security
Remember "cybersecurity"? Mysterious hooded computer guys doing mysterious hooded computer guy .. things! Who knows what kind of naughty digital mischief they might be up to? Unfortunately, we now live in a world where this kind of digital mischief is literally rewriting the world's history. For proof
security
We've read so many sad stories about communities that were fatally compromised or destroyed due to security exploits. We took that lesson to heart when we founded the Discourse [https://discourse.org] project; we endeavor to build open source software that is secure and safe for communities by
passwords
Of the many, many, many bad things about passwords [https://blog.codinghorror.com/the-dirty-truth-about-web-passwords/], you know what the worst is? Password rules. > If we don't solve the password problem for users in my lifetime I am gonna haunt you from beyond the grave as a ghost pic.
security
I'll admit I was late [https://blog.codinghorror.com/should-all-web-traffic-be-encrypted/] to the HTTPS party. [https://letsencrypt.org] But post Snowden, and particularly after the result of the last election here in the US, it's clear that everything on the web should be encrypted by default. Why?
router
When we initially deployed our handbuilt colocated servers [https://blog.codinghorror.com/building-servers-for-fun-and-prof-ok-maybe-just-for-fun/] for Discourse in 2013, I needed a way to provide an isolated VPN channel in for secure remote access and troubleshooting. Rather than dedicate a whole server to this task, I purchased the inexpensive, open source firmware
security
This post is a bit of a public service announcement, so I'll get right to the point: > Every time you use WiFi, ask yourself: could I be connecting to the Internet through a compromised router with malware? It's becoming more and more common to see
open source
Eric Raymond, in The Cathedral and the Bazaar [http://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar], famously wrote > Given enough eyeballs, all bugs are shallow. The idea is that open source software, by virtue of allowing anyone and everyone to view the source code, is inherently less
security
I've already documented my brief, youthful dalliance with the illegal side of computing as it existed in the late 1980s. But was it crime? Was I truly a criminal? I don't think so. To be perfectly blunt, I wasn't talented enough to be any
security
Twenty-four years ago today, I had a very bad day. On August 8, 1988, I was a senior in high school. I was working my after school and weekend job at Safeway as a cashier, when the store manager suddenly walked over and said I better stop ringing up customers
security
It's only a matter of time until your email gets hacked. Don't believe me? Just read this harrowing cautionary tale. When [my wife] came back to her desk, half an hour later, she couldn’t log into Gmail at all. By that time, I was up
hashing
Hashes are a bit like fingerprints for data. A given hash uniquely represents a file, or any arbitrary collection of data. At least in theory. This is a 128-bit MD5 hash you're looking at above, so it can represent at most 2128 unique items, or 340 trillion trillion
security
The prevalence of free, open WiFi has made it rather easy for a WiFi eavesdropper to steal your identity cookie for the websites you visit while you're connected to that WiFi access point. This is something I talked about in Breaking the Web's Cookie Jar. It&