A few days ago I ordered some Yubico FIDO U2F security keys, after reading that they are a useful way to help secure various online accounts and keep intruders out. These cost US$18 each, either singly or in 50-unit bulk packaging. They arrived, packaged inconspicously, promptly after I placed my order. They’re cheap enough that they can be used for… Read more →
Category: Reference
Strict liability for leaks of secrets
Can we learn anything from the past few years of leaked secrets? Sure, we can learn that some big-shot executives and elected officials are lazy and feckless. We can learn that software is brittle and needs diligent patching. We can learn that a determined person trying to exfiltrate data has a HUGE advantage over the people trying to protect it.… Read more →
Should I encrypt columns in my web application’s database?
Somebody asked whether it’s a good idea to encrypt database columns in a web application. My answer: “It probably won’t help much.” Why? Figure out your threat model Best practice: figure out your threat model before you spend time and money securing your system. If you build complex security measures without a clear idea of your threat model, you’ll trick… Read more →
Cybercrooks stole my data from Equifax! What now? Credit freezes.
On September 7th, 2017, the credit bureau Equifax announced that cybercriminals broke in to its company servers sometime in mid-May 2017 and stole copies of information like Social Security Numbers, driver’s license numbers, birth dates, and home addresses for as many as 143 million residents of the US. The total population is about 329 million, counting children, so there’s a… Read more →
Time Zones in MySQL
Suppose you’re working on a web application to support users in multiple time zones. How do you handle dates and times? If your users all live in one time zone, it’s easy. Simply store important date and time data in DATETIME or TIMESTAMP columns, and be done with it. But, what application has users in just one time zone? Maybe a municipal… Read more →
University students: beware the people who lend you money!
Bloomberg News published an article today putting the lie to Navient’s claim to helping manage student debt. In a court filing, the company (which used to be part of the Sallie Mae US federal student lending agency) said it was a conflict of interest to help students. Their primary role is collecting on loans. Dear students: Companies and governments who… Read more →
Test data for FULLTEXT searching
MySQL’s FULLTEXT search feature works best when it’s used on a large corpus of text. That is, for best results you need many rows. When the text corpus is too small, full text searching often returns strange results: the indexing process tries to work out common words. If the amount of text being indexed is too small, some words that… Read more →
Wondering about keeping yourself secure online?
Internet security guy Troy Hunt has put out a good video to teach you about keeping yourself secure online. This is free. It’s on youTube. Troy is very reliable. This is worth an hour of your time. https://www.troyhunt.com/get-to-grips-with-internet-security-basics-courtesy-of-varonis/ Read more →
Set up gmail to use a new email account
You can set up your gmail account to send and receive mail using other email accounts. This is convenient, because you don’t have to remember to log in to your other accounts to get that email. You can, of course, still receive and send email with your original gmail account. This video tutorial explains how to set up gmail to… Read more →
Insults
I thought William Shakespeare was the master of insults. “In civility thou seem’st so empty,” for example, from As you like it. But now Randall Munroe, the author of XKCD, is catching up with his insults about code quality. Read more →