
Did you know somebody else could steal your domain name? Even if you’ve properly secured your site and gotten the right security certificates, it’s still possible some people get to the wrong […]
Did you know somebody else could steal your domain name? Even if you’ve properly secured your site and gotten the right security certificates, it’s still possible some people get to the wrong […]
How do we write software that survives in a world of malware? Is it just a matter of writing safer code or do some of our core assumptions need to be modified? […]
Microsoft has played a significant role in the damage of the WannaCry ransomware. Certainly the proximate cause lies with the malware’s authors, and they should be held accountable. The complacent NSA is […]
Ad-block users are finding an increasing number of sites blocking access. I wonder if any of them asked themselves why we block ads? Do they suppose we’re anti-capitalist scum fundamentally opposed to […]
The idea that one can give up privacy in exchange for security is misguided and dangerous. It’s a cliché peddled by politicians who either just don’t understand or are intentionally misleading the […]
I recently implemented Etag caching support only to learn its a privacy breach. Internet scum have coopted yet another technology to track us as we browse. In this article I’ll look briefly […]
A patchwork set of standards and rules is creating an unsafe web. Cross-site attacks are too common and privacy leaks have become the norm. There’s no reason it has to be like […]
My fancy new website is broken due to a script blocking extension. I found this out when I showed a friend the Radial Blitz website. He complained that something was lacking. He […]
Opening a REST service for browser use requires CORS. Browsers have a very strict cross-domain policy that will either block the request, or just block access to the returned content. If you […]
OAuth authentication is not safe. This is the baseline from which all applications should be working. There is a place for social login, but it should be a very restricted domain. It […]
Storing user credentials is one of the key roadblocks in creating a sessionless web application. Somehow you need to safely identify the user without storing data on the server nor allowing tampering […]