The initial claim from Mt. Gox was that they lost money to a problem with Bitcoin known as “transaction malleability.” Lots of people jumped on this explanation (for one of the better ones, see this one, though its depiction does not match what actually happened). I stayed away from this topic, …
At Asana, we’ve figured out a way to rapidly deploy changes to our content site. Non-technical teammates can jump right in and see their updates realtime, without bottlenecks, and without requests to developers. Everything we do is versioned controlled with Git - even copy changes. And we do it all without a dedicated web developer. See how.
How to hash passwords properly using salt. Why hashes should be salted and how to use salt correctly.
My office. This is where the magic happens… or something.
The upside? Turbine will be making server software available for enthusiasts to host their own worlds and communities. Very cool.
Fantastic piece by Nilay Patel on the state of the Internet.
Can’t wait to hack on the upcoming Wolfram Language!
Apple is pushing a hotfix for an extremely serious SSL/TLS bug in iOS 7 and OS X. It remains unclear how far back it goes, but is confirmed in OS X 10.9, iOS 7 and at least iOS 6.1. This is bad. This is really bad.
The bug allows anyone with a certificate identifying themselves as a “trusted CA” (certificate authority; think Verisign, GeoTrust, etc.) to access encrypted communications as if they had never been encrypted at all by leveraging so called Man-in-the-Middle (MITM) attacks. Basically, Apple has been accepting root certs on face value and not performing the fundamental verification steps necessary to prove that they’re authentic and valid.
All because of bracket-less conditionals and an errant ‘goto fail’ line. On the upside, I now have a real example of why bracket-less conditionals are a horrible thing to do next time code standards comes up! ;)
Technical breakdown, including source code and demo: https://www.imperialviolet.org/2014/02/22/applebug.html