I’m getting ready to spin up a few new web development projects. I think I want to do them on Ruby On Rails. That means getting a good RoR development environment installed on Finrod. About 5 levels of yak-shaving later… it looks like I should install RVM so I can get the version of Ruby I […]
Tag Archives: security
Microsoft Continues Their War Against Uptime
One of the things we’ve heard about Windows 10 is that it’s “the last windows version”, and from here on out, there’ll just be patches, incremental updates, and maybe the occasional service pack. So, in some ways, it’s sort of like Chrome’s habit of silently upgrading itself with no muss and no fuss. Except for one problem: Microsoft […]
Commandments For Handling Passwords
If you’re taking passwords from users, here are some commandments you need to follow: Don’t Impose a Maximum Length Limit This is one of the most critical. One of the best things anyone can do to make their password — or pass phrase — more secure is to make it longer. Increasing the number of characters means an […]
A Cute Motto Can’t Make Up For Evil Actions
I recognize that Google’s motto is not (the oft-misquoted) “Do no evil”. It’s the much easier-to-achieve mandate of “Don’t be evil”. But even that very low bar is one Google doesn’t seem to be hitting any more, and they don’t seem interested in trying to. The latest “Google being evil” story, where it turns out they’ve […]
Easy Restarts Are a Security Feature
The more stuff you have open (or habitually leave open) in an application, the more it becomes part of your consciousness, an extension of your mind. For many of us, the question “What are you doing right now?” could best be answered by, “Here’s a list of the tabs I have open in my web browser.” […]
Palm Is Lying, Not Just Spying
So, Palm was recently caught spying on its users. Major kudos, by the way, to Joey Hess, who initially broke this story. For those who haven’t kept up, various other news outlets and blogs have also been reporting on it. Palm’s response to this problem is a single paragraph of corporate PR-speak: Palm takes privacy […]
Launching SSHblock
My latest software project is now available… where “latest” means “the latest thing I’ve launched, even if I actually wrote it over a year ago.” The story is simple: I was tired of seeing “failed password” messages from sshd cluttering up my logs. I was also annoyed at the constant flow of dictionary attacks, even […]
McAfee: Failing at Security Since 2005
Back in 2005, I was a “geek for hire” and did a lot of general troubleshooting for end-users. Including malware removal and general PC tune-ups. One client wanted me to install some software, including McAfee’s main end-user product at the time — I don’t recall the name. I do recall, however, that my head nearly exploded […]