Stripe.com’s Stripe Elements is a great way to handle payment card information in a way that slows down cybercreeps. It’s secure because customers only enter card numbers into Stripe-furnished iframes, never into forms on the site taking payments via Stripe. Here is the sequence diagram for how Stripe Elements handles data flow Read more →
Category: Reference
Plant UML
Software designers sometimes need to present UML sequence diagrams like this one. This kind of thing is absurdly fiddly to draw with most graphics packages. But there’s a language called PlantUML that allows us to write them as text and render them in various software tools, including WordPress with the plugin called PlantUML Renderer. The text for this example is… Read more →
Jupyter on Raspberry pi
Jupyter is an excellent free open source package for literate programming, especially in Python. It’s nice because it keeps a good record of what you try in experimental programming. And it’s easy to tidy up your work when you figure out what you’ve done, and store or publish it. It’s also sweet because it’s a web app. You can program… Read more →
Super simple Javascript Queue class
It’s tempting, when in a hurry, to create a queue object in Javascript with an array. To enqueue something, push() it onto the array. To dequeue it, shift() it off. It works. But it’s slow, because shift() takes O(n) time where n is the length of the queue. Kate Morely cooked up an almost-as-simple but much faster queue implementation. She… Read more →
Yubico FIDO U2F key quick review
A few days ago I ordered some Yubico FIDO U2F security keys, after reading that they are a useful way to help secure various online accounts and keep intruders out. These cost US$20 each singly and $18 each in bulk. They arrived, packaged inconspicously, promptly after I placed my order. They’re cheap enough that they can be used for personal… Read more →
Strict liability for leaks of secrets
Can we learn anything from the past few years of leaked secrets? Sure, we can learn that some big-shot executives and elected officials are lazy and feckless. We can learn that software is brittle and needs diligent patching. We can learn that a determined person trying to exfiltrate data has a HUGE advantage over the people trying to protect it.… Read more →
Should I encrypt columns in my web application’s database?
Somebody asked whether it’s a good idea to encrypt database columns in a web application. My answer: “It probably won’t help much.” Why? Figure out your threat model Best practice: figure out your threat model before you spend time and money securing your system. If you build complex security measures without a clear idea of your threat model, you’ll trick… Read more →
Cybercrooks stole my data from Equifax! What now? Credit freezes.
On September 7th, 2017, the credit bureau Equifax announced that cybercriminals broke in to its company servers sometime in mid-May 2017 and stole copies of information like Social Security Numbers, driver’s license numbers, birth dates, and home addresses for as many as 143 million residents of the US. The total population is about 329 million, counting children, so there’s a… Read more →
Time Zones in MySQL
Suppose you’re working on a web application to support users in multiple time zones. How do you handle dates and times? If your users all live in one time zone, it’s easy. Simply store important date and time data in DATETIME or TIMESTAMP columns, and be done with it. But, what application has users in just one time zone? Maybe a municipal… Read more →
University students: beware the people who lend you money!
Bloomberg News published an article today putting the lie to Navient’s claim to helping manage student debt. In a court filing, the company (which used to be part of the Sallie Mae US federal student lending agency) said it was a conflict of interest to help students. Their primary role is collecting on loans. Dear students: Companies and governments who… Read more →