security
If you’ve used the internet at all in the last few years, I’m sure you’ve seen your share of CAPTCHAs: Of course, nobody wants to use CAPTCHAs. They’re a necessary evil, just like the locks on the doors to your home and your car. CAPTCHAs are
programming languages
Ian Landsman’s 10 tips for moving from programmer to entrepreneur is excellent advice. Even if you have no intention of becoming an entrepreneur. One of the biggest issues I see is developers getting caught up in the code. Spending countless hours making a function perfect or building features which
security
Cory Doctorow recently linked to this fascinating email from Jon Callas, the CTO of PGP corporation. In it, Jon describes the impossibility of brute force attacks on modern cryptography: Modern cryptographic systems are essentially unbreakable, particularly if an adversary is restricted to intercepts. We have argued for, designed, and built
security
Microsoft has finally activated the most aggressive part of their Windows Genuine Advantage program – active notifications. After downloading the latest Windows updates, if your Windows cd-key doesn’t validate against Microsoft’s online database of cd-keys, you may be greeted with this unpleasant five-second mandatory delay dialog at the login
security
Paul Thurrott’s scathing article Where Vista Fails highlights my biggest concern with Windows Vista: Modern operating systems like Linux and Mac OS X operate under a security model where even administrative users don’t get full access to certain features unless they provide an in-place logon before performing any
security
Virtual machine images typically don’t need much security, so the login prompt is more of a formality than anything else. Plus, if you’re planning to share the VM image with others, you need to communicate the login information along with the image. It’s a pain. I’ve
security
I like to periodically watch the HTTP traffic on my server. I can see what I’m actually serving up over the wire, and how much bandwidth I’m using. That’s how I noticed that I’ve become somewhat popular with direct-link image bandwidth thieves. In other words, people
password management
I have fifty online logins, and I can’t remember any of them. What’s my password? I can’t use the same password for every website. That’s not secure. So every password is unique and specific to that website. And what’s my login name? Hopefully it’s
security
After I posted the CodeProject article .NET Encryption Simplified, a reader asked this question in the comments: I would like to know what your thoughts are on private key storage in applications. I believe the recommended practice is to use the DPAPI, but I have found this to be too
virtual machines
Lately I’ve been spending more and more time inside virtual machines. Whenever I need to try out a new bit of software, whether it’s a small shell extension, or a giant product like Team System – I tear off a new VM first. I don’t want to junk
security
I’ve recently been struggling with a number of racing sims I bought to use after work hours in our new racing cockpit. I’m a big believer in supporting developers. I’m a developer myself. But digging around for CDs or DVDs is impractical for dedicated gaming rigs, so
regex
I was intrigued by a recent comment from a Microsoft Hotmail developer on the pitfalls they’ve run into while upgrading Hotmail to .NET 2.0: Regular Expressions can be very expensive. Certain (unintended and intended) strings may cause RegExes to exhibit exponential behavior. We’ve taken several hotfixes for