business development django funny future google howto linux politics programming python security tech web2.0 webdesign
@FilmnoirKate Out of Gas is a favorite of mine. Our Mrs Reynolds and Jaynestown are up there too.
Bookmarked via Diigo on Thursday, April 22, 2010 @ 11:06 CDT by Daniel Andrlik
ReadWriteWeb has a great first example of some of the issues with Facebook’s Open Graph implementation. It’s trivial to create a “Like” button for any arbitrary url, and the user has no visual feedback to verify that the button will “Like” what they expect it to. Even worse, while the record of the erroneous “Like” can be deleted from your news feed, it remains connected to your account within the Open Graph API.
Not good.
Bookmarked via Diigo on Wednesday, September 9, 2009 @ 12:11 CDT by Daniel Andrlik
This is an enormous win for OpenID, but it is also a huge risk if anything goes wrong with such a high-profile project. Obviously, it will all depend on the implementation, and if all goes well it will give OpenID the push it needs to increase the number of consumers as opposed to providers, which is a ratio that is sorely lopsided at the moment.
I’m a little sad to see that my preferred OpenID provider, myOpenID from JanRain, Inc., was not included in the approved list of providers for the pilot program. Hopefully, that will be rectified soon, although even if it does not, one of the great things about the OpenID protocol is that delegation means that I can change providers on a whim. 
Bookmarked via Diigo on Friday, August 28, 2009 @ 14:32 CDT by Daniel Andrlik
By masses, of course, they mean companies that can afford the hardware, but this is still a pretty huge development in pushing quantum computing out of the lab and into the real world. The Dutch will get it first, but hopefully it will begin to become common in developed countries with high broadband penetration.
Bookmarked via Diigo on Tuesday, April 7, 2009 @ 12:28 CDT by Daniel Andrlik
sigh
Privacy tools like this have existed for a long time, but this new service from the Pirate Bay will probably go a long way towards popularizing them. I’m conflicted, because I think these types of tools are necessary, that computer users need to learn about them to avoid intrusive surveillance, but I’m uncomfortable with it becoming popularized by its connection to an illegal activity. These tools, and the skills that use them will be essential in the future to avoid unlawful (or at least inappropriate) surveillance and to protect people from the malicious theft of data, but its association with the illegal just provides more fuel for those representing the other side of this digital arms race.
We are heading to a scary place here, and far sooner than I think even the cyberpunks expected it.
Bookmarked via Diigo on Thursday, May 29, 2008 @ 11:17 CDT by Daniel Andrlik
Over Memorial Day weekend, Revision3’s servers were brought down benenath the weight of a Denial of Service attack. The culprit? None other than MediaDefender, an anti-piracy service that specializes in disrupting P2P traffic.
Apparently, MediaDefender was abusing Revision3’s Bittorrent tracker (which they use to distribute legal copies of their own shows), by “injecting a broad array of torrents into [Revision3’s] tracking server.” When Revision3 deauthorized those torrents, MediaDefender’s servers “initiated a flood of SYN packets attempting to reconnect to the files.” Approximately 8,000 packets per second, by Revision3’s logs. MediaDefender claims that this was not an attack aimed at Revision3, but a natural consequence of losing contact with the torrents they had improperly injected into Revision3’s tracking server.
DoS attacks are illegal, and even if this wasn’t a targeted attack, you would think MediaDefender would still be liable for any financial losses Revision3 suffered as a result of the attack, as well as illicit profits MediaDefender earned through the unauthorized use of their server. However, I am not a lawyer. I’m hoping that Revision3 will take action, because this is really just the tip of the iceberg for MediaDefender, and they need to be brought in line.
Bookmarked via Diigo on Thursday, May 15, 2008 @ 08:42 CDT by Daniel Andrlik
Okay, if you still have your box configured to allow remote logins as “root”, then you deserve anything you get. Otherwise, start using strong passphrases (not a password, those are too easy), or if you can swing it with your work flow, use an ssh key rather than a text-based login. It’s less convenient in some ways, but it’s worth your time. Honestly, I’m a little behind here as I’ve intended to switch more of my systems over to private keys for a while now, but on half I still login with a username and a strong passphrase.
Also, while we are at it, just a reminder that security through obscurity doesn’t work in the long run. You can reduce the effectiveness of automated attacks by running ssh on a different port, but don’t think that’s going to be an effective long-range solution. If someone wants in, they will find the ssh port, so it’s up to you to get the rest of your security together.
This all goes for you Apple folks too.
Bookmarked via Diigo on Saturday, April 26, 2008 @ 09:00 CDT by Daniel Andrlik
Google now supports OAuth: Sweet!
Bookmarked via Diigo on Wednesday, April 16, 2008 @ 11:15 CDT by Daniel Andrlik
This is an interesting post by Jeff Atwood on how programmers should handle session expiration in their applications. I particularly like his explanation of why session expiration occurs:
“The HTTP protocol that the web is built on is stateless. That means every individual request your browser sends to a web server is a newborn babe, cruelly born into a world that is utterly and completely oblivious to its existence.”
Bookmarked via Diigo on Saturday, April 12, 2008 @ 07:46 CDT by Daniel Andrlik
OK, this video from 2006 may be a little overblown, but conspiracy theories aside there are some questions worth asking here. Particularly when you consider the connections the author draws between some of Facebook’s investors. We’re not talking just about marketing firms here, we’re talking about CIA and DARPA. It’s a little tin-foil hat, but come on, in a country where something like the Total Information Awareness Project can be proposed by our defense department, anything is possible.
The video is well done so I will forgive the author the constant errors of referring to Facebook as “the Facebook” and asking the audience “do you have a Facebook?”
Bookmarked via Diigo on Wednesday, April 9, 2008 @ 10:07 CDT by Daniel Andrlik
“OAuth Discovery, simply, is an extensible, machine-readable format for identifying OAuth-protected resources and service endpoints. Take a look at the provided example or Ma.gnolia’s actual discovery profile to get an idea for what these documents look like. ”
OAuth = Awesome-sauce
Black Sheep by Metric
Black Sheep by Metric
Home at Last by Trevor Jones
Rain King by Counting Crows
The Town Crotch by Jonathan Coulton
