security
Perhaps you've seen this recent XKCD about password choice? It prompted a spirited debate – even on our very own Security Stack Exchange – about the merits of the argument presented there. Now, to be clear, I'm completely on Randall's side here; I'm all
security
This weekend, the Gawker network was compromised. This weekend we discovered that Gawker Media's servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. If you're a commenter on any of our sites, you probably have several
authentication
Back in summer 2008 when we were building Stack Overflow, I chose OpenID logins for reasons documented in Does The World Really Need Yet Another Username and Password: I realize that OpenID is far from an ideal solution. But right now, the one-login-per-website problem is so bad that I am
security
The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here's how it works: * Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn't require a password before you can connect to it. * Install Firefox and
networking
Do you remember when a router used to be an exotic bit of network kit? Those days are long gone. A router is one of those salt-of-the-earth items now; anyone who pays for an internet connection needs a router, for: 1. NAT and basic hardware firewall protection from internet evildoers
security
Kyle Brandt, a system administrator, asks Should Developers have Access to Production? A question that comes up again and again in web development companies is: "Should the developers have access to the production environment, and if they do, to what extent?" My view on this is that as
security
In my previous post, Url Shorteners: Destroying the Web Since 2002, I mentioned that one of the "features" of the new generation of URL shortening services is to frame the target content. Digg is one of the most popular sites to implement this strategy. Here's how
security
In Why Isn't My Encryption.. Encrypting? we learned that your encryption is only as good as your understanding of the encryption code. And that the best encryption of all is no encryption, because you kept everything on the server, away from the prying eyes of the client. In
security
In Why Isn't My Encryption.. Encrypting?, many were up in arms about the flawed function I posted. And rightfully so, as there was a huge mistake in that code that just about invalidates any so-called "encryption" it performs. But there's one small problem: I
encryption
It's as true in life as it is in client-server programming: the only secret that can't be compromised is the one you never revealed. But sometimes, it's unavoidable. If you must send a secret down to the client, you can encrypt it. The most
security
I received this anonymous email a few days ago: I found what one could call a security hole in Stackoverflow. I'm curious enough to go digging around for holes, but too ethical to actually do anything with them. However, I'm afraid that by pointing it out
security
Inside the Precision Hack is a great read. It's all about how the Time Magazine World's Most Influential People poll was gamed. But the actual hack itself is somewhat less impressive when you start digging into the details. Here's the voting UI for the