sleevi/CT Best Practices (April 2017)
Similar to my advice regarding OCSP Stapling for servers/server developers, based on questions I've received about "CT best practices," I wanted to write something similar for those writing server software. That is, this isn't targeted at server operators, but for those writing software like Apache, nginx, Caddy, etc.

At the most basic level, the deployment of Certificate Transparency to date has largely tried to focus the burden on CAs, rather than on server developers. If the CA is doing everything right, the server developer and the server operator shouldn't need to bother with CT, and all is good. However, with proposals liked Expect-CT, it may be that server operators want to opt-in to CT, even without their CA's support, and so need work from the server operator.
certificates  certificate_transparency  server  bestpractices  sysadmin  tls  pki  github_gist 
3 days ago
On Twitter the other day, I was lamenting the state of OCSP stapling support on Linux servers, and got asked by several people to write-up what I think the requirements are for OCSP stapling support.
tls  OCSP  Must-Staple  bestpractices  server  sysadmin  github_gist 
3 days ago
Market-Rate Housing Isn’t a Bad Word, and We Won’t Solve the Housing Crisis Without It
While the new apartment or condo project down the street is expensive, so is the 75-year-old house or apartment you’re trying to buy or rent. It’s *all* expensive, and that’s not because it’s “luxury.”

It’s because it’s scarce.
housing  economics  urban_development 
4 days ago
Washington Monthly | Terminal Sickness
But now we find ourselves at a moment when nearly all the promises of the airline deregulators have clearly proved false. If you’re a member of the creative class who rarely does business in the nation’s industrial heartland or visits relatives there, you might not notice the magnitude of economic disruption being caused by lost airline service and skyrocketing fares. But if you are in the business of making and trading stuff beyond derivatives and concepts, you probably have to go to places like Cincinnati, Pittsburgh, Memphis, St. Louis, or Minneapolis, and you know firsthand how hard it has become to do business these days in such major heartland cities, which are increasingly cut off from each other and from the global economy.
airlines  business  deregulation  capitalism  economy 
10 days ago
Mobile Code Sharing Strategies: a Comparative Analysis at Khan Academy - Google Docs
Reimplementing the same thing multiple times is error-prone, time-consuming, and demoralizing. But the cure might be worse than the disease. Let’s take a look. No recommendations here yet: let’s discuss first.

The Android app is split into two primary modules: “core,” which is isolated from Android and implements things like persistence, networking, and business logic; and “app,” which knows about Android and implements the UI and app-level concerns. This split is a useful one for thinking about code sharing strategies: it might be useful to share only one side, or to use different strategies for each.
code_sharing  c++  swiftlang  interop  java  mobile  software  programming  ReactNative  Xamarin 
11 days ago
frograin/FluidValidator: General purpose validation system for objects, nested objects, enumerables written in Swift
FluidValidator is intended to encapsulate validation logic. The API was designed with FluentValidation (https://github.com/JeremySkinner/FluentValidation) and Rails Validation as reference. Currently offers validation of simple objects, complex objects (object graph), enumerables. Localized error messages. You can easly override base behaviors and/or build your own reusable validation rules.
lang:swift  validation  github_repo 
12 days ago
a2geeks discussion on Ann Arbor's I-net municipal fiber replacement project
This project is to replace the institutional fiber network (I-net) that Comcast built for government units in the city as part of the franchise agreement in the early naughts. State law no longer allows negotiation of franchise agreements on the local level like that, and the original agreement did not specify that the city would own the fiber, so when te agreement is up in 2018, Comcast will be taking the fiber back. The city is leading an intergovernmental project to reconnect the sites served by the iNet to a new fiber network that would be owned by the city. this is a point-to-point network that does not directly connect to the Internet although most of the institutional partners (such as AADL) use iNet fiber to deliver high-speed net access to satellite locations via downtown locations that have fiber links to ISPs, mostly merit.

So, there is no residential or commercial component of this fiber project. It’s networking between government buildings. I’m not sure of the state of the law here in Michigan, but in many states it is no longer legal for municipalities to build networks for residential and commercial use due to telecom lobbying at the state level.

