Dennis Forbes on Software and Technology   Subscribe to RSS


About the Author
Dennis Forbes is a Toronto-based software architect. While focused primarily on the .NET and SQL Server worlds, Dennis frequently ventures outside of this comfort zone into game development and image processing. He has been published in several industry magazines, has been quoted in the Wall Street Journal and has been interviewed by NPR.

He is a vice president and lead software architect at an innovative New York City hedge fund back-office services firm.

Dennis has been working on solutions for the financial, telecommunications, and power generation markets for over 13 years.


Recent Entries
Jun 26 - Web Workers and You - A Faster, More Powerful JavaScript World
Jun 25 - The Remarkable Complexity of Modern Web Browsers
Jun 19 - The Internet is a Series of Tubes and You Don't Have a Dedicated Connection
Apr 20 - The Upside of Cameras Everywhere and The Case of Victoria Stafford
Mar 21 - SSDs and JavaScript Speedups: Deeply Disruptive Advances
Mar 20 - Building a Green, Low Cost, Good Performance Home File Server
Jan 13 - The Unlikely Success of Plenty of Fish
Jan 13 - Coding Horror Strikes Again
Jan 10 - HTML Purity - Does it matter?
Jan 10 - Microsoft the Patron Saint of Firefox?


The Feed Bag
Jun 12 - Defending Mono
Jun 11 - Cryptographic Right Answers
Jun 09 - 100Gbps Ethernet
Apr 22 - vSphere 4 and the Cloud
Apr 20 - Interesting MapReduce/DBMS Paper
Apr 20 - Oracle Buys Sun
Mar 21 - Understanding SSD
Mar 20 - Enterprise SSD Use
Mar 07 - Extreme Programming Explained
Feb 03 - RDP carrying more than primitives? Nice.
Feb 02 - Microsoft releases another Firefox add-in
Jan 27 - An official gDrive?
Jan 24 - A Microsoft rep's desperation
Jan 23 - Even Microsoft Has No Faith in PC Gaming
Jan 23 - So...is it a RIM Blackberry or a Trademark Misuse?
Jan 22 - Google Beats Estimates
Jan 22 - Microsoft's Quarterly Filing
Jan 22 - Microsoft has a "bad" quarter, will cut 5000
Jan 22 - Raises Amidst Worries
Jan 22 - WCF Security Guide
Jan 21 - Microsoft cuts imminent?
Jan 20 - Fiat takes 35% stake in Chrysler
Jan 20 - Online sales cut to save costs (?!?)
Jan 18 - Where the Wii Shines
Jan 15 - So wrong it's not even worth starting
Jan 15 - A Pancreas Erases Billions
Jan 15 - Microsoft considers cutbacks
Jan 13 - Tips for New Dads
Jan 13 - CWE/SANS Top 25 Most Dangerous Programming Errors
Jan 13 - Meh...I'll read this tomorrow
Jan 13 - Is that because RIM is Canadian?
Jan 12 - Buy Microsoft products to save cash?
Jan 12 - Ex. Trolling for links and hits
Jan 11 - Answer: No
Jan 11 - The Thing about Goals
Jan 11 - If you want the Chrome 2 Previews
Jan 11 - The Git DVCS
Jan 10 - Validate Your HTML
Jan 10 - Embed Gecko (Firefox) in .NET apps
Jan 10 - Google's new favicon
Jan 10 - Open source video editing
Jan 10 - Using C# to target the iPhone and Wii
Jan 08 - SanDisk's upcoming SSD is a game changer
Jan 08 - CueCat Part II
Jan 08 - Intel revenue plummets
Jan 07 - Why login attempt lockouts are important
Jan 07 - Early applause for Windows 7
Jan 07 - Saved by the march of technology
Jan 07 - SOA is dead? Long live SOA!
Jan 06 - Toronto's skyline from 43km away
Jan 06 - A good recipe for project disaster
Jan 06 - This project is still ongoing?
Jan 06 - F# to ship as part of Visual Studio 2010
Jan 06 - No Market for Start-Ups
Jan 06 - Apple Dips on Lackluster Macworld
Jan 06 - End of Wall Street: What Happens Next (Video)
Jan 06 - Dr.Dobb's Journal Decamps From The Magazine Industry

 
Sunday, October 29 2006
In The Archives - Understanding Daylight Saving Time

An entry from a year ago might be useful to some readers. While my primary motivation was to decry the DST changes in coming years, many have found the graph helpful in understanding what DST is all about.

 

Comments  Permalink
Sunday, October 29 2006
The CYA Application Security Model

The CYA Application Security Model is the practice of implementing so-called security obstructions primarily to absolve the vendor from blame if something goes awry during everyday operations. This model is usually sold under the pretense of improving user education, or encouraging safer application usage, but that's of minimal actual concern (in reality the opposite outcome -- more risky application usage -- is probable).

An example of the CYA ASM in action is one that pops up a seemingly endless stream of confirmation "Are you really sure you want to do that?" dialog boxes, warning the user against doing what should be completely normal, benign activities.

This pestering, progress-inhibiting assault of a million warnings and confirmations application behaviour is certain to cause the user to enable a "turn off all security" mode (for instance adding every site to "trusted sites" in Internet Explorer), paradoxically making the security situation infinitely worse, but for the vendor this often the desired outcome: At least then they can smirk and blame it on the userbase if what should be a harmless activity compromises their machine.

Didn't you heed the "The Internet could be harmful to security!" dialog box when you attempted to connect to the internet?

  .NET   Software Development 
Comments  Permalink
Earlier EntriesLater Entries

Dennis Forbes