Author Archive

utmpdump: Dump UTMP and WTMP Files in Raw Format

October 29th, 2019

Login attempts can be tracked in real time with the following command: /bin/utmpdump -f /var/log/btmp I received a Logwatch email reporting a “corruption detected in /var/log/btmp : XX time(s)” issue. By performing an Internet search for the reported issue, I found Gabriel Cánepa’s How to Monitor User Login History on CentOS with utmpdump. Cánepa describes […]

Making Your Grass the Greenest

October 6th, 2019

Sometime around November 2005, I stumbled upon Scott Berkun’s Essay #41 – Why I Left Microsoft. At the time, I felt inspired by his courage of leaving an environment where he acquired tenure as a program manager for the Internet Explorer web browser project. In his essay, Scott Berkun writes: So I chose to leave […]

Personal Password Policies

September 28th, 2019
Posted in Security | 1 Comment

Need secure passwords that are not completely unintelligible? Devise a personal password policy: Select three or four words from a dictionary. Consider using adverbial forms, past and present tense of verbs. Consider using singular and plural forms of nouns. Avoid idioms. Pick a number. Consider inserting leading 0s. Pick a symbol: !@#$%^&*()-_=+ Assemble the above […]

Securing Dynamically Generated HTML

September 22nd, 2019
Posted in Security | No Comments

Implementing code that simply displays a user’s IP address as part of an HTML page may be considered easy. Without security considerations, it can be implemented in PHP simply with the following: echo “IP: ” . $_SERVER[‘REMOTE_ADDR’]; 2011 CWE/SANS Top 25: Monster Mitigations recommends establishing and maintaining “control over all your inputs” and “control over […]

Introducing IAsyncDisposable

September 17th, 2019
Posted in C# | No Comments

Being sometimes required to call a particular method before an object is disposed emits a pungent code smell. In particular recently reviewed code, invoking an asynchronous Flush() method was sometimes necessary before a MyStream object was disposed, because asynchronous methods would be otherwise called from Dispose(), which does not wait for completion of those asynchronous […]