Labnotes

Weekend Reading — Tasks

Published on

Tasks

Design Objective

Junior Designers vs. Senior Designers The differences, illustrated.

Meet the New Enterprise Customer, He’s a Lot Like the Old Enterprise Customer There are reasons why enterprise customers are enterprise customers.

@helmutgranda:

On design: Simple is != to dumbed down, Simple = right place at the right time.


Lines of Code

Practical functional programming: pick two Covers functions, promises, laziness, streams and reactive programming. Slides only.

@Gilad_Bracha:

When you have a lot of convenience methods, keeping track of them becomes very inconvenient. They become nuisance methods.

@GonzoHacker:

Javascript is like the universe, once you get deep enough you find out it's just strings held together by forces no one understands

@edial:

OH: QA Engineer walks into a bar. Orders a beer. Orders 0 beers. Orders 999999999 beers. Orders a lizard. Orders -1 beers. Orders a sfdeljkn

@iamdevloper:

Develop like there’s only one timezone,

Design like there’s only one screen size,

Debug like there’s only one browser…


Tools of the Trade

Unwrapping JSON-P Nifty trick. Using Function to avoid some of the pitfalls of eval and the need for a global callback function.

npm@2.0.0 Scoped packages, arguments for run-script, and hopefully less flaky installs.

Haraka A modern, high performance, flexible SMTP server. Node.js.

sshrc sshrc works just like ssh, but sources ~/.sshrc from your local computer, so you can bring .bashrc, .vimrc, etc with you every time you SSH.

What a hotfix patch feels like ;)


Locked Doors

Quick notes about the bash bug, its impact, and the fixes so far Services running on your server might be forking processes and passing user inputs via environment variables (e.g. Apache, sendmail). They're all vulnerable to this easy compromise. So even if you don't think you're using bash anywhere, patch and upgrade!

In-App Browsers Considered Harmful In-app browsers can monitor anything you type, including passwords and credit cards, even on secure sites. "You should never enter any private information while you’re using an app that’s not Safari."

Why I hacked TouchID (again) and still think it’s awesome Yes you can fake someone else's fingerprint, but it's a complex and involved process. You can't just "lift" their print from a glass.

@SwiftOnSecurity:

Remember: Fingerprint locks are convenient, but they discard ability to "forget" or refuse to unlock a device. They remove consent.

PKCS#1 signature validation Explains the RSA signature verification bug in Chrome/Firefox that was fixed on Wednesday:

This is because, due to complexity, there wasn't universal agreement on what the the parameter should be.

Heatmiser WiFi thermostat vulnerabilities This one checks the box on every bad security practice. I can imagine the discussion that led to creating this unnecessary security vulnerability: "users want a way to login, so let's add a login page".


None of the Above

Why would anyone use an alias? For a number of good reasons …

So you want to know what's going on in the Middle East? Here it is, in a nutshell:

Pi - Pizza Delivery Designed to look just like the Uber app, this (iOS) app does exactly one thing: order pizza!