Posts
-
Why I'm not working on vCard validators
The vCard 3.0 validator is ten years old. The standard has moved on, Python has moved on, and I'd like to think I've learned a thing or two as a developer. But I'm not working on any vCard validators, and probably won't be for the foreseeable future.
-
Mitre10 web site dark patterns
Dear Mitre10
-
If you can't support your users, tell them!
Most free and open source projects these days have plenty of documentation for producing a good bug report. This is really helpful, and we should continue improving our reporting tools and documentation. There's a special warm feeling following the submission of a bug report with exact version numbers (of course the most recent stable), idiot-proof steps to reproduce, anything relevant from /etc, /proc and
env
and maybe even a core dump. Many projects will answer these quickly and either repair the defect or explain where you went wrong in assuming how the program should work. FOSS at its finest, and respect all round. -
Stop asking your students to write command line UIs
How often have you used a UI like this?
-
Insecure Links Highlighter browser extension
Insecure Links Highlighter simply puts a thick red border around insecure links on all websites:
-
How to recover password after shortening
Writing secure software is hard. At the same time, some things are so fundamental that failing to implement them is just inexcusable. One of these is that you must not limit the password length. (At least below some crazy limit like a thousand characters. Long before that your password is no longer the weakest link in even the most secure systems in the world.) Enter my new router, ironically named the Orcon Genius. It's a bog standard consumer router, and like most routers it came with an insecure admin password. I promptly replaced it with a long, generated password, but afterwards I could no longer log in. I suspected a shoddy implementation, so I cobbled together a script to try logging in using every substring of the password. After about half a second it spat out the correct password, verifying that this router only saves the first 15 characters of the password. The script is very simple:
-
These companies work against your freedom
Most companies have never done anything sufficiently evil to deserve going on this list. This list is reserved for companies which have done at least one thing that was so bad they should not be forgiven for it. I will try my very best never to do anything benefiting them economically, and I hope you will too.
-
How broken is Samsung UK support?
This is how broken:
-
The HTTPS-only experience
EFF recently announced that "We're Halfway to Encrypting the Entire Web." As a celebration of this achievement I've started an experiment: as of yesterday, no unencrypted HTTP traffic reaches this machine*.
-
When MFA is not enough
I hope you'll excuse the format of this post. Coffee does strange things to my brain.