An interesting story about sniffing VPN (or more correctly: what the user thought to be VPN). This shows that you always have to be alert.
Why is the web the default development platform? – completely agree with all the points (and also most of the points made in the comments). One additional thing is: instant update. As soon as you add a feature / fix it bug, it is instantly available to all of your users (this can also be somewhat of a problem – if you want to do AB comparisons for example by giving different users different experience).
From be same blog: Why XSS filtering is hard? I’d recommend this to anyone doing web development.
Google Native Code. A solution looking for a problem. There are many mature solutions for this problem, some of them open source, some of them not. Google seems to be reinventing the wheel too much lately.
The new Paul McCartney album is out. You can listen to it online on the site. Unfortunately it is too soft for me.
SHA-3 related site:
- The SHA-3 Zoo
- eBASH: ECRYPT Benchmarking of All Submitted Hashes
- Cryptology ePrint Archive: Report 2008/511 – Classification of the SHA-3 Candidates
Paranoia is good: How The Cloud Destroys Everything I Love (About Web App Security)