Junior Designers vs. Senior Designers The differences, illustrated.
Meet the New Enterprise Customer, He’s a Lot Like the Old Enterprise Customer There are reasons why enterprise customers are enterprise customers.
On design: Simple is != to dumbed down, Simple = right place at the right time.
Lines of Code
Practical functional programming: pick two Covers functions, promises, laziness, streams and reactive programming. Slides only.
When you have a lot of convenience methods, keeping track of them becomes very inconvenient. They become nuisance methods.
OH: QA Engineer walks into a bar. Orders a beer. Orders 0 beers. Orders 999999999 beers. Orders a lizard. Orders -1 beers. Orders a sfdeljkn
Develop like there’s only one timezone,
Design like there’s only one screen size,
Debug like there’s only one browser…
Tools of the Trade
Unwrapping JSON-P Nifty trick. Using
Function to avoid some of the pitfalls of
eval and the need for a global callback function.
email@example.com Scoped packages, arguments for
run-script, and hopefully less flaky installs.
Haraka A modern, high performance, flexible SMTP server. Node.js.
sshrc works just like
ssh, but sources
~/.sshrc from your local computer, so you can bring
.vimrc, etc with you every time you SSH.
Quick notes about the bash bug, its impact, and the fixes so far Services running on your server might be forking processes and passing user inputs via environment variables (e.g. Apache, sendmail). They're all vulnerable to this easy compromise. So even if you don't think you're using bash anywhere, patch and upgrade!
In-App Browsers Considered Harmful In-app browsers can monitor anything you type, including passwords and credit cards, even on secure sites. "You should never enter any private information while you’re using an app that’s not Safari."
Why I hacked TouchID (again) and still think it’s awesome Yes you can fake someone else's fingerprint, but it's a complex and involved process. You can't just "lift" their print from a glass.
Remember: Fingerprint locks are convenient, but they discard ability to "forget" or refuse to unlock a device. They remove consent.
PKCS#1 signature validation Explains the RSA signature verification bug in Chrome/Firefox that was fixed on Wednesday:
This is because, due to complexity, there wasn't universal agreement on what the the parameter should be.
Heatmiser WiFi thermostat vulnerabilities This one checks the box on every bad security practice. I can imagine the discussion that led to creating this unnecessary security vulnerability: "users want a way to login, so let's add a login page".
None of the Above
Why would anyone use an alias? For a number of good reasons …
Pi - Pizza Delivery Designed to look just like the Uber app, this (iOS) app does exactly one thing: order pizza!