We’ve got some DEF CON content updates for you today! First, we’ve added some AppSec Village videos we were missing from DC30 and DC31. You can grab them at media.defcon.org . Second, the big torrent of all the goodies from DC31 is now also live on the media server . And third, if you’re looking for a 1.7T ‘everything DC’ torrent, that’s freshly updated and available for you on infocon.org . Make sure to stretch your..
|
|
I have a lot of thoughts about this book but I’ll try to keep this brief. To start, this book has a very odd citation format. The author directly cites journalists, blog posts, magazine surveys directly in line, but then deeper resources, ie Academic Studies, Medical Journals, are cited at the back of the book - and not many are cited compared to how many Journalists are. This creates a problem where many times in the book the author will..
|
|
New Year's security resolutions for 2024 from Snyk DevRel, SecRel, and friends
-
snyk.io
-
2 years ago
-
eng
This year, we asked the DevRel and SecRel team at Snyk and security experts from around the industry to drop in their personal and professional New Year's security resolutions for 2024.
|
|
Guarding Your Focus: Essential Strategies to Protect Your Attention
-
www.dsebastien.net
-
2 years ago
-
eng
Attention is a prized currency. Basically, every company around you is trying to grab your attention to get a return on investment. What does it mean for lifelong learners and knowledge workers? What are the pitfalls to avoid and ways to leverage that to learn better and be more productive?
|
|
Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195)
-
snyk.io
-
2 years ago
-
eng
On January 11th, 2024, a significant security vulnerability was disclosed in Jinja2, a widely used Python templating library. Identified as CVE-2024-22195, this cross-site scripting (XSS) vulnerability has raised concerns due to its impact on numerous projects.
|
|
今年打算重新开始刷题了,会保持每周至少两题,我会隔段时间写一篇文章记录最近刷的题和题解思路。 字符串相乘 https://leetcode.cn/problems/multiply-strings/description/ 给定两个以字符串形式表示的非负整数 num1 和 num2,返回 num1 和 num2 的乘积,它们的乘积也表示为字符串形式。 注意: 不能使用任何内置的 BigInteger 库或直接将输入转换为整数。 示例 1: 输入: num1 = "2", num2 = "3" 输出: "6" 示例 2: 输入: num1 = "123", num2 = "456" 输出: "56088" 提示: 1 <= num1.length, num2.length <= 200 num1 和 num2 只能由数字组成。 num1 和 num2 都不包含任何前导零,除了数字0本身。 解 由于字符串长....
|
|
Over the decades I've relied heavily on bash aliases and functions to automate common tasks, resulting in a .bash_profile that's over a thousand lines long. But lately I find myself writing many small scripts instead. These tiny scripts, which live in a directory on my $PATH, have several advantages: They compose nicely, in line with the Unix philosophy . They are reasonably portable. If it works for me on Linux, it'll often work on....
|
|
Hi, Deine E-Mail-Validierung ist falsch (wahrscheinlich). Und deine Modellierung, dass jeder Mensch einen Vor- und einen Nachnamen hat, ist ebenfalls falsch. Als ich in den vergangenen Tagen meine Bookmarks auf der Suche nach einem Artikel zu Project Management in BigTech durchforstet habe, bin ich auf einen alten Artikel von 2010 gestolpert: Falsehoods Programmers Believe About Names . Ein exzellentes Essay! Unsere Annahme..
|
|
Over the decades I've relied heavily on bash aliases and functions to automate common tasks, resulting in a .bash_profile that's over a thousand lines long. But lately I find myself writing many small scripts instead. These tiny scripts, which live in a directory on my $PATH, have several advantages: They compose nicely, in line with the Unix philosophy . They are reasonably portable. If it works for me on Linux, it'll often work on....
|
|
Over the decades I've relied heavily on bash aliases and functions to automate common tasks, resulting in a .bash_profile that's over a thousand lines long. But lately I find myself writing many small scripts instead. These tiny scripts, which live in a directory on my $PATH, have several advantages: They compose nicely, in line with the Unix philosophy . They are reasonably portable. If it works for me on Linux, it'll often work on....
|
|
Today’s fun was implementing OAuth2’s RFC 7636 ’s PKCE (Proof Key for Code Exchange) in C#. It’s relatively straightforward, but I decided to share my implementation should it be helpful to someone else out there. PKCE is an extension to the Authorization Code flow to prevent CSRF and authorization code injection attacks. [..] It was originally designed to protect the authorization code flow in mobile apps, but its ability to prevent ..
|
|
Ask any software engineer and they’ll tell you that coding date logic can be a nightmare. Developers need to consider timezones, weird date defaults, and platform-specific date formats. The easiest way to work with dates is to reduce the date to the most simple format possible — usually a timestamp. To get the immediate time […] The post Date.now() appeared first on David Walsh Blog .
|
|
Ask any software engineer and they’ll tell you that coding date logic can be a nightmare. Developers need to consider timezones, weird date defaults, and platform-specific date formats. The easiest way to work with dates is to reduce the date to the most simple format possible — usually a timestamp. To get the immediate time […] The post Date.now() appeared first on David Walsh Blog .
|
|
We all have secrets. Sometimes, these are guilty pleasures that we try to keep hidden, like watching cheesy reality TV or indulging in strange comfort food. We often worry: “How do we keep the secret safe?” “What could happen if someone finds out the secret?” “Who is keeping a secret?” “What happens if we lose […]
|
|
I can't believe I haven't written anything here in over a year. I increasingly want to move my experimental, art, hobby, and professional content away from platforms that exist to extract value from me and my friends. I'd also like to be less precious with this space, to treat it in the casual, experimental fashion I would treat Instagram or Facebook. So I'm going to be playing around with posting shorter posts, unfinished things, and ....
|
|
I can't believe I haven't written anything here in over a year. I increasingly want to move my experimental, art, hobby, and professional content away from platforms that exist to extract value from me and my friends. I'd also like to be less precious with this space, to treat it in the casual, experimental fashion I would treat Instagram or Facebook. So I'm going to be playing around with posting shorter posts, unfinished things, and ....
|
|
I can't believe I haven't written anything here in over a year. I increasingly want to move my experimental, art, hobby, and professional content away from platforms that exist to extract value from me and my friends. I'd also like to be less precious with this space, to treat it in the casual, experimental fashion I would treat Instagram or Facebook. So I'm going to be playing around with posting shorter posts, unfinished things, and ....
|
The post discusses my experience with learning and using Ruby, highlighting its good, bad, and weird parts.
|
|
Snyk welcomes Helios, accelerating our ASPM vision with runtime insights
-
snyk.io
-
2 years ago
-
eng
Snyk announces acquisition of Helios, accelerating application security posture management (ASPM) capabilities with runtime insights.
|
|
Selling my company was a milestone that many entrepreneurs dream of. But today, I get to look back on all of that nearly two years later with the benefit of hindsight.
|
Using todoist as a cloud inbox for GTD in Emacs orgmode for better integration with services like Slack and Google Assistant
|
|
Using todoist as a cloud inbox for GTD in Emacs orgmode for better integration with services like Slack and Google Assistant
|
|
Using todoist as a cloud inbox for GTD in Emacs orgmode for better integration with services like Slack and Google Assistant
|
|
User input from HTML form fields is generally provided to JavaScript as a string. We’ve lived with that fact for decades but sometimes developers need to extract numbers from that string. There are multiple ways to get those numbers but let’s rely on regular expressions to extract those numbers! To employ a regular expression to […] The post Extract a Number from a String with JavaScript appeared first on David Walsh Blog .
|
|
User input from HTML form fields is generally provided to JavaScript as a string. We’ve lived with that fact for decades but sometimes developers need to extract numbers from that string. There are multiple ways to get those numbers but let’s rely on regular expressions to extract those numbers! To employ a regular expression to […] The post Extract a Number from a String with JavaScript appeared first on David Walsh Blog .
|
A retrospective on getting solar panels installed. The installation cost around 5k€ (4k€ after government subsidies), and we were able to generate over 80% of our yearly consumption and save just short of 1k€ in year 1 as well as shave off our CO2 footprint by over a ton
|
|
Executive summary: If you have excess savings that you want to grow and compound with minimum drawdowns, you should put half of it in global stocks, a quarter in bonds, and the last quarter in gold. Rebalance yearly and go to the beach. The Persian Portfolio is an investment portfolio that consists of just three […]
|
|
This site under construction I had a failure scenario with WordPress and PHP versions. As I think a static site should be created statically, I’ve decided to export the current content and create a new web site with Hugo.
|
|
Not technical writing, but Jim Lawless interviewed me on his "Stray Pointers" podcast. We discuss Forth, C, CGI, Python, Go, and AWK.
|
|
I've started a new position as Staff Engineer at Float Health. We're using a nice SaaS tool called Range for daily checkins as well as meeting agendas and notes. The workflow encourages everyone to write a small handful of bullets about the main things they worked on each day. We are lucky enough to have Range founder Dan Pupius working with us at Float Health, and I had to smile and send him this ancient screenshot. This is essentially m..
|
|
In the world of mathematical statistics, there is a constant confrontation between adepts of different paradigms. This is a constant source of confusion for many researchers who struggle to pick out the proper approach to follow. For example, how to choose between the frequentist and Bayesian approaches? Since these paradigms may produce inconsistent results (e.g., see Lindley’s paradox ), some choice has to be made. The easiest way to con..
|
|
This is a story of how a random person on the internet set me thinking and eventually triggered a change to this blog. It started last September, when someone suggested offering email subscriptions in addition to the existing RSS feed. The thing is… I was purposefully not offering email subscriptions! What a waste, someone might say: you had multiple articles reach the Hacker News frontpage in 2023, yet you failed to “capitalize” on the opp..
|
|
In the world of mathematical statistics, there is a constant confrontation between adepts of different paradigms. This is a constant source of confusion for many researchers who struggle to pick out the proper approach to follow. For example, how to choose between the frequentist and Bayesian approaches? Since these paradigms may produce inconsistent results (e.g., see Lindley’s paradox ), some choice has to be made. The easiest way to con..
|