security
Paul Thurrott’s scathing article Where Vista Fails highlights my biggest concern with Windows Vista: Modern operating systems like Linux and Mac OS X operate under a security model where even administrative users don’t get full access to certain features unless they provide an in-place logon before performing any
security
Virtual machine images typically don’t need much security, so the login prompt is more of a formality than anything else. Plus, if you’re planning to share the VM image with others, you need to communicate the login information along with the image. It’s a pain. I’ve
security
I like to periodically watch the HTTP traffic on my server. I can see what I’m actually serving up over the wire, and how much bandwidth I’m using. That’s how I noticed that I’ve become somewhat popular with direct-link image bandwidth thieves. In other words, people
password management
I have fifty online logins, and I can’t remember any of them. What’s my password? I can’t use the same password for every website. That’s not secure. So every password is unique and specific to that website. And what’s my login name? Hopefully it’s
security
After I posted the CodeProject article .NET Encryption Simplified, a reader asked this question in the comments: I would like to know what your thoughts are on private key storage in applications. I believe the recommended practice is to use the DPAPI, but I have found this to be too
virtual machines
Lately I’ve been spending more and more time inside virtual machines. Whenever I need to try out a new bit of software, whether it’s a small shell extension, or a giant product like Team System – I tear off a new VM first. I don’t want to junk
security
I’ve recently been struggling with a number of racing sims I bought to use after work hours in our new racing cockpit. I’m a big believer in supporting developers. I’m a developer myself. But digging around for CDs or DVDs is impractical for dedicated gaming rigs, so
regex
I was intrigued by a recent comment from a Microsoft Hotmail developer on the pitfalls they’ve run into while upgrading Hotmail to .NET 2.0: Regular Expressions can be very expensive. Certain (unintended and intended) strings may cause RegExes to exhibit exponential behavior. We’ve taken several hotfixes for
security
In The Humane Interface, the late Jef Raskin asks an intriguing question: why do login dialogs have a “User” field? Shouldn’t login dialogs look more like this? And you know what? He’s right. Your password alone should be enough information for the computer to know who you are.
programming languages
On one of our e-commerce web sites, we needed a unique transaction ID to pass to a third party reporting tool on the checkout pages. We already had a GUID on the page for internal use. And you know how much we love GUIDs! 22da5537-de54-459d-9b33-f40f2101143b A GUID is 128 bits,
security
Marcus Ranum, the inventor of the proxy firewall, brilliantly condenses why many security efforts are doomed from the start: they fall prey to the The Six Dumbest Ideas in Computer Security : 1. Default Permit Also known as “on by default.” This one is huge, and it alone is why the
security
In order to speed up my web browsing experience, I disable Flash in Internet Explorer. I’ve got nothing personal against Flash, mind you, but it’s generally chrome. It’s visually (and sometimes audibly) distracting, and it adds download time to each page view. An image is worth a