A truly great question came up the other day.

"Why change passwords every 90 days? What is the threat scenario countered by that policy?"

Of course strong password policy means constantly changing passwords. Right?

Then I started to think about it. What -- actually -- does a password change protect you against …

Got this question recently.

I’m looking for an HTML editor that fits into my price range (free of course). I don’t need to do anything fancy, just vanilla HTML to run on an Apache server ..., and maybe some PHP down the line. Can you recommend any open source …

Today, we're reviewing the final and only code in the application. It's just that simple. We'll start with the data model.

CREATE TABLE STUFF(
    COLUMN1 TEXT,
    COLUMN2 TEXT,
    COLUMN3 TEXT
    );

As you can see from the enclosed table design, we have generalized the general triple-store to make it more general …

The lowly shell (bash, zsh, csh, the whole bunch) is usually a dreadful programming environment. Perfectly awful. With some care, you can easily architect applications so that you don't really need the shell for very much.

However, there is a precious nugget of goodness within the shell's programming language. The …

The readers of the Building Skills Books have a number of needs:

1. A way to post errors and corrections. I get a lot of these. Thanks!
2. A way to share comments and questions. I get a fair number of these.

A Google Group seems to be the best approach. We …

In Architecture Change: Recognizing Conway's Law we looked at the profound influence Conway's Law has on architecture.

Recently I've looked at two gutsy declarations that an architecture was broken. One recognized that a three-tiered architecture was too complex for their needs. The other recognized that the Ontology tools weren't performing …

I've got lots of examples of places where Conway's Law has turned a good idea into a poor implementation. A classic is a data warehouse where there were three project managers, so they broke things up three ways, leading to a crazy mess of dumb duplication.

Countering that, I've recently …

My old Citizen Pro-Master watch died. It needs batteries. It's a dive watch, so it also needs to be opened by professionals, have the gaskets replaced, and get pressure tested to be sure it works.

I tried sending it to the Citizen Watch Service facility in Dallas. Their web site …

I lean on the OWASP list heavily. http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

This analysis is handy also: http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdf

The point is that most of the vulnerabilities are pretty clear.

1. Injection flaws: SQL, OS, and LDAP injection. Pretty clear that building SQL …

Years ago (6? 7?) I did some data profiling in Python.

This required reading COBOL files with Python code.

Superficially, this is not really very hard.

1. Python slice syntax will pick fields on of the record. For example: data[12:14].

#. Python codecs will convert from EBCDIC to Unicode without …