If you don’t know what BitCoin is read the official blurb or more of the same from Wikipedia
At the last of our recently christened “bi-monthly, beer-fuelled BitCoin argument” sessions (aka geek ups) the issue of security as a barrier to BitCoins continued viability was raised and, shockingly, was acknowledged as a valid issue by the group’s biggest BitCoin proponent.
I received my YubiKey last week and had a spare half an hour to work on a ColdFusion interface to the YubiCo Webservice API to enable easy integration of YubiKey 2nd Factor Authentication in ColdFusion apps.
I’ve popped the initial version of the code onto a Google Code project (under the MIT licence) as well as setting it up on RIAForge.
It’s pretty basic as things stand but I’ve got some niceties to add as and when I find the time including HMAC-SHA-1 signing support and support for all the API options.
If you’ve got a YubiKey and you’re a CF developer then please give it a whizz and let me know via the YubiKey-CF Google Project if I’ve missed anything obvious.
You may have noticed that registration on this site has been opened up and allows you to create an account using credentials from Twitter, Facebook, LinkedIn, WordPress.com or your OpenID.
It’s a trend I’ve been seeing more and more of on other sites and it makes sense to implement authentication mechanisms from other providers. As an exercise in security best practice it removes the requirement for yet another username and password as well as reducing the dilution of password entropy by re using the same passwords linked against your email address.
This is the dream that OpenID was created to realise but with Twitter, Facebook, et al rolling out robust authentication mechanisms of their own it makes sense to offer a number of options.
Anyhoo, let me know how you get on with it and if you have any problems. It’s something I’d love to see rolled out over more sites and I hope that my little corner of the internet can join a growing trend.
Privacy online is getting a run for its money at the moment, with Google getting slapped for storing whole emails and URLs encapsulated inside packets captured by Streetview Cars and Eric Butler’s Firesheep flaming up a storm by showing just how easy it can be to capture cookie based sessions on a shared wireless network.
And I’m getting rather sick of the negative waves Moriarty!
I appreciate that, legally, your data should be considered private unless you release it, but the current furore surrounding Google’s (allegedly) accidental interception of personal data highlights a very worrying trend – people aren’t prepared to look after their data!
Most of the governments and bodies complaining about these privacy invasions have been warning us for years to shred our sensitive paper documents to prevent them falling into nefarious hands. And for the most part we’ve listened.
So far as the Google Grab goes, the affected parties are probably those who would never dream of posting cash, use registered mail for cheques, change their PINs and never write them down and would assume you had gone quietly mad if you showed up to a party wearing a t-shirt with your date of birth & mother’s maiden name on it.
These same people who obsessively keep their receipts for fear of some crook collecting enough of them to reassemble their card details and take them for every penny, don’t seem to give a damn that they may be broadcasting their internet browsing habits for all to view.
They wouldn’t stick their bank statements in a box labelled “Bank Statements” and ‘file them’ on their front door step so why would they use an insecure network? Likewise they’re not going to read your credit card number out loud in a crowded train station so why would they check their email over a shared WiFi network without encryption of some form?
Google may have done wrong in collecting the information but surely they have highlighted that these people’s networks made no effort to prevent the collection of data… and who’s fault is that?
My point is this – we are responsible for the safety & security of our own data; this concept is understood and embraced in the physical world so why do they find it so hard in the virtual world?
Over the past 3 years (and yes it really has only been 3 years!) Amazon and other players have delivered the Cloud to the world of business providing IaaS and causing ripples in well established cost models for computer processing power.
For the past 2.5 years I’ve maintained a dedicated server for hosting various sites, both of my own and for clients. I’d been running the same box for a while when, in January, I finally decided I needed to upgrade to a bigger, better machine with an OS I could actually patch (the old server was a Fedora Core 5 machine and Yum was borked beyond repair).
Further to Friday’s post regarding my issue with CFAjaxProxy and getter / setter methods this reason for the failure to persist the variables set was neatly explained by Andrew Scott, both in the comments on this blog, via twitter and in more detail on a post on his own blog.
I love Apache, if it were up to me the whole Internet would be served from Apache based servers running on a Linux based stack and website would never fall over, code would be clean and World Peace would follow shortly there after.
Unfortunately, we live in the real world and part of this rather shocking wake up call is that we sometimes have to use IIS to serve ColdFusion websites. This isn’t so bad, certainly after trying to get PHP stable under Windows Server 2003 and IIS ColdFusion is a doddle to install, stable and pretty much as good as its Nix based sister. But there are some things IIS 6 simply doesn’t do well. One of these is URL rewriting.
Hi my name is Rob and I’m paranoid.
Actually let me quantify that – Hi my name is Rob and I’m a paranoid developer. I don’t mean that I spend my days imagining the worst scenarios under which my applications can fail or wondering if my clients are talking about me behind my back. No, I’m paranoid in the simplest sense – I don’t trust technology.
In the sphere of web application development, technology moves incredibly quickly and new libraries, classes and “concepts” are popping up daily. I can remember, without having to cast my mind back too far, the first time I heard the phrase AJAX in relation to web development (rather and toilet cleaning or Greek mythology).
