Sat, Jan 29 2005 20:00
Hardware, vendors and other rants, oh my!
Wayne pinged me and asked if I had any Netgear PS110 print servers here and I don't. Seems like the servers just don't want to work on Win2k3 and you either have to buy the 113s or buy some other print server. Now we all know that hardware firewalls and print servers are just code in a box and you would think that they could just flash it or something but it acts like the vendor doesn't want to do this. Hey Netgear, how about some better response than this? Listening out there, Mr. Netgear?
Speaking of vendors, when you buy software these days, do a “Howard/LeBlanc” on it. A what you say? A bit of “Secure coding Second Edition” sanity check on how it's set up, what it wants you to do on your system, what it's installing on your computers. Ask for the specs BEFORE buying the product. Ask the vendor how “securely coded” they are. Threat Model that sucker too if you can. We as consumers have every right to ask how things are setup.
I once had to go up to like third tier tech support to get the right answer when a vendor said they needed an “inbound port 80” connection to our server. I was like WHAT? You HAVE to be kidding! Well come to find out it was like an outbound connection [like we all do outbound connections] and the initial three guys we talked to had no clue.
If you don't know if the vendor specs are okay, run it by someone more paranoid than you are. Big firms can do project requirements that lists specifications. We can't. But we can start in our own little way start putting the seeds of “hey are you coding right?” into the minds of all software companies that develop for small business.
Wonder if it would be in poor taste to send Scott Cook [CEO of Intuit] a Secure coding Second Edition just to make sure he can hand it to one of his devs to make sure they've read the book.
Filed under: Rants