YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution.
It’s Not Just Ruby
A few weeks ago, I had a need to parse Jasmine’s jasmine.yml in some C# code. I spent some time looking at [...]
So this tweet got a lot of attention:
potch
@potch
alias yolo=’git commit -am "DEAL WITH IT" && git push -f origin master’
I laughed at this, not because it implies some kind of reckless disregard for process and community, but because, in 1999, at a former employer, when our VCS was Microsoft SourceSafe, this was just the way [...]
I recently completed the Coursera Social Network Analysis class. This was my first time taking a Coursera class. In this post, I will describe my experience with Coursera generally, and review the Social Network Analysis class in particular.
Along with several of my Spruce Media colleagues, I took Martin Odersky’s Functional Programming Principles in Scala class [...]
I noticed this morning that Google patent search returns 189 results for the query “homomorphic encryption." I have written about homomorphic encryption in the past; it is a true mathematical breakthrough which has the potential to transform cloud computing security. But the emphasis, here, is on “potential.” There is no fully homomorphic encryption scheme which [...]
Tagged homomorphic encryption, patentsSo, after working for 13 years for the same employer, I’ve changed jobs. This month I joined Spruce Media; my title is "Software Engineer." ‘Course, I liked my old job, too, but Spruce Media’s offer was too good to pass up.
It’s a really great time to be a skilled programmer; the market for top people [...]
I’ll be speaking at a Slashdot/Geeknet "virtual trade show" today.
Moving to Better Secure the Cloud: Governance, Risk, and Compliance Management
My presentation will be on the potential business impact on the web if an efficient and fully homomorphic encryption system is invented. I’ll be speaking sometime in between 3:15 and 4:00 EST, for about 20 minutes. [...]
I’m probably late to this party, but I’ve discovered that you can find incredible deals on used CS textbooks at Amazon, especially for older editions.
For example, I recently ordered a copy of Programming Language Pragmatics, by Michael L. Scott. It’s $63 new for the hardcover or $43 on a Kindle. I got a used copy of [...]
Rework, by Jason Fried and David Heinemeier Hansson, cannot accurately be described as the "sequel" to the first book to come out of 37 Signals, Getting Real. As a significant percentage of the book seems to be word for word identical to text in Getting Real, I think it’s more of a "remix." Getting Real [...]
Tagged 37 Signals, book review, business, DHH, Jason Fried, ReworkA couple of weeks ago, I wrote What Is Homomorphic Encryption, and Why Should I Care? In that post, I promised to share my C# implementation of the algorithm from Craig Gentry’s CACM article. Before I can do that, though, I need to explain some of the math involved.
Perhaps surprisingly, it’s actually very simple. (I [...]
The March 2010 issue of the Communications of the ACM includes a technical paper with an introduction entitled "A First Glance of Cryptography’s Holy Grail" (ACM subscription required). That’s enough to catch my attention. The paper itself, Computing Arbitrary Functions of Encrypted Data, describes a relatively new algorithm for homomorphic encryption.
Although these words may be [...]
Bad Behavior has blocked 713 access attempts in the last 7 days.