md5 collisions save latin.
More removing code...OpenBSD removes loadable kernel modules
DNS firewall explained pic.twitter.com/zwjfXRICOB— Jan-Piet Mens (@jpmens) November 5, 2014
One wireless hotspot for every 150 people - I still think that if there is any money for "Internet infrastrucutre" that some of it should be spent on things like dd-wrt. Wireless routers must be one of the most insecure devices in existence.
gantlt is very cool stuff (so is Gene Kim's desire to see DevOps and security work together)
The collision attack used to hijack Microsoft's Windows Update has gone mainstream, showing just how broken MD5 is: http://t.co/Un8N60czHm— Dan Goodin (@dangoodin001) November 4, 2014
That took a while.
“Some of the highlights of this release are: SSL verification is now enabled by default for Chef.” https://t.co/rNzcHBe5L5— Ben Hughes (@benjammingh) November 4, 2014
After going to enough developer and #DevOps non-security conferences now... The contrasts w/ security demographic are stark— Joshua Corman (@joshcorman) November 5, 2014
two-factor for Ruby on Rails - From back in May, but two factor all the things anyways
BlackEnergy Malware Plug-Ins Leave Trail of Destruction - I dunno, maybe I should try writing cyberthrillers
Three weeks ago, a report from iSIGHT Partners linked BlackEnergy to a Russian espionage campaign using the malware to exploit a Windows zero-day vulnerability in order to steal from government agencies, defense and energy firms, NATO, and telecommunications providers.
Like a cookie, this header uniquely identifies users to the websites they visit. Verizon adds the header at the network level, between the user's device and the servers with which the user interacts. Unlike a cookie, the header is tied to a data plan, so anyone who browses the web through a hotspot, or shares a computer that uses cellular data, gets the same X-UIDH header as everyone else using that hotspot or computer. That means advertisers may build a profile that reveals private browsing activity to coworkers, friends, or family through targeted advertising.
Brilliant pic.twitter.com/WnBcPEANpL— Andrew Panda Blake (@apblake) November 3, 2014
A homomorphic encryption scheme is a crypto system that allows computations to be performed on data without decrypting it. A homomorphically encrypted search engine, for instance, could take in encrypted search terms and compare them with an encrypted index of the web. Or a homomorphically encrypted financial database stored in the cloud would allow users to ask how much money an employee earned in the second quarter of 2013. But it would accept an encrypted employee name and output an encrypted answer, avoiding the privacy problems that usually plague online services that deal with such sensitive data.
I saved latin
@kellabyte C is like Latin. Important for the access to great historical works it gives you, but not practical for most modern applications.— Tom Dale (@tomdale) November 4, 2014
Then what's clojure?
OH: "4chan is to reddit as ruby is to go"— chill drogo (@moonpolysoft) November 5, 2014
We should focus on easy integration, smooth upgrades, improved scalability and manageability and try to alleviate a lot of the cross-project dependencies that have arisen over the past year...we want to echo what Dr. Stefan Lenz from BMW said in his Summit keynote this morning: to continue this success, we as a community have to get back to the basics and focus on the core platform what makes OpenStack valuable to businesses, universities and other organizations.
Sounds a lot like Docker, but I welcome more container technologies
Siebel Systems, the most epic 1990s software company, hit a billion dollars in revenue seven years after it was founded. That’s nuts. Salesforce.com, our era’s equivalent legendary tale, took 10 years — and that’s with massive losses along the way. ... while the next generation of companies is very exciting, most upstarts and IPOs aren’t nearly as profitable as their predecessors. ...in the new world, your competitors are only an electronic signature, a DNS change or an API call away.
For some reason I find this really funny.
"No matter how bad your day is, at least you are not stuck in a fence with a cow laughing at you." - Dawn pic.twitter.com/Lne8SYizuK— Brian Marick (@marick) November 4, 2014
Skill shortage debate - Hire smart, creative people, who can learn and let them work into the jobby job
You don't see the "best available athlete" mentality, Cashman laments, referring to the professional sports strategy of signing the best player available rather than hiring a lesser player to fill a specific position. Hire a smart, creative person who's eager to learn, and train that person on the rest, she advises clients, before the other valuable people on your team walk out or you blow the business deadline.
Applications in the Cloud world - Lots of good points
- Do not design for cross cloud portability — this is an useless attempt