|
Another "C for Dummies" statement where a little obfuscation is just as good as elucidation.
Peter Wasser
Art is making something out of nothing and selling it.
Frank Zappa
|
|
|
|
|
Even though I knew malware was wrong, and not to be encouraged, I had a sneaking regard for the graphical payloads some of the virus writers were building into their creations. I recognised that this *was* a form of art. And there was art in the malware’s code as well. Virus writers would often spend months, tweaking their code, using innovative new techniques in an attempt to make it undetectable by anti-virus products. I didn’t agree with what they were doing, but had to admire the coding skill deployed by some of them. Like much modern art, you didn’t necessarily have to like it to acknowledge the skills used to produce it. But then things started to change. Malware got commercial.
|
|
|
|
|
You’re putting up a new app and need to sign in users, so you use whatever’s popular with the package you’re using: On Rails, typically Devise, on NodeJS Drywall or Passport, on PHP Usercake, and so on. These things will take care of storing and checking usernames and passwords for you. But storing and checking passwords is a bad thing to do. Why? There are too many passwords. By playing the yet-another-password game, you’re decreasing the security of the whole Internet.
|
|
|
|
|
I am a little hypocritical when it comes to Federation. Like a lot of the commenters on that article I will more often than not refuse to use a federated login when signing up for websites. If the only way in is through FaceBook or Google then I'm not signing up for your site.
However, here's where the hypocrisy comes in, I'm working on a website for my own fun and because I'm lazy and don't want to deal with passwords and security right out of the gate, I'll probably make the only registration options go through Google/Facebook/Twitter. Eventually I'll probably roll my own, but initially I'd rather spend my time coding the core of the site, not registration.
|
|
|
|
|
When you think about people who have made an impact in the JavaScript community, I think most people would immediately think of Brendan Eich, Douglas Crockford or John Resig. And rightfully so, as their contributions have unquestionably impacted JavaScript as we know it. There's another person who I feel has made a profound difference in the way that JavaScript is viewed and has done as much as anyone to bring organization and structure to the JS community. And that's Chris Williams, the founder and organizer of JSConf. From JavaScript to robots (he's launching RobotsConf this year), based on a love for hacking.
|
|
|
|
|
My purpose in this post is to introduce WebGL for those, like myself, who may be new to the technology. The short version is that WebGL brings a 3D graphics API (designed to be very similar to OpenGL) to the HTML5 Canvas element. So if you've followed my series on getting started with HTML5 Canvas, you're already aware that Canvas natively includes only a 2D drawing context. And while it was possible to play some tricks and get pseudo-3D in Canvas, it wasn't real 3D. WebGL changes all that. Lights! Camera! Render the DOM!
|
|
|
|
|
The HTTPS cryptographic scheme, which protects millions of websites, is susceptible to a new attack that allows hackers to pluck e-mail addresses and certain types of security credentials out of encrypted pages, often in as little as 30 seconds. The technique, scheduled to be demonstrated Thursday at the Black Hat security conference in Las Vegas, decodes encrypted data that online banks and e-commerce sites send in responses that are protected by the widely used transport layer security (TLS) and secure sockets layer (SSL) protocols. I'm a little tired, little wired, and I think I deserve a little appreciation!
|
|
|
|
|
Terrence Dorsey wrote: I'm a little tired, little wired, and I think I deserve a little appreciation!
Gone in 60 Seconds.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Researchers have figured out how to leverage the reach of online advertising networks to distribute javascript of their choosing, creating the equivalent of a botnet of ad impressions capable of crashing underlying webservers or distributing malware on a massive scale for pennies on the dollar. Jeremiah Grossman and Matt Johansen of White Hat Security presented their research today at Black Hat USA 2013, research that did not include a zero-day vulnerability or exploit. All they had to do was buy an ad. This is a limited time offer. Hackers are standing by...
|
|
|
|
|
This news couldn't wait for the Black Hat conference happening now in Las Vegas. We reported in June that Georgia Tech researchers had created a charging station that could pwn any iOS device. The full presentation revealed precise details on how they managed it. I'm never plugging my iPhone charger into a USB port in a hotel desk again. Your best defense against hackers: a dead battery.
|
|
|
|
|
During a Formula 1 race, a car sends hundreds of millions of data points to its garage for real-time analysis and feedback. So why not use this detailed and rigorous data system elsewhere, like... at children’s hospitals? Peter van Manen [Managing Director of McLaren Electronics] tells us more. Applying intelligence and observation to the situation...
