Dan Q

Month: May 2017

Let them paste passwords

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Anti-copy/paste Javascript code, on a wall.

One of the things people often tweet to us @ncsc are examples of websites which prevent you pasting in a password. Why do websites do this? The debate has raged – with most commentators raging how annoying it is.

So why do organisations do this? Often no reason is given, but when one is, that reason is ‘security’. The NCSC don’t think the reasons add up. We think that stopping password pasting (or SPP) is a bad thing that reduces security. We think customers should be allowed to paste their passwords into forms, and that it improves security…

Repost posted at UTC on .

No comments

AMP: breaking news

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Google has made much of their Accelerated Mobile Pages project as a solution to bloated websites and frustrated users. But could AMP actually be bad news for the web, bad news for news, and part of a trend of news distribution that is bad for society in general?

I didn’t start out as strongly anti-AMP. Providing tools for making websites faster is always great, as is supporting users in developing countries with lighter-weight pages that don’t cost them a month’s wages. It’s totally true that today webpages are in a pretty sorry state…

Repost posted at UTC on .

No comments

Tory MP ‘told schoolgirl to “f*** off back to Scotland” when she said she’d vote for independence’ | The Independent

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

James Heappey MP

A Tory MP told a girl to “f*** off back to Scotland” when she said she’d vote for independence if a second referendum was triggered.

James Heappey’s outburst came as he addressed sixth-formers at the £12,000-a-year Millfield School in Somerset…

Repost posted at UTC on .

No comments

What an RAF pilot can teach us about being safe on the road

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

“Sorry mate, I didn’t see you”. Is a catchphrase used by drivers up and down the country. Is this a driver being careless and dangerous or did the driver genuinely not see you?

According to a report by John Sullivan of the RAF, the answer may have important repercussions for the way we train drivers and how as cyclists we stay safe on the roads.

John Sullivan is a Royal Air Force pilot with over 4,000 flight hours in his career, and a keen cyclist. He is a crash investigator and has contributed to multiple reports. Fighter pilots have to cope with speeds of over 1000 mph. Any crashes are closely analysed to extract lessons that can be of use…

Repost posted at UTC on .

No comments

A Story of Slavery in Modern America

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The ashes filled a black plastic box about the size of a toaster. It weighed three and a half pounds. I put it in a canvas tote bag and packed it in my suitcase this past July for the transpacific flight to Manila. From there I would travel by car to a rural village. When I arrived, I would hand over all that was left of the woman who had spent 56 years as a slave in my family’s household.

Her name was Eudocia Tomas Pulido. We called her Lola. She was 4 foot 11, with mocha-brown skin and almond eyes that I can still see looking into mine—my first memory. She was 18 years old when my grandfather gave her to my mother as a gift, and when my family moved to the United States, we brought her with us…

Repost posted at UTC on .

No comments

What Happens When You Mix Java with a 1960 IBM Mainframe

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

IBM Mainframe

As an engineer for the U.S. Digital ServiceMarianne Bellotti has encountered vintage mainframes that are still being used in production — sometimes even powering web apps. Last month she entertained a San Francisco audience with tales about some of them, in a talk called “7074 says Hello World,” at Joyent’s “Systems We Love” conference.

Created under the Obama administration, The U.S. Digital Service was designed as a start-up-styled consultancy to help government agencies modernize their IT operations, drawing engineering talent from Google, Facebook and other web-scale companies.

Or, as President Obama put it last March, it’s “a SWAT team — a world-class technology office.”

So it was fascinating to hear Bellotti tell stories about some of the older gear still running, and the sometimes unusual ways it was paired with more contemporary technology…

Repost posted at UTC on .

No comments

Rails is f*cking boring! I love it.

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Together with a friend I recently built Dropshare Cloud. We offer online storage for the file and screenshot sharing app Dropshare for macOS/iOS. After trying out Django for getting started (we both had some experience using Django) I decided to rewrite the codebase in Rails. My past experience developing in Rails made the process quick — and boring…

Repost posted at UTC on .

No comments

A Russian Slot Machine Hack Is Costing Casinos Big Time

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Slot machine.

In early June 2014, accountants at the Lumiere Place Casino in St. Louis noticed that several of their slot machines had—just for a couple of days—gone haywire. The government-approved software that powers such machines gives the house a fixed mathematical edge, so that casinos can be certain of how much they’ll earn over the long haul—say, 7.129 cents for every dollar played. But on June 2 and 3, a number of Lumiere’s machines had spit out far more money than they’d consumed, despite not awarding any major jackpots, an aberration known in industry parlance as a negative hold. Since code isn’t prone to sudden fits of madness, the only plausible explanation was that someone was cheating…

Repost posted at UTC on .

No comments

Defeating Quantum Algorithms with Hash Functions

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

In this post I’ll explain why quantum computers are useless to find hash function collisions, and how we can leverage this powerlessness to build post-quantum signature schemes. I’ll then describe a quantum computing model that you can try at home, and  one where hash function collisions are easy to find…

Repost posted at UTC on .

No comments

TLS 1.3 FTW

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

In common slang, FTW is an acronym “for the win” and while that’s appropriate here, I think a better expansion is “for the world.”

We’re pleased to announce that we have sponsored the development of TLS 1.3 in OpenSSL. As it is one of the most widely-used TLS libraries, it is a good investment for the overall health and security of the Internet, so that everyone is able to deploy TLS 1.3 as soon as possible…

Repost posted at UTC on .

No comments