- The Public Domain Manifesto — eloquent argument in favour of the public domain. (via BoingBoing)
- Clear Climate Code — project to write and maintain software for climate science, with an emphasis on clarity and correctness. What a wonderful way for coders who aren’t scientists to contribute to open and better science. (via the interesting OKFN blog)
- Don’t Hash Secrets — One area of secure protocol development that seems to consistently yield poor design choices is the use of hash functions. What I’m going to say is not 100% correct, but it is on the conservative side of correct, so if you follow the rule, you (probably) can’t go wrong. You might be considered overly paranoid, but as they say, just because you’re paranoid doesn’t mean they’re not after you. So here it is: Don’t hash secrets. Never. No, sorry, I know you think your case is special but it’s not. No. Stop it. Just don’t do it. You’re making the cryptographers cry.
ENTRIES TAGGED "cryptography"
The first of three public workshops kicked off a conversation with the federal government on data privacy in the US.
Semweb, Comedy Java, Mobile Spyware, Crypto
- On Data Reconciliation Strategies and Their Impact on the Web of Data — For years, I’ve been a fairly vocal advocate for the elegance and scalability of a-posteriori reconciliation via equivalence mappings as a superior mechanism (scale-wise) to a-priori reconciliation efforts… but this started to change very rapidly once I started working for Metaweb and saw first hand how much more effective a-priori reconciliation can be, even if drastically more expensive and limiting in the data acquisition front. (via straup on Delicious)
- Java Spring’s Biggus Dickus Effect — Nonstop administrative debris as dadaist poetry. Écriture automatique of the programming office manager or his parrot. (via mattb on Delicious)
- Arabic Blackberry Spyware — update pushed out to Arabic Blackberries CC:ed all email to the authorities. A powerful case for multi-distro platforms, which reduces the size of the market captured with one distro is pwned like this.
- NaCl – Networking and Cryptography Library — open source high-level crypto library. NaCl (pronounced “salt”) is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl’s goal is to provide all of the core operations needed to build higher-level cryptographic tools. Of course, other libraries already exist for these core operations. NaCl advances the state of the art by improving security, by improving usability, and by improving speed. Creator of qmail is one of the developers. (via Simon Willison)