Secure Password Storage
Do you use MD5 or SHA1 to store passwords? Think they are secure? Think again. While generic hashing algorithms are certainly better than storing passwords in plain text, it’s still not as secure as it should be. Users place great trust in us to ensure that their credentials will be secure and treated with the utmost respect; it’s our responsibility to live up to these expectations. With the simplicity and speed of these general purpose algorithms, it’s possible to generate hashes looking for collisions (or even the original value) extremely quickly.
Read more…What’s your Code Legacy?
When you move on to your next challenge how will those that inherit your code think of you? Noble or notorious, innovator or insane? This is a question that all developers should ask themselves frequently; though too few ever do. You should always write with the assumption that someday a new developer will take over your code, and they will question every decision and assumption you’ve made. When this happens, what will they think of you?
Read more…bbPress: Is the end near?
I’ve been a fan of bbPress for quite some time; I’ve even contributed code to the project. For those that aren’t familiar with it, bbPress is an open-source forum system written in PHP. It’s fast, lightweight, easy to install and even easier to use. It also scales, quite well. bbPress was originally written to power the support forums WordPress.org, which get quite a bit of traffic. Later, it was released as a separate project.
Read more…Leaving GoDaddy
In December 2002 I made my first purchase from GoDaddy, since then I’ve spent $1,200 with them. Over the years I’ve seen them grow up to be a major force both in the registration and web hosting markets; I’ve also seen them go from lean and efficient to annoying and unfriendly. Once upon a time GoDaddy had the best prices and the best search of any registrar; unfortunately things often change, and not always for the best.
Read more…Cancel GoDaddy’s Domain Privacy
While trying to renew a few domain names recently, I found that cancelling the Privacy service that GoDaddy offers (via Domains By Proxy) is much more difficult than I had expected. The $8.99/year service conceals your name, address, and phone number from the public WHOIS listing. Being concerned about privacy as most people are (or at least should be) it seemed a reasonable option but when multiplied by quite a few domains, it gets rather expensive.
Read more…GetSatisfaction: Is it worth it?
While working on the list of tools and services to write about as part of my Start-up Tools series, Get Satisfaction has been the hardest to decide on. After a lot of reading, I decided against recommending it, though I had to write about it because so many companies have opted to use it. Get Satisfaction is a great concept for the most part – what it boils down to is a specialized forum service for your customers to discuss issues and ideas about your products.
Read more…Start-up Tools: Open Atrium
When it comes to small business project management, Basecamp by 37signals has been the king of the hill for some time. Now though, there is an exciting new player in the field: Open Atrium. It’s a Drupal based open source project management system somewhat like Basecamp, though with many more features. Open Atrium is new on the scene, with beta 1 being released just 4 days ago – though it’s already rather polished and seems to work well.
Read more…Start-up Tools: Microsoft BizSpark
Good developers need good tools, it’s simple as that. If you are building software for Windows, the only real option is Visual Studio. The down side to Visual Studio? The $1,200 starting price tag. While Microsoft is now providing the free Express editions, these are aimed more at hobbyists, not serious developers. Microsoft thankfully is here to help: If your company is less than three years old and has less than $1 million in annual revenue, they have a program to give you all that you need.
Read more…Silverlight 3 Tools Available
It looks like the core Silverlight 3 tools are now available: Microsoft Expression Blend 3 + SketchFlow RC Microsoft® Silverlight™ 3 SDK Microsoft® Silverlight™ 3 Tools for Visual Studio 2008 SP1 Deep Zoom Composer Though the tools needed for development seem to be public, I’ve yet to see the end-user run-time; though I imagine we’ll see that in the release anticipated for tomorrow. Time to have some fun. 🙂 Update: Client run-time is now available.
Read more…Lumix DMC-FZ8 & Infrared
After several months of tests and experiments, I have finally determined something: Infrared with the Lumix DMC-FZ8 just doesn’t work. I’ve been trying to use a R72 Near-Infrared filter to filter out the “normal” light that we see, leaving only the infrared light that I wanted to capture. The FZ8 is sensitive to infrared, as can be easily demonstrated by taking a picture of a TV remote control. What you’ll see is a couple of points of light coming from the remote; these are the infrared lights that are used to transmit commands to the TV.
Read more…
About Me
Security researcher, engineer and software developer with more than 20 years of experience.
Work: I primarily focus on application security, usable security, secure communications, and cryptography. I build and lead strong and dynamic teams, who cover all facets of security and privacy.
Writing: I write about my research, security in general, development and software design, and leadership through my blog, essays, and various publications. I also engage in some creating writing when I can.
Photography: I am a purist fine art photographer, working primarily in black & white, and focused on sharing new perspectives of the world. Limited edition prints of my work are available on my online gallery. I also have a background in photojournalism, and volunteer in this field when I can.