Latest News
6

Cracking JXcore

~

Recently, a co-worker was trying to figure out how to protect a node.js project from reverse engineering and modification. Of course, programmers have spent decades trying to figure out ways to allow an end user to run a program without letting the end user reverse engineer or modify the program, and I’ve never heard of anybody successfully doing it. At best, the program is still insecure and the developers have only managed to piss off their high-paying customers.

So naturally, my skepti-larm was blaring when my coworker sent me the link for JXcore.

Continue reading

0

Briefcase Locks

~

I like trying to describe technical concepts to non-technical people. Everybody deserves (and needs!) a basic understanding of the things they use and rely on every day. One of the most important things you use online is your password – or hopefully many different passwords.

I’m not sure if anybody actually still carries a briefcase in 2013, but I remember my father had a briefcase a long time ago with combination locks that consisted of 3 dials. These dial locks are actually a great physical analogy for how passwords work. In this post, I will try to leverage this analogy to explain what makes a password “strong” and how criminals crack passwords.

Continue reading

11

CEH Review

~

About a year ago, I posted my thoughts on the CISSP certification. I recently took the CEH certification, and so I’m taking a few minutes to reflect on this certification as well.

Should you take it? Should you hire somebody because they have it?

Spoiler alert: no and hell no. Continue reading

0

NSA PRISM Affects You

~

My original goal for starting a blog was to try to take technical concepts and relate them to non-technical people. I was especially interested in talking about safety, security, and privacy on the internet from a layman’s point of view. Instead, I wrote a bunch of posts about programming and then took a 6 month hiatus.

The recent leak of documentation about a surveillance program called NSA PRISM has captured a lot of public attention. Even The Daily Show did two episodes about it. Unfortunately, most media outlets have really mishandled this story. I don’t blame them; this is a somewhat tricky, technical issue, and most journalists just are not equipped to carefully dissect this nuanced issue. To complicate problems further, most of the experts brought in to provide technical expertise on this issue have been either government representatives or privacy activists. There has been almost no coverage from politically moderate, technical experts.

Therefore, I am writing down – at considerable length – my technical perspective on this issue.

Continue reading

0

Prefix Sum Kernel Visualizations

~

I am taking the Coursera HPP course, and I just finished watching lectures 6-2 and 6-3. The visualizations of the prefix sum kernels in these two lectures are hard to understand because there are lots of curvy and overlapping arrows. I put together some cleaner, larger visualizations to show how these kernels work. Hopefully this will be of use to other Coursera students.

Continue reading

2

CouchDB Views in Python

~

I’ve been interested in CouchDB lately, and since I’m primarily working in Python, I naturally want to use the two together. There’s a pretty nice module called couchdb-python that makes it easy to get connected, create, edit, and delete documents, but the paucity of information on how to write CouchDB views in Python is laughable. There are literally three lines of code and one sentence explaning how to write views in Python:

Continue reading

1

CISSP Review

~

The CISSP has become one of the hottest certifications to have (especially in the DC area) because of the growing budget for information security. But the CISSP exam itself has some major flaws, leading me to wonder if this is a valuable certification for individuals, companies, or society at large. (Disclaimer: I am a CISSP.)

Continue reading