|
My first breakout session at the SELA Developer Practice covered the most common attacks against web applications and how to defend against these attacks. When planning this talk, I knew 60 minutes are hardly enough to cover all common vulnerabilities -- especially if I wanted to show any demos -- so I decided to focus on the three most prevalent vulnerability types, according to the OWASP Top 10: Injection (command injection and SQL injection), Broken authentication or session management and Cross-site scripting (and CSRF as a bonus). 6 tips for keeping your web site secure.
|
|
|
|
|
Firefox 20.0 -- and a couple earlier versions I think -- has a nifty little feature of its "Inspector" tool that allows you to view HTML elements as 3D objects. This lets you to graphically see the DOM structure and how elements lay against one another. As soon as the feature appeared I knew what I wanted to do with it, I wanted to use it for something it wasn't intended for: 3D Modeling. When all you have is a browser, everything looks like a building block.
|
|
|
|
|
That is REALLY COOL!
|
|
|
|
|
SceneKit is a high level 3D framework for Mountain Lion1 that was introduced almost a year ago at WWDC 12. It is all Objective-C and integrates with other UI frameworks like Cocoa and Core Animation. This means that you can use normal NSColors, NSImages and CATransform3Ds to configure your 3D scene. It also means that you can easily animate property changes, like for example position or transform, using a regular CAAnimations and addAnimation:forKey:. Sounds amazing? It is. It's sort of like OpenGL, but all native and integrated with Core Animation.
|
|
|
|
|
Systems that respond to user actions quickly (within 100ms) feel more fluid and natural to users than those that take longer. Improvements in Internet connectivity and the rise of warehouse-scale computing systems2 have enabled Web services that provide fluid responsiveness while consulting multi-terabyte datasets spanning thousands of servers; for example, the Google search system updates query results interactively as the user types, predicting the most likely query based on the prefix typed so far, performing the search and showing the results within a few tens of milliseconds. Emerging augmented-reality devices (such as the Google Glass prototype7) will need associated Web services with even greater responsiveness in order to guarantee seamless interactivity. How Google builds for high utilization and responsiveness.
|
|
|
|
|
One of the dreams for security experts is the creation of a quantum internet that allows perfectly secure communication based on the powerful laws of quantum mechanics. The basic idea here is that the act of measuring a quantum object, such as a photon, always changes it. So any attempt to eavesdrop on a quantum message cannot fail to leave telltale signs of snooping that the receiver can detect. That allows anybody to send a “one-time pad” over a quantum network which can then be used for secure communication using conventional classical communication. And now that they've told you, they'll have to kill you.
|
|
|
|
|
Gender equality is still a major issue in the technology industry, but 50 years ago one British company was blazing trails.... The company, originally called Freelance Programmers, was founded in the early 1960s by Stephanie Shirley, a German who had been evacuated to Britain — along with many fellow Jewish children — as part of the kindertransport shortly before the Second World War. Solving the problems of gender and parenting one byte at a time.
|
|
|
|
|
In most orthodox Jewish communities, not only that the men are not dominant in this but actually there are far more women software developers than men!
Never underestimate the difference you can make in the lives of others.
|
|
|
|
|
Worried about your longevity as a worker in the fast-moving tech industry? What you need is some inspiration from John Sloan. Who's John Sloan? He's the man pictured in a photo I used in a recent post on 10 Technology Skills That Will No Longer Help You Get A Job. (See that photo below - or on the iPad in the photo above.) While Sloan may look like a symbol of outdated technology in the older photo, he's actually the polar opposite. An interesting follow-up to 10 Technology Skills That Will No Longer Help You Get A Job.
|
|
|
|
|
Cool article. I especially enjoyed the fact that he graduated from Wright State University in 1976, as I graduated from there in 1984.
I can attest to what he says is true: professional development and skills maintenance is up to you, and largely you alone. I've done it by encouraging my employer to use technologies that were interesting and appropriate to the task at hand. I've also expanded my horizons through outside consulting. You can't really learn a new technology without have a genuine problem to solve.
Software Zen: delete this;
|
|
|
|
|
I may maintain that the fact that Microsoft has sold 100 million Windows 8 licenses in six months doesn’t mean much. But that doesn’t mean that Windows sales figures aren’t interesting. In fact, Microsoft’s news moved me to rummage around in Google Books, Microsoft’s press site and elsewhere for past sales data for various major editions of Windows dating back to version 1.0, which debuted in November 1985. That's a lot of Windows to open.
|
|
|
|
|
Image.