|
|
|
|
|
One of the biggest new features in Hyper-V is the introduction of Generation 2 VMs. Generation 2 VMs add capabilities that were previously unavailable on Hyper-V VMs, such as support for SCSI boot and Pre-Boot eXecution Environment (PXE) boot. Also, because Generation 2 VMs use Unified Extensible Firmware Interface (UEFI) instead of BIOS, they're able to perform secure boots from GUID Partition Table (GPT) disks. Real improvements for virtual machines.
|
|
|
|
|
|
|
|
I am Tugdual Grall, most of the people call me Tug. I am Technical Evangelist at Couchbase. I live close to Nantes in France. When I am not traveling I am working from home or from a local co-working space.... As a Couchbase Technical Evangelist, I do many different things with a very simple goal: be sure that developers understand the benefits of NoSQL databases (Couchbase in particular) and help them to use it in their project. We talk to Tugdual Grall, a developer and evangelist working on the Couchbase NoSQL database team.
|
|
|
|
|
SQL injection is a particularly interesting risk for a few different reasons... It remains number one on the OWASP Top 10 for a very good reason – it’s common, it’s very easy to exploit and the impact of doing so is severe. One little injection risk in one little feature is often all it takes to disclose every piece of data in the whole system – and I’m going to show you how to do this yourself using a raft of different techniques. We need reminders like this because there's still way too much SQL injection happening.
|
|
|
|
|
Terrence Dorsey wrote: We need reminders like this because there's still way too much SQL injection happening
Sadly, many people who need to be "reminded" are not the types who read industry news.
|
|
|
|
|
AspDotNetDev wrote: Sadly, many most people who need to be "reminded" are not the types who read industry
news.
FTFY
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Bad luck. I wanted to test that with the "famous" Alcatraz trips website (https://www.alcatraztrips.com/Confirmation.asp?order=1234[^]), but it looks like they updated it a little (you can still query information on any order without login, but all attempts showed "Bad order number" or a simple 500 page without information).
|
|
|
|
|
Ever wanted an excuse to learn Arduino, but don’t want to learn C/C++? Don’t worry. I’ve got you covered. I’ve published three articles on the Safari Books Online blog that show you how to take your existing JavaScript skillz and turn them in to a powerful force of hardware and blinking LED lights … and you’ll build yourself a #BBQDuino, too! And, I might be writing a book, too (skip to the end for more info on that)! 3 Arduino programming tutorials... and maybe an ebook if you like what you see here.
|
|
|
|
|
Sometimes it’s overkill to use a web framework if you only need to develop a very simple REST API. It turns out that Nginx can be used to develop a full fledged REST API and PostgreSQL can easily be used for persistence. In this blog post I’m going to show you how to create a simple CRUD API for articles. (Almost) no programming required.
|
|
|
|
|
What the hell is fifth normal form and why do we want it? Well, it deals with cases where we can avoid redundancy when information can be reconstructed from smaller bits of information and ... and ... and ... OK, so that's not helping. In fact, the vast majority of explanations on the Web aren't helping, so I'll explain how to fake database normalization. I'll even avoid big words. For those of you who know nothing about databases, this will help you tremendously. For those of you who know databases, try not to throw your coffee mug at the screen. Your database is not an Excel spreadsheet and other lessons in data table design.
|
|
|
|
|
So, this weekend I've started working on a simple, Arduino-based Inertial Navigation System. Using accelerometers and gyroscopes it is possible to calculate the traveled distance and the direction, from a known startpoint. The main problem of this method is that to get these distances, you have to perform integrations of the accelerations. Integration means that also every little error in measurement will be integrated, so they add up over time and the accuracy gets worse and worse. Therefore you need very good sensors and smart algorithms, being the reason why professional systems are expensive. And yet, we went to the moon with even less sophisticated technology.
|
|
|
|
|
When Intel and Apple released Thunderbolt, hallelujahs from the Apple choir were heard. Since very little in any of Apple’s hardware lineup is upgradeable, an external video card is the best of all possible world. Unfortunately, Intel doesn’t seem to be taking kindly to the idea of external GPUs. That hasn’t stopped a few creative people like Larry Gadea from figuring it out on their own. Right now he’s running a GTX 570 through the Thunderbolt port of his MacBook Air, and displaying everything on the internal LCD. A dream come true. For our next trick: using an entire PC as a peripheral for my phone. Oh, wait...
|
|
|
|