Search results

I don't have anything invested in the idea, it was just an idle thought experiment. Of course it's much easier to poke holes in someone else's idea than to come up with something novel yourself. Thanks for taking the opportunity to be an anonymous dick on the internet, though.

Tell that to nearly every web API on the planet.

On a human, realistic level I agree that it would be difficult to expect people to memorize UUIDs. On an infosec level however, I think it's easier because you only have to remember one long, random string as opposed to a long, random string (strong password) and another long, arbitrary...

Interesting problem. You'd have to build invalidation into your data structures by providing a way to migrate/copy over the data keyed to UUID X over to the newly-generated UUID Y. You'd also have to work hard to avoid letting some other field become the de facto identifier (full name, SSN...

Type 4 UUIDs are both guaranteed to be unique and (if you are careful with the generation algorithm) also are reasonably non-guessable. Since they have both properties they would serve as both identification and as an authentication token, as long as they were kept confidential (not printed on...

The identifier should be a UUID. Then it can be used both as an ID and as authentication (ie, no password required).

Kimono has made a SaaS product out of this problem. I've never used it but heard good things.

You're writing a screen scraper based on screenshots (not the actual data-to-be-scraped)? How awful.

One thing I've learned is that the law is rarely intuitive or even logical. Most of the time when I've thought a legal situation was obvious, I've turned out to be wrong. I've learned not to assume anything other than that the legal world is crazy and very expensive to participate in.

^ The network is absolutely key and is where nearly all the value of an MBA comes from. If you aren't into networking or think you will learn the OMG huge secret to running a successful business, reset your expectations.

Rust/Go are targeting a different problem space, I think, than Scala, F# or Swift. I get the dig, though--the analogy that Go is Google's proprietary language just like Swift is Apple's.

Obj-C is definitely a little weird (at least the syntax). It will be interesting to see if Swift causes more people to get into iOS development.

IANAL...isn't the default just copyright with no usage grants (or whatever the legal term is)? In other words, look but don't distribute.

I seriously doubt that anything could stop determined nation-state attackers (or anyone with those kind of resources). Pushing the problem to Cisco or Microsoft or whoever manufactured your VPN device should not bring any peace of mind in that regard. I see pervasive use of corporate VPNs as...

Should have paid them more.

I could write a book about how horrible the HTTP/HTML/CSS/JS stack is--but it *works* and it's *open* and it's *standard*. Users are expecting to use your applications outside of the office (and in a lot of cases it would be pretty arbitrary to limit them to working in a single physical...

A VPN is not necessary for remote control/troubleshooting (join.me, etc). I agree that SSL VPN is generally less shitty than IPSEC, but I often see VPN as the poor man's way of providing services that should be externalized: provide a real Box-like file service instead of bare network shares...

++++ VPNs need to die in a fire. Secure your services appropriately and make them public.

Google uses the term "Site Reliability Engineer" and other companies use the terms "Systems Engineer" or "Infrastructure Engineer". The places I've seen "DevOps" explicitly in the job title have mainly been startups. Assuming you are in such a role, I'm wondering if you're limiting yourself by...

What do you guys think of the word "DevOps" in a job title? Appropriate or a bad idea? I tend to think of DevOps as more a philosophy (like Agile/Scrum) so I'm not sure it works as a job title.