, and OpenBSD. This is all awesome stuff. Stuff that is awesomely interesting to me. However my level of knowledge in these topics varies a bit, and it creates a perplexing situation for me.