Please enter your username below and press the send button.A password reset link will be sent to you.
If you are unable to access the email address originally associated with your Delicious account, we recommend creating a new account.
This link recently saved by infovore on October 26, 2010
"The point is that making one-click tools that force the entire web to play catchup, whilst putting people at risk, just isn’t a sensible way of talking about security. There’s a reason we (most of us, anyway) don’t secure our houses with turret guns and dogs, and that’s because most of the time, a lock and key is good enough. We want just enough security to feel safe at night, and not to cause us too much hassle. And that’s why this tool makes me sad. Because it’s a symbol of an arms race – a fight to the death over unimportant things, when really, I’d rather not have to remember to lock my windows at night." Yes.
This link recently saved by infovore on February 26, 2010
This link recently saved by infovore on September 26, 2009
"...we roped in Nate McFeters, another local, and put together a security talk for indie Mac developers with no budget for security. What does a security talk for Mac developers look like? As it turns out, it’s very much like the talk we think every indie developer, Mac or not, should see, and it’s very much unlike the talk the rest of the security industry is giving." Good stuff: simple, clear, well-thought out, and very hard to argue with.
This link recently saved by infovore on September 23, 2009
"Lose/Lose is a simple vertical-scrolling shoot'em up with a twist -- each alien appearing on your screen represents a random file on your computer. Thus, each time you kill an alien, the game will delete that sprite's associated file. If the aliens manage to destroy your ship, the Lose/Lose application is deleted." Way to make a point, but, you know, *blimey*.
This link recently saved by infovore on April 06, 2009
This is not good. And the worst part: "Hundreds of public bodies and quangos, including local councils, will also be able to access the data to investigate flytipping and other less serious crimes." It's not the police having this that's the big worry; it's the incompetent lower echelons of civil service. who shouldn't need this.
This link recently saved by infovore on March 29, 2009
"in other words: Please ensure that there is absolutely no way for your customer to know whether we are showing the form or you are. In fact, please train your customer to give their “Verified by Visa” password to anyone who asks for it." Eesh. I knew I never licked VBV, but this just proves, accutely, *why* I don't like it.
This link recently saved by infovore on March 15, 2009
"The web is about sharing ... and people will share with the tools they’re given. If username and password are front and centre, then they’re the tools people will use. There’s so much usability dogma about reducing the sign-up process and throwing people into use that important details – such as explaining what all the cogs and levers do – are forgotten, or assumed as knowledge." This is excellent, and all true, and I do not know how to solve this. But Chris' comments - that this is not stupid, this is how people are - are all spot on.
This link recently saved by infovore on March 03, 2009
This link recently saved by infovore on January 25, 2009
"This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack." Pretty comprehensive, and some clear guidelines if, like me, you're unsure where to start when protecting against XSS.
This link recently saved by infovore on January 14, 2009
"So we’ve progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that’s encrypted– really more just obfuscated– to an executable that doesn’t even run as an executable. It runs merely as a series of threads." Fascinating interview with a smart guy, who at one point in his life, did some bad (if not entirely unethical) work.