Analyzes global network latency, highlighting the worst ping delay between Dagupan, Philippines and Alblasserdam, Netherlands.
Critique of the role="password" ARIA attribute, arguing it undermines security, accessibility, and user experience by enabling poorly implemented custom password fields.
Argues for using plain text emails over HTML, citing tracking, security, and usability issues with HTML email.
A technical critique of Sucuri Security's flawed analysis of TLS certificate verification, focusing on errors in their assessment of Python's Requests library.
Analysis of a cryptographic vulnerability in the Beaker Python library's session encryption due to nonce reuse in AES-CTR mode.
A technical guide on implementing a Subresource Integrity (SRI) TagHelper for ASP.NET Core, covering hash calculation, caching, and browser security.
Explores the new Protect/Unprotect-CmsMessage cmdlets in PowerShell V5 for DSC credential encryption, detailing upgrade challenges.
A guide to implementing Subresource Integrity (SRI) security for CDN resources using a custom ASP.NET Core TagHelper.
Analysis of the Apple vs FBI encryption case, arguing that longer passcodes can maintain iPhone security even if Apple loses.
A guide to implementing HTTP Public Key Pinning (HKPK) with Let's Encrypt certificates on an nginx server for enhanced TLS security.
Introduces a PowerShell script to simplify creating SSL/TLS certificates, CA certificates, and client certificates, automating complex command-line tools.
A recap of the London VMUG January 2016 meeting, covering VMware ecosystem talks on security, storage, automation, and case studies.
Details and fix for the OpenSSH client roaming vulnerability (CVE-2016-0777) that could allow a malicious server to steal private keys.
Learn how to securely manage VM passwords using Azure Key Vault secrets in ARM templates, eliminating plaintext password risks.
Highlights five key projects advancing security: U2F, Let's Encrypt, Rust, X25519/Ed25519, and Chromebooks.
A developer's experience purchasing and setting up the special edition Octocat Yubico U2F security key for GitHub two-factor authentication.
Discusses the deprecation of the insecure SMB1 protocol in Windows and provides PowerShell commands to disable or uninstall it.
A guide on evaluating third-party scripts for web performance, security, and user experience, including a checklist of critical questions.
Practical advice for enhancing company security, covering password storage, SSH access, network encryption, patching, and developer education.
An update on the certifi project's new release, addressing 1024-bit root certificate removal and the plan for a hybrid bundle.
