"Found", "Found out" or "made up to get more funds for further studies"? M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.

is it f*ck In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP

And that guarantees that it will not have "too many layers"?

Here's the literature I was able to find through libera on IRC. Very helpful to me. Hopefully also helpful for other people reading this.. ## Online: - [Oso - Authorization Academy](https://www.osohq.com/academy) - Very helpful; Starts with the basics, then talks where to impl auth and why, and how. ## Books In regard of books I found that looking at the references can help. In combination with archive.org's free book library it's possible to skim over books quite quickly - I used *Security Engineering* (second edition on the page is freely available) as a reference guide to find other books - [*Basic Principles Of Information Protection (JEROME H. SALTZER)*](http://web.mit.edu/Saltzer/www/publications/protection/Basic.html) was an interesting resource. - Access Control, Authentication, and Public Key Infrastructure Jones & Bartlettt Learning Information Systems Security & Assurance Series - *Andrei Sabelfeld* was suggested to me (also as a reference guide). Couldn't check it out, yet. ## Specific topics ### Object Capability System: Quote: the object graph _is_ the permission graph, and so there are no separate access control checks that you have to make like shown in that slide. An object has authority to call methods on another object if and only if it actually has a reference to that other object. Links: - [Habitat Chronicles: What Are Capabilities?](http://habitatchronicles.com/2017/05/what-are-capabilities/) - [http://erights.org/talks/thesis/markm-thesis.pdf\](http://erights.org/talks/thesis/markm-thesis.pdf) - [Bringing Object-orientation to Security Programming (Mark S. Miller, Google) - YouTube](https://www.youtube.com/watch?v=oBqeDYETXME) OT Here's some basic insight I've gained during looking at various sources. The basic question *you* want to get answered is `has_access(user, action, resource)`. *Example:* `has_access(uid, read, user_list)`. You might want to take it even more abstract and say `has_access(entity, action, resource)`, where `entity` could be a user, a group, an organization or anything else that is able to perform actions in your system. Perhaps even `has_access(resource, action, resource)` might be an appropriate abstraction. With a hierarchical permission struct

Sean Ewington wrote: This article is a sponsored article. Articles such as these are intended to provide you with information on products and services that we consider useful and of value to developers" This text got bugged once or twicve and was given to articles without sponsoring. M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.

Quote: The MVP honorific for Windows Insider Program testers gets bestowed on "positive Windows advocates within their communities," So with all the bad patches, there are no longer "positive" people anymore? Huh. Asking questions is a skill CodeProject Forum Guidelines Google: C# How to debug code Seriously, go read these articles. Dave Kreskowiak

Hardware changes by software? I wonder how long will it take for the next generation of bugs and malware to come :sigh: M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.

:thumbsup: that is a great comparison. I was thinking Xeon, but it didn’t fit as well. TTFN - Kent

So, business as usual for both the security team and users.

I know that feeling. It was the ZX Spectrum, for me. "In testa che avete, Signor di Ceprano?" -- Rigoletto

Good gravy man, of course it's not enough. We need j and k as well. I don't know anyone who had code complex enough to get to the heady heights of l. Advanced TypeScript Programming Projects

Take pictures? Fax? :omg: A real Luddite would paint a painting of the letter blocks, and send it by carrier pigeon! Freedom is the freedom to say that two plus two make four. If that is granted, all else follows. -- 6079 Smith W.

I see a lot of rhetoric and opinion in what you posted. Yes I have seen those same sort of opinions. But I like to see some data when I read stuff like that. Steve Naidamast wrote: It is already well documented and a known fact in the US employment market that graduating university students from US universities are not doing very well. Versus? In the US 50 Years ago? When there were a LOT fewer students even going to college? Seems like that would have an impact. Versus other countries? How exactly are you making those comparisons? Is there a world wide standardized test that I am unaware of? Which tests are you looking at exactly? Steve Naidamast wrote: As for the idea that many professional technicians are better trained than the majority of other workers does not strike me as really realistic considering the worsening problems with business web sites. First I specifically referred to education and not how well they could do a job in the market place. Certainly true when I went to college, more than 40 years ago, that the many Communications majors and Psychology majors were not in fact trained to do anything. Matter of fact I was not only told but had it technically demonstrated to me that an Electrical Engineer graduate could not make a commercial electrical product on graduation. The education provided did not make one production ready. Second, data on what you claim? How exactly did they compare 'worse' web sites with now versus some, as unspecified, time in the past? What I do know is that web sites are far more complex than even 10 years ago much less 20. And complexity, not knowledge, is going to have a substantial impact. I know this specifically because I am working with products (plural) that provide that service and quantify the problems. Steve Naidamast wrote: The advent of Microsoft's push for the use of the MVC paradigm in 2010 MVC was first introduced in 1979. Like many things Microsoft does they merely jumped on the bandwagon that was going by. Steve Naidamast wrote: Recently an article has been written that describes the increasing rates of burnout from the DevOps paradigm, Do you really think this is something new? Look to the copyright date of the book "Death March" by Ed Yourdon which is 1997. Keepi