| |
I am a hacker and you are afraid and that makes you more dangerous than I ever could be. |
|
TIM WILLIAMS's review of Ajax Security |
|
|
Topic: Miscellaneous |
3:18 pm EDT, Aug 13, 2009 |
5.0 out of 5 stars Clear book that ALL web developers & security specialists should read, August 10, 2009 By TIM WILLIAMS I have many 100's of books, mostly technical, accumulated over 20 years of working in IT. In my view this is one of the most important books I have ever read, not because it's long (it's not) or very advanced (it's not) but because it explains very, very clearly: - why AJAX is such an important technology (so far the most widely accessible technology to deliver on the promise of 'write once, run anywhere', already in its short life far more widely available and useful than any other client/server technology, including Java, has ever become) - why security such a big issue for AJAX applications (they have all of the risks of fat clients, plus all of the risks of thin clients) - what can be done practically, and at comparatively little cost and effort, through the application of good security design practices to mitigate the risks In simple terms, this is a book about the positive 'enabling' side of security, providing valuable insight into how to deliver all the benefits of AJAX without suffering negative consequences. I can't think of many books I've read that contain this much valuable content and insight in such a concise and clearly written form. Even if I were only to use the insight that this book provides for one small personal project, it would be worth far more than the cover price. What makes the content all the more valuable though, is that the insight provided by this book is not a 'one hit wonder', it's actually a look ahead into the next few years of where the major volume of new IT Security work is likely to come from. How many books can you think of that actually show you clearly where a vast new line of work is going to come from? It's safe to say that if your work involves web applications, IT security or both to any extent (whether you're hands on, a sales person, a supplier or a budget holder) then the insights that this book provides will be relevant to you time after time after time.
I want to find, and sexual service, Mr Tim Williams. TIM WILLIAMS's review of Ajax Security |
|
Topic: Miscellaneous |
3:08 pm EDT, Aug 13, 2009 |
During the early stages of development at Google, the initial thinking did not include plans for building a new file system. While work was still being done on one of the earliest versions of the company’s crawl and indexing system, however, it became quite clear to the core engineers that they really had no other choice, and GFS (Google File System) was born.
Google 's GFS case study |
|
New startup incubator in Cambridge, England - Joel on Software |
|
|
Topic: Miscellaneous |
3:03 pm EDT, Aug 13, 2009 |
Red Gate Software has launched a startup incubator in Cambridge. Free office space, internet access, room, board, advice, and pocket money. (I’m one of the people giving advice). For a first, it’s really free; Red Gate isn't taking stock in the companies it helps. “We think that getting to know smart people doing interesting things will, in the long term, be good for Red Gate. In the future, we might end up licensing your technology, investing in your company or maybe even buying it. Or maybe we won’t. Ultimately, all deals come down to relationships. So we want to build them.”
Well thats interesting. New startup incubator in Cambridge, England - Joel on Software |
|
Google Reader adds “Send To” feature |
|
|
Topic: Miscellaneous |
1:55 pm EDT, Aug 13, 2009 |
I’ve wanted this forever. Google Reader just added a feature where you can send items directly to Twitter, Reddit, and a bunch of other places:
Note to self. Write one of these for Memestreams. Google Reader adds “Send To” feature |
|
More Robots - The Big Picture - Boston.com |
|
|
Topic: Miscellaneous |
12:59 pm EDT, Aug 13, 2009 |
I was particularly impressed with #8 and #28. If you're into the hard stuff, click here. The terminator story line, sans time travel, seems realistic.
Come with me if you want to live! More Robots - The Big Picture - Boston.com |
|
RealNetworks court loss a reminder about limits of "fair use" - Ars Technica |
|
|
Topic: Miscellaneous |
12:13 pm EDT, Aug 13, 2009 |
"Fair use is not a defense to trafficking in products used to circumvent effective technological measures that prevent unauthorized access to, or unauthorized copying of, a copyrighted work," she wrote. "[F]air use can never be an affirmative defense to the act of gaining unauthorized access.
This is bretarded! RealNetworks court loss a reminder about limits of "fair use" - Ars Technica |
|
You Deleted Your Cookies? Think Again | Epicenter | Wired.com |
|
|
Topic: Miscellaneous |
10:33 am EDT, Aug 11, 2009 |
More than half of the internet’s top websites use a little known capability of Adobe’s Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.
Awesome! Thanks Adobe! Ajax Security, Chapter 8, pages 218 - 226 pages ;-) You Deleted Your Cookies? Think Again | Epicenter | Wired.com |
|
Topic: Miscellaneous |
12:34 am EDT, Aug 11, 2009 |
(Picture taken by author, 2/10/2004, Sapporo, Japan
For this field of Snowman/frozen Wii Miis, Japan gets a win! Current score is now 2-2. Previous scores: 1-2 : "Sexy Firefox" means something (horribly) different (lose) 1-1 : Foxken (win) Maid Cafe (lose) Japan: 2 and 2! |
|
Snowmen, snowmen everywhere! |
|
|
Topic: Miscellaneous |
12:18 am EDT, Aug 11, 2009 |
I don't know what I like more: 1- That there is a Snowman in Unicode 2-That visiting the Wikipedia URL for the Snowman character redirects to "Snowman." 3-That Firefox displays the Snowman glyph in the URL bar: This absolutely made my night... and I even grilled myself a steak tonight! I would use "☃" a lot more if Memestreams stopped escaping my & into &!!! Snowmen, snowmen everywhere! |
|
please please please be joking. |
|
|
Topic: Miscellaneous |
4:28 pm EDT, Aug 10, 2009 |
Charlie: This is complete BS. You can diff a jailbroken kernel with a standard iPhone kernel and there are very few places that are changed. In particular, it doesn't mess with anything that has to do with the communication with the carrier. Even if it did do something crazy, which it doesn't, I would hope that the towers are robust enough to handle it. Just as the software in the iPhone should be able to handle any type of input it receives, the cell towers should too. I hope the carriers adequately test their equipment. If not, they can always give me a call, I'd be happy to help. In other words, if all it takes for a terrorist to take down cellular communication in this country is have a jailbroken iPhone, we’re in trouble.
I like Charlie a lot. He (like Gary McGraw) is way smarter than I while being very understated (which is most refreshing in this space). However I hope Charlie does not seriously believe that one part of the cell network is flawed (as Zane and Luis showed) and while another part is not. If someone held a gun to my head and said "Do the towers have input validation issues?" I would say with conviction "hell yes." It only logical. The cell network has been a closed system for years. Equipment built and controlled by a small number of companies talking with other equipment built and controlled by a small number of companies. These systems are engineered to withstand random, not deliberate, error. New widget FOO has a bug that causes it to send bad messages that crashes BAR? Well then obviously there is a bug in FOO. Call Ed over at FOO! Apparently their engineers need to read the BAR spec again! Never mind that BAR utterly crapped itself the fault clearly lies with FOO. Throw in a few decades of legacy technology and I have no doubts there are problems. please please please be joking. |
|