It seems Exchange Online is not working. I just got a rejection notice when I tried to send myself an email, then checked the service health and noticed this.
|
|
|
|
|
Update: Microsoft O365 Service Operations has implemented a potential fix for the issue with the Global Locator Service for Exchange Online. Some users may experience issues signing in. This only affects users on Exchange 15. We will provide further information as it becomes available.
I'm getting emails again, so I guess their potential fix worked.
|
|
|
|
|
Do you need to monitor your Linux server’s performance? Most Linux distributions come equipped with many built-in monitoring tools. These tools allow you to retrieve information about system activities, and can be used to find possible causes for your server’s performance issues. The commands discussed in this article are some of the most basic commands when it comes to system analysis and debugging server issues, such as discovering disk, CPU, memory and network bottlenecks. sudo what's going on with my servers?
|
|
|
|
|
This article appears to have been pulled offline. I'll check back later to see if there's an updated link.
Director of Content Development, The Code Project
|
|
|
|
|
You spent an entire weekend building a library, jQuery plugin, build tool, or other great piece of code you wanted to share far and wide, but after some tweets and a failed attempt to make the front page of Hacker News, your creation languished, unloved, in a GitHub repo. A common situation for many developers nowadays, but one you can avoid. Pro tip: write about it here on CodeProject!
|
|
|
|
|
Microsoft PowerShell MVP, Chad Miller shares his top ten tips for the SQL Server Windows PowerShell scripter. Useful tip: Don't use Windows PowerShell for everything.
|
|
|
|
|
All programs need some form of logging built in to them, so we can observe what it is doing. This is especially important when things go wrong. One of the differences between a great programmer and a bad programmer is that a great programmer adds logging and tools that make it easy to debug the program when things fail. When the program works as expected, there is often no difference in the quality of the logging. However, as soon as the program fails, or you get the wrong result, you can almost immediately tell the good programmers from the bad. How do you write code to simplify debugging?
|
|
|
|
|
JavaScript is a bubble. Just like the housing bubble. Just like the .COM bubble. And just like any bubble, the JavaScript bubble is bound to pop. Sure, JavaScript is everywhere. It appears to be growing at a rapid pace. But I’m willing to bet that we are getting close to a complete reversal that will throw JavaScript down from its throne, shattering its JQuery scepter with it. JavaScript is bad, so let's rewrite everything in something else. Then we'll go after PHP.
|
|
|
|
|
Quote: Yet, at the same time so many developers get up in the morning, fire up their IDE—or excuse me, lightweight text editor which has 50 plugins installed to give the capabilities of an IDE, but is not an IDE—and write JavaScript code. Why do they do it, unless they think JavaScript really is awesome?
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
When you think of mobile games, you probably think of titles like Angry Birds, Temple Run or Fruit Ninja — not the sort of micromanaging strategy games for which Sid Meier is best known. And yet the creator of the hit Civilization franchise and his company, Firaxis Games (owned by Take-Two Interactive), are moving more troops into mobile after testing the waters with ported games like Pirates! and Civilization Revolution. Rather than just producing, Meier himself was one of three programmers on a new mobile-first Firaxis game, Ace Patrol. Mobile is best suited for a game that’s played at the player’s pace.
|
|
|
|
|
We suggest a simple method for improving the security of hashed passwords: the maintenance of additional honeywords (false passwords) associated with each user's account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the honeychecker) can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted. Passwords are a notoriously weak authentication method. Fake passwords are better?
|
|
|
|
|
Once upon a time, teachers lacked the tools to excite and engage pupils in engineering. And the technological know-how required to put together a juddering robot limited the audience to high-school and university students. That all changed in 1998 when Lego launched its first wave of programmable bots. By the second wave, in 2006, the programming language had become visual and kids could make bots do pretty much anything simply by stringing directives together on a computer. “Today a second grader can make her own wall-avoiding triceratops in 20 minutes,” says Chris Rogers, a professor of mechanical engineering at Tufts University. Go find a Mindstorms education catalog and prepare to have your mind blown.
|
|
|
|
|
Back in the year 1999 Microsoft released it's then brand new and up-to-date browser Internet Explorer 5. How much did happen in the last 14 years regarding web technologies and development? Would it still be possible to use this browser? Let's find out! The web of 2013 through the eyes of a 14 year old browser.
|
|
|
|
|
No surprise there, that Google is the only one that looks correct.
.-.
|o,o|
,| _\=/_ .-""-.
||/_/_\_\ /[] _ _\
|_/|(_)|\\ _|_o_LII|_
\._. |\_/|"` |_| ==== |_|
|_|_| ||" || ||
|-|-| ||LI o ||
|_|_| ||'----'||
/_/ \_\ /__| |__\
|
|
|
|