Subscribe to this list via RSS Blog posts tagged in General Software Development

Posted by on in Blogs
YAML and Remote Code Execution YAML's security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution. It's Not Just Ruby A few weeks ago, I had a need to parse Jasmine's jasmine.yml in some C# code. I spent some time looking at existing YAML parsers for .NET and ended up deciding that spending a couple of hours writing a lightweight, purpose-specific parser for jasmine.yml made m...

Posted by on in Blogs
Or, As We Called It Back in 1999, "Tuesday" So this tweet got a lot of attention: potch @potch alias yolo='git commit -am "DEAL WITH IT" && git push -f origin master' I laughed at this, not because it implies some kind of reckless disregard for process and community, but because, in 1999,  at a former employer, when our VCS was Microsoft SourceSafe, this was just the way that we went about our business. Times have changed!...

Posted by on in Blogs
 Review: Coursera Social Network Analysis class I recently completed the Coursera Social Network Analysis class. This was my first time taking a Coursera class. In this post, I will describe my experience with Coursera generally, and review the Social Network Analysis class in particular. Along with several of my colleagues, I took Martin Odersky's Functional Programming Principles in Scala class at the same time. Although I finished my last assignment for that class weeks ago, the class isn't technically complete, so I will reserve commen...

Posted by on in Blogs
The Homomorphic Encryption Patent Land Rush I noticed this morning that Google patent search returns 189 results for the query “homomorphic encryption." I have written about homomorphic encryption in the past; it is a true mathematical breakthrough which has the potential to transform cloud computing security. But the emphasis, here, is on “potential.” There is no fully homomorphic encryption scheme which is efficient enough to be practical for real-world, general-purpose computation. This, apparently, has done nothing to stop the pate...

Posted by on in Blogs
Speaking at "Moving to Better Secure the Cloud" I'll be speaking at a Slashdot/Geeknet "virtual trade show" today. Moving to Better Secure the Cloud: Governance, Risk, and Compliance Management My presentation will be on the potential business impact on the web if an efficient and fully homomorphic encryption system is invented. I'll be speaking sometime in between 3:15 and 4:00 EST, for about 20 minutes. The target audience is CIOs. Sorry for the short notice, but this came together at the last minute!...

Posted by on in Blogs
Great CS Textbooks, Cheap I'm probably late to this party, but I've discovered that you can find incredible deals on used CS textbooks at Amazon, especially for older editions. For example, I recently ordered a copy of Programming Language Pragmatics, by Michael L. Scott. It's $63 new for the hardcover or $43 on a Kindle. I got a used copy of the (somewhat older) second edition for $3 + postage, for a total of $7. True, I don't get the new chapter on VMs, but I can live with that. The third edition totally dried up th...

Posted by on in Blogs
Book Review: Rework Rework, by Jason Fried and David Heinemeier Hansson, cannot accurately be described as the "sequel" to the first book to come out of 37 Signals, Getting Real. As a significant percentage of the book seems to be word for word identical to text in Getting Real, I think it's more of a "remix." Getting Real focused on creating marketable web software, whereas Rework changes the focus ever so slightly to growing a business around marketable web software. If you've read Getting Real (you can sample...
A Math Primer for Gentry's Fully Homomorphic Encryption A couple of weeks ago, I wrote What Is Homomorphic Encryption, and Why Should I Care? In that post, I promised to share my C# implementation of the algorithm from Craig Gentry's CACM article. Before I can do that, though, I need to explain some of the math involved. Perhaps surprisingly, it's actually very simple. (I say "surprisingly" because much of the math and technical papers on encryption is decidedly not simple, including that of Gentry's first fully homomorphic scheme, which was based...
What is Homomorphic Encryption, and Why Should I Care? The March 2010 issue of the Communications of the ACM includes a technical paper with an introduction entitled "A First Glance of Cryptography's Holy Grail" (ACM subscription required). That's enough to catch my attention. The paper itself, Computing Arbitrary Functions of Encrypted Data, describes a relatively new algorithm for homomorphic encryption. Although these words may be unfamiliar to many, the subject matter is terribly important, because, like public-key encryption, which paved the...

Posted by on in Blogs
Crossword No. 2 DotNetSlackers just published a crossword puzzle I created; you'll see the grid below. The puzzle is focused on .NET and programming themes, including a Delphi reference here and there. The site editors wanted an article to go with the puzzle, so I wrote an article explaining how I created the puzzle. The article is full of spoilers, so if you'd like to try and solve the puzzle yourself scroll down to the bottom of the article to find the grid and clues before reading the article at the top....

Check out more tips and tricks in this development video: