Archive for the ‘security’ Category

Just Another HTTPS Nudge

Posted on: No Comments
I was strongly reminded about the scariness of non-secure websites the other day. I'm using Xfinity as an internet service provider, and they give you a device that is both a cable modem and a router. Here's a tiny bit of backstory. I use a VPN, and...

ShopTalk 250: Web Security

Posted on: No Comments
For all y'all that want to understand the potential attacks, and potential defenses, of front-end web development. It's pretty wild. The dangers are big, real, and many. But the tools we have to fight back are up to the job, we just need to know about ...

Quick Tip: LetsEncrypt “server” error fix on Ubuntu 16.04

Posted on: No Comments
I recently had to renew the HTTPS certificates for my server, and ran into trouble. The errors that the command sudo letsencrypt renew was spewing out were these: Processing /etc/letsencrypt/renewal/bitfalls.com.conf 2017-02-06 07:43:08,126:WARNING:...

Testing Frenzy – Can We BDD Test the Units?

Posted on: No Comments
I'll be honest, I don't do much testing. When it's really necessary and I'm working on big enterprise projects, I do, but in general, my personal projects are usually one-man-army proofs of concept, or fixes on already tested apps. [author_more] We've ...

The Line of Death

Posted on: No Comments
Eric Lawrence has written a pretty scary post about browser security and malicious websites that hope to trick us: When building applications that display untrusted content, security designers have a major problem— if an attacker has full control of ...

Let’s Kill the Password! Magic Login Links to the Rescue!

Posted on: No Comments
Authentication is something that has evolved over the years. We have seen it change from email - password combination to social authentication, and finally password-less authentication. Actually, more like an "email only" authentication. In the case of...