I came to the same realization recently. I have a lot of flexibility at work to work on personal projects that relate to my job. Unfortunately work doesn't provide some of the infrastructure I need/want. So now I have a decent lab at home and a VPN connection in. Work gives me the time, I give the resources. Good balance.

I don't think they are really outside the norm for corporate life. If people were productive at work, we'd need less web proxies to handle the load.

I don't think that is an over estimation of the impact of universities. First, are the majority of university educated programmers really learning from CS professors? I'd venture that more programming is taught outside of the CS programs these days. Second, as someone finishing a degree in information security and having worked in IT for 14 years and IT security for 4 years, universities are not doing a great job in teaching applicable security. It is a rapidly evolving space and course materials just aren't keeping up.

I think we're saying the same thing. Universities aren't teaching security, so folks learn it elsewhere. Most people hiring new grads know this.

No one can (or should) write totally secure code. But there are a lot of simple mistakes leading to XSS and SQLi that can easily be avoided by having some standards.

speaking from experience (https://github.com/bryanbrannigan/pastebin-parser) if you are just grabbing the pastes from the "latest" box you are missing a lot. To grab everything we actually had to create a distributed setup or else pastebin would start banning our IPs.

I got around this with @dumpmon by simply playing nice with Pastebin. I discovered what limits they liked/didn't like, and adjusted accordingly.

I take my entries from the archive as they are available, and I don't believe I ever miss any.

I ran into that issue myself. Pastebin throttling is real. I was playing around with the idea of actually using the socks5 proxies gathered through scraping in order to retain modularity (and eliminate the necessity of multi-IP set ups which could easily get pricey).

It would be tough because I would have to check the health of each proxy prior to use (so that I don't miss out on request windows), but still an interesting concept to consider.

cheap VPS boxes from lowendbox.com work well for this purpose. we also had problems just processing the queue on busy days.

Distribution is what I ended up doing. :)

Several DNS hosting services do this at varying costs. DurableDNS (which I founded but have sold) does it at a low cost. It's fairly trivial softwarewise as long as you have the redundant hardware, DCs, etc.

The best part of that article is the one comment complaining about employers being picky. The person leaving the comment uses "excepting" instead of "accepting" and "thou" instead of "though". Perhaps your writing skills have something to do with your unemployment?

>> 1.1.2 Minimize Software to Minimize Vulnerability > >I agree on yum. If the attacker has root and can run yum. It is too late.

You missed the point. More software means a larger attack surface. Minimizing software isn't meant to keep an attacker from installing software, it is meant to keep an attacker from using unmaintained/unneeded software to compromise the box in the first place.

I just switched everything to lastpass.com and use it on my home pc, work pc, and iphone. Works great so far.

They did pay a small portion... between 3% and 4%

"The entire medical bill for seven years, in fact, was steeply discounted. The $618,616 became $254,176 when the insurers paid their share and imposed their discounts. Of that, Terence and I were responsible for $9,468 -- less than 4 percent."