security

Windows Vista: Security Through Endless Warning Dialogs

security

Windows Vista: Security Through Endless Warning Dialogs

Paul Thurrott’s scathing article Where Vista Fails highlights my biggest concern with Windows Vista: Modern operating systems like Linux and Mac OS X operate under a security model where even administrative users don’t get full access to certain features unless they provide an in-place logon before performing any

By Jeff Atwood ·
Comments
Automatic Login for Virtual Machines

security

Automatic Login for Virtual Machines

Virtual machine images typically don’t need much security, so the login prompt is more of a formality than anything else. Plus, if you’re planning to share the VM image with others, you need to communicate the login information along with the image. It’s a pain. I’ve

By Jeff Atwood ·
Comments
Blocking Image Bandwidth Theft with URL Rewriting

security

Blocking Image Bandwidth Theft with URL Rewriting

I like to periodically watch the HTTP traffic on my server. I can see what I’m actually serving up over the wire, and how much bandwidth I’m using. That’s how I noticed that I’ve become somewhat popular with direct-link image bandwidth thieves. In other words, people

By Jeff Atwood ·
Comments
The Login Explosion

password management

The Login Explosion

I have fifty online logins, and I can’t remember any of them. What’s my password? I can’t use the same password for every website. That’s not secure. So every password is unique and specific to that website. And what’s my login name? Hopefully it’s

By Jeff Atwood ·
Comments

security

Keeping Private Keys Private

After I posted the CodeProject article .NET Encryption Simplified, a reader asked this question in the comments: I would like to know what your thoughts are on private key storage in applications. I believe the recommended practice is to use the DPAPI, but I have found this to be too

By Jeff Atwood ·
Comments

virtual machines

Our Virtual Machine Future

Lately I’ve been spending more and more time inside virtual machines. Whenever I need to try out a new bit of software, whether it’s a small shell extension, or a giant product like Team System – I tear off a new VM first. I don’t want to junk

By Jeff Atwood ·
Comments

security

Is there an optimal piracy rate?

I’ve recently been struggling with a number of racing sims I bought to use after work hours in our new racing cockpit. I’m a big believer in supporting developers. I’m a developer myself. But digging around for CDs or DVDs is impractical for dedicated gaming rigs, so

By Jeff Atwood ·
Comments
Regex Performance

regex

Regex Performance

I was intrigued by a recent comment from a Microsoft Hotmail developer on the pitfalls they’ve run into while upgrading Hotmail to .NET 2.0: Regular Expressions can be very expensive. Certain (unintended and intended) strings may cause RegExes to exhibit exponential behavior. We’ve taken several hotfixes for

By Jeff Atwood ·
Comments
Why Do Login Dialogs Have a “User” Field?

security

Why Do Login Dialogs Have a “User” Field?

In The Humane Interface, the late Jef Raskin asks an intriguing question: why do login dialogs have a “User” field? Shouldn’t login dialogs look more like this? And you know what? He’s right. Your password alone should be enough information for the computer to know who you are.

By Jeff Atwood ·
Comments

programming languages

Equipping our ASCII Armor

On one of our e-commerce web sites, we needed a unique transaction ID to pass to a third party reporting tool on the checkout pages. We already had a GUID on the page for internal use. And you know how much we love GUIDs! 22da5537-de54-459d-9b33-f40f2101143b A GUID is 128 bits,

By Jeff Atwood ·
Comments

security

The Six Dumbest Ideas in Computer Security

Marcus Ranum, the inventor of the proxy firewall, brilliantly condenses why many security efforts are doomed from the start: they fall prey to the The Six Dumbest Ideas in Computer Security : 1. Default Permit Also known as “on by default.” This one is huge, and it alone is why the

By Jeff Atwood ·
Comments
Speeding up web browsing

security

Speeding up web browsing

In order to speed up my web browsing experience, I disable Flash in Internet Explorer. I’ve got nothing personal against Flash, mind you, but it’s generally chrome. It’s visually (and sometimes audibly) distracting, and it adds download time to each page view. An image is worth a

By Jeff Atwood ·
Comments