programming languages
A few months ago, Dare Obasanjo noticed a brief exchange my friend Jon Galloway and I had on Twitter. Unfortunately, Twitter makes it unusually difficult to follow conversations, but Dare outlines the gist of it in Developers, Using Libraries is not a Sign of Weakness: The problem Jeff was trying
security
In Cross-Site Request Forgeries and You I urged developers to take a close look at possible CSRF / XSRF vulnerabilities on their own websites. They’re the worst kind of vulnerability – very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you’
security
As the web becomes more and more pervasive, so do web-based security vulnerabilities. I talked a little bit about the most common web vulnerability, cross-site scripting, in Protecting Your Cookies: HttpOnly. Although XSS is incredibly dangerous, it’s a fairly straightforward exploit to understand. Do not allow users to insert
security
So I have this friend. I’ve told him time and time again how dangerous XSS vulnerabilities are, and how XSS is now the most common of all publicly reported security vulnerabilities – dwarfing old standards like buffer overruns and SQL injection. But will he listen? No. He’s hard headed.
user experience
As a software developer, tell me if you’ve ever done this: 1. Taken a screenshot of something on the desktop 2. Opened it in a graphics program 3. Gone off to work on something else 4. Upon returning to your computer, attempted to click on the screenshot as if
security
Bruce Schneier is something of a legend in the computer security community. He’s the author of the classic, oft-cited 1994 book Applied Cryptography, as well as several well-known cryptography algorithms. The cheeky Norris-esque design above is a reference to the actor names commonly used in examples of shared secret
security
A number of people whose opinions I greatly respect have turned me on to Yelp over the last six months or so. Yelp is a community review site, and a great way to discover cool new places in whatever neighborhood you happen to be in. I’ve enjoyed using Yelp,
security
One of the most impressive hacks I’ve ever read about has to be the Black Sunday kill. Since the original 2001 Slashdot article I read on this is 99.9% quote, I’m going to do the same. I can see why they quoted so extensively; it’d be
authentication
As we continue to work on the code that will eventually become stackoverflow, we belatedly realized that we’d be contributing to the glut of username and passwords on the web. I have fifty online logins, and I can’t remember any of them! Adding that fifty-first set of stackoverflow.
security
How many times have you returned to your web browser to be greeted by this unpleasant little notification: Your session has timed out. Please sign in again. If you’re anything like me, the answer is lots. What’s worse is that you’re usually kicked out of whatever page
programming languages
Our old pal A. K. Dewdney first introduced the world to Core War in a series of Scientific American articles starting in 1984. (Full page scans of the articles, including the illustrations, are also available.) Core War was inspired by a story I heard some years ago about a mischievous
privacy
From the ACM Code of Ethics: As an ACM member I will 1. Contribute to society and human well-being. 2. Avoid harm to others. 3. Be honest and trustworthy. 4. Be fair and take action not to discriminate. 5. Honor property rights including copyrights and patent. 6. Give proper credit