At last year’s DEF CON, I wandered into a panel with voting industry leaders from the public and private sectors. Towards the end, the facilitator asked the room filled with 200 or so security experts and hackers if they thought the US should have online voting.
Three brave souls raised their hands. They were booed. One put his hand down, looking embarrassed.
Article was last updated 11/08/20
Read the EFF’s concise position on this topic:
Read this Letter to Governors and Secretaries of State on the insecurity of online voting, signed by over 50 (at time of writing, others may…
When I was a kid growing up on the internet, I played a lot of online resource management games. I hung out on Tumblr and was one of those annoying forum posters who couldn’t spell and put Dragon Cave eggs in their signatures. Ah the nostalgia!
This is the story of the first time I encountered a hacker, and learned what hacking really is. Thinking back on this, I’m pretty certain the attack was an XSRF.
During my horse phase, I enjoyed a game that will remain unnamed which involved training and breeding digital…
On September 10th I left my bedroom and the safety of my air purifier to have lunch with my housemates. An hour later I was having my first asthma attack in years. That night the AQI in Portland dipped into the purple zone. The next day, on 9/11, I had 6 people spend the day in my room huddled around my air purifier while the AQI slipped off the charts.
Spending the weekend refreshing the evacuation maps and PurpleAir.com, I realized I know very little about the AQI or Air Quality Index. …
Hashing is an important topic for programmers and computer science students to be familiar with. This article is specifically targeted to students, and programmers with a few months to a year of coding experience.
Hashing: generating a value or values from a string using a mathematical function
Hashes are mostly used for three things:
That’s super confusing but bear with me.
Hashing is otherwise described as doing a non-reversible operation…
I recently started to get into a good momentum with publishing on Medium. Around half of my articles show up on the first page of a relevant Google search, but two of them in particular do very well.
“3 Security Pitfalls Every React Dev Should Know” pretty consistently ranks first to third for “react security,” and Google uses my diagrams from “A Gentle Explanation of Logarithmic Time Complexity” to illustrate the search for “logarithmic time complexity.”
Since I’m a tech writer, most of this applies to tech writing. If you’re not a tech writer, there may be some useful information…
Recently, I refactored an entire deployment setup for a diverse array of apps. That means a big pile of Docker images that all have to be flexible but stable. Some web applications also needed to be restarted in a user-friendly way that displays helpful error messages to developers with a range of skill levels.
It was a lot of work but I sure did get better at Bash scripting. I’m in a good position to write this article because during this project, I wrote down every weird little thing that cost me debugging time.
Bash is so weird that not…
Django has solid docs and strong opinions. One thing it has strong opinions on is user models. There are a few important tips and best practices for starting these off on the right foot. Follow them to avoid migration headaches as your project grows.
This article is meant to be read all the way through. It is especially for beginners but may have some helpful references for more advanced Django developers. If you’re looking for copy-pasteable code snippets instead of an explanation, check out this blog post or look at an example app.
If you’re already experienced with
React is my favorite library for making interactive interfaces. It is both easy to use and quite secure! However, That doesn’t mean it’s completely safe. It’s easy to get complacent and think “we don’t have to worry about XSS because we use React” — that’s not the case.
React vulnerabilities most often happen when you think you’re using the library but aren’t. It’s important to know what React does and doesn’t handle for you.
The following are the most common specific mistakes you are likely to make as a React developer. …
If you’re new to computer science, you’ve probably seen a notation that looks something like
O(log n). That’s time complexity analysis or big-O notation!
It’s a super important concept to understand, at least on an intuitive level, in order to write fast code. There’s also space complexity. It defines how much memory a program might use but we’ll leave that for the next article.
This concept is one of the reasons higher education thinks it needs to make computer science undergrads take years of math classes. …
A few months ago I was looking for an easy way to make my computer unusable for anyone who isn’t me. Petty, maybe, but I know I’m not the only person who hates it when people touch my stuff. It is also satisfying to watch someone grab my laptop without asking, only to have no idea how to use it.
After re-wiring some keyboard shortcuts, I wrote aliases to make bash commands do weird stuff. Like making
ls display the contents of the wrong directory or act like the user made a typo when they hadn’t. …
Developer and appsec researcher living in Portland, Oregon.