security
Remember “cybersecurity”? Mysterious hooded computer guys doing mysterious hooded computer guy... things! Who knows what kind of naughty digital mischief they might be up to? Unfortunately, we now live in a world where this kind of digital mischief is literally rewriting the world’s history. For proof of that, you
security
We’ve read so many sad stories about communities that were fatally compromised or destroyed due to security exploits. We took that lesson to heart when we founded the Discourse project; we endeavor to build open source software that is secure and safe for communities by default, even if there
passwords
Of the many, many, many bad things about passwords, you know what the worst is? Password rules. Let this pledge be duly noted on the permanent record of the Internet. I don’t know if there’s an afterlife, but I’ll be finding out soon enough, and I plan
security
I’ll admit I was late to the HTTPS party. But post Snowden, and particularly after the result of the last election here in the US, it’s clear that everything on the web should be encrypted by default. Why? 1. You have an inalienable right to privacy, both in
router
When we initially deployed our handbuilt colocated servers for Discourse in 2013, I needed a way to provide an isolated VPN channel in for secure remote access and troubleshooting. Rather than dedicate a whole server to this task, I purchased the inexpensive, open source firmware friendly Asus RT-N16 router, flashed
security
This post is a bit of a public service announcement, so I’ll get right to the point: Every time you use WiFi, ask yourself: could I be connecting to the Internet through a compromised router with malware? It’s becoming more and more common to see malware installed not
open source
Eric Raymond, in The Cathedral and the Bazaar, famously wrote: Given enough eyeballs, all bugs are shallow. The idea is that open source software, by virtue of allowing anyone and everyone to view the source code, is inherently less buggy than closed source software. He dubbed this “Linus’s Law.
security
I've already documented my brief, youthful dalliance with the illegal side of computing as it existed in the late 1980s. But was it crime? Was I truly a criminal? I don't think so. To be perfectly blunt, I wasn't talented enough to be any
security
Twenty-four years ago today, I had a very bad day. On August 8, 1988, I was a senior in high school. I was working my after school and weekend job at Safeway as a cashier, when the store manager suddenly walked over and said I better stop ringing up customers
security
It's only a matter of time until your email gets hacked. Don't believe me? Just read this harrowing cautionary tale. When [my wife] came back to her desk, half an hour later, she couldn’t log into Gmail at all. By that time, I was up
hashing
Hashes are a bit like fingerprints for data. A given hash uniquely represents a file, or any arbitrary collection of data. At least in theory. This is a 128-bit MD5 hash you're looking at above, so it can represent at most 2128 unique items, or 340 trillion trillion
security
The prevalence of free, open WiFi has made it rather easy for a WiFi eavesdropper to steal your identity cookie for the websites you visit while you're connected to that WiFi access point. This is something I talked about in Breaking the Web's Cookie Jar. It&