The small edit I’d make to Eli’s excellent summary is that iNet access has been extended to support municipal contracts, e.g. Republic Parking for networking to the parking structures, and Ann Arbor SPARK (if I recall correctly; I’m not 100% sure if the SPARK incubator traceroute goes through this network, but I think it does).
annarbor  a2council  fiber  internet 
13 days ago
Send Safari Tab List to OmniFocus
This AppleScript saves a list of all the open tabs in your (frontmost) Safari window to a new item in OmniFocus – Perfect for keeping track of webpages to return to later instead of keeping a billion tabs open all the time! By default, the item is given a name with the Date and Time and all of the links/URLs are collected in the item's note section.
safari  applescript  omnifocus  tool 
17 days ago
Objective-See: BlockBlock
Malware installs itself persistently, to ensure it's automatically re-executed at reboot. BlockBlock continually monitors common persistence locations and displays an alert whenever a persistent component is added to the OS.
osx  security  tool 
17 days ago
Buscador Investigative Operating System
Buscador is a Linux Virtual Machine that is pre-configured for online investigators.
OSINT  journalism  tool  security 
17 days ago
Upgrade your SSH keys! · blog.g3rt.nl
Tl;dr: Generate your new key with ssh-keygen -o -a 100 -t ed25519, specify a strong passphrase and read further if you need a smooth transition.
sysadmin  ssh  bestpractices  security 
18 days ago
Avoiding primitive obsession in Swift – CompileSwift – Medium
Domain modelling is essential to making code that is easy for new and experienced developers alike to be able to understand. By making your code more explanatory, you make it easier for developers to understand, and easier to refactor. By ensuring you prevent misuse of code, you make it safer to refactor and reuse code. Type systems are powerful tools to help improve your code, and can also have benefits for understanding the business rules you need to write. But in Swift, the types don’t have to be a burden while testing, by implementing the ExpressibleLiteral protocols.
swiftlang  types  bestpractices  modeling  data  refactoring 
22 days ago
The James Mickens Collection – Daniel Compton
James Mickens works at Microsoft Research. Amongst his more serious work, he has written some hilarious papers for Usenix, and given some funny talks. I’ve collected a selection of my favourite quotes here, but you should really read and watch them all from start to finish.
humor  programming  technology 
26 days ago
Swift Releases Have Themes – Ole Begemann
About a week ago, Swift Core Team member Ben Cohen wrote a thoughtful message on swift-evolution, answering a question about the chances of purely additive proposals to be accepted for Swift 4.

Ben explains the rationale the Core Team uses to decide which proposals should make it into the next version of the language. The gist of it is that each Swift release should focus on a small number of themes and that proposals contributing to these themes will be given priority.
swiftlang  swift-evolution 
26 days ago
System Level Breakpoints in Swift | Indie Stack
Good guide to using symbolic breakpoints with Foundation and similar ObjC APIs when interoperating with Swift.
swiftlang  objective-c  debugging  lldb  interop 
4 weeks ago
President Obama Weighs His Economic Legacy - NYTimes.com
“If we can’t puncture some of the mythology around austerity, politics or tax cuts or the mythology that’s been built up around the Reagan revolution, where somehow people genuinely think that he slashed government and slashed the deficit and that the recovery was because of all these massive tax cuts, as opposed to a shift in interest-rate policy — if we can’t describe that effectively, then we’re doomed to keep on making more and more mistakes.”
economics  america  taxes 
5 weeks ago
JohnSundell/Marathon: Marathon makes it easy to write, run and manage your Swift scripts
Welcome to Marathon, a command line tool that makes it easy to write, run and manage your Swift scripts. It's powered by the Swift Package Manager and requires no modification to your existing scripts or dependency packages.
swiftlang  lang:swift  cli  scripting  github_repo  SwiftPM 
5 weeks ago
willowtreeapps/spruce-ios: Swift library for choreographing animations on the screen.
Spruce is a lightweight animation library that helps choreograph the animations on the screen. With so many different animation libraries out there, developers need to make sure that each view is animating at the appropriate time. Spruce can help designers request complex multi-view animations and not have the developers cringe at the prototype.
ios  uikit  animation  github_repo  lang:swift 
5 weeks ago
ravenac95/sudolikeaboss: Get 1password access from iterm2
sudolikeaboss is a simple application that aims to make your life as a dev, ops, or just a random person who likes to ssh and sudo into boxes much, much easier by allowing you to access your 1password passwords on the terminal. All you need is iterm2, 1password, a mac, and a dream.
osx  tool  security  passwords  1password  iterm 
5 weeks ago
Case Citation Finder - Supreme Court of the United States
The search box below may be used to retrieve the citation, in the form recommended by the Reporter of Decisions, for every signed, per curiam, or in-chambers opinion published (or soon to be published) in the United States Reports.
supreme_court  citations  reference 
5 weeks ago
The weirdest subclass I've ever written
A reminder that the Liskov substitution principle should play into the decision whether to subclass or use a protocol-based design.
The biggest point to note – one which I feel is often left out of discussions about protocol oriented design – is the concept of substitutability. In the example I’ve shown here, you can always pass a SignalMulti where a Signal is requested but if a SignalMulti is requested, only a SignalMulti will suffice.

This is a clear case where substitutability encourages subclassing versus any other type of interface modelling.

Substitutability is the true meaning of an “is a” relationship that I discussed early as defining object-oriented programming. You need to think about whether your types have a strict “this class should always be substitutable for that class” arrangement.

Protocol oriented programming is good – watch the “Protocol Oriented Programming in Swift” video and use protocols where appropriate – but don’t forget that subclassing and inheritance retain some unique strengths in Swift.

Subclasses manage a specific substitutability arrangement that protocols can’t precisely model. Generic subclasses have better syntax than do protocols with associated types.
SOLID  liskov  oop  software_architecture  subclassing  protocols  swiftlang 
5 weeks ago
IvanVorobei/RequestPermission: simple permission request with beautiful UI
This project is a module for managing permissions with the visual part and the possibility of customization. Beautiful dialog increases chances of obtaining a permit (which is important when we request notification). Simple control of module saves hours of development. You can use the project with just two lines of code!
ios  permissions  github_repo  lang:swift 
5 weeks ago
Quick/Spry: A Mac and iOS Playgrounds Unit Testing library based on Nimble.
Awesome! I've wanted something like this before; glad to know it exists now.
The best thing about Spry is that the API matches Nimble perfectly. Which means once you've created your code and tests in a Playground, you can copy them directly into your Xcode project without needing to (re)write them again :)
playgrounds  nimble  bdd  testing  github_repo  lang:swift 
5 weeks ago
scihant/CTPanoramaView: A library that displays spherical or cylindrical panoramas with touch or motion based controls.
CTPanoramaView is a high-performance library that uses SceneKit to display complete spherical or cylindrical panoramas with touch or motion based controls.
panorama  360video  360photo  SceneKit  lang:swift  github_repo  graphics 
5 weeks ago
onmyway133/Smile: Emoji in Swift
A collection of utilities for dealing with emoji (and strings containing them) in Swift.
lang:swift  emoji  unicode  github_repo  strings 
5 weeks ago
Creating the perfect GPG keypair - Alex Cabal
If a thief gets ahold of the laptop with your private key on it, it’s pretty much game over. The thief can not only decrypt messages intended for you, they can also impersonate you by signing messages with your private key. Your only recourse would be to revoke your key, but that would mean losing years of signatures on that key and basically creating a massive inconvenience for yourself.

Part of the answer to this problem is the concept of subkeys. Subkeys can’t prevent a thief from decrypting messages intended for your private key. But they can help mitigate the damage to your identity should your key be lost or stolen.
pgp  gpg  encryption  security  bestpractices 
5 weeks ago
SpiderOak Semaphor Encrypted Group Chat and File Sharing
Email sucks, collaboration rocks. Faster uploads, sharing & search than the other guys. Offline mode. Mobile & desktop. Password-less design. Unparalleled privacy.
security  privacy  tool  chat  collaboration  messaging  Slack 
5 weeks ago
Cryptoparty A2 3/11/2017 Meeting Notes
I wasn't able to make it, so I appreciated the meeting notes (duplicated below):
A2 Cryptoparty 3/11/2017

Potential Cryptoparty Topics:
* Threat Modeling / Risk Assessment
* Basic Digital Hygiene
* Updates
* Passwords and Password Management
* Two Factor Authentication

* Tactical Secure Messaging:
* Signal: https://whispersystems.org/
* WhatsApp
* Facebook Secret Conversations
Other Tactical Messengers:
* Wire: https://wire.com/en/
* Wickr: https://www.wickr.com/
* Riot: https://riot.im/
* Tox: https://tox.chat/
Potential Group Chat (Slack Style) Solution:
* Semaphor: https://spideroak.com/personal/semaphor
* Strategic Secure Messaging: OpenGPG, PGP, etc
Intro, Beginner:
* Mailvelope: https://www.mailvelope.com/en/
* Keybase: https://keybase.io/
* https://alexcabal.com/creating-the-perfect-gpg-keypair/
* Signal:
* https://github.com/AsamK/signal-cli
* https://github.com/thefinn93/signal-weechat
* Issue: doesn’t like headless use.
* Tor / Anonymous Browsing
* Tor & VPN
* VPN On, Tor Browser On? Works
* Tail, Whonix, etc.
* Tor only
* Could apply VPN but OS is already forcing all connection through Tor or blocked.
security  privacy  tools  cryptoparty 
5 weeks ago
Looking at Model-View-Controller in Cocoa
If we take NeXTStep 4 as the origin date for Cocoa’s current Model-View-Controller pattern then it is 20 years old this year. It’s not broken but it has its drawbacks and it doesn’t feel as exciting or efficient as it once did.

Apple made its only significant effort to improve the design pattern, Cocoa Bindings, relatively early. Its reception was mixed and it has not been carried forward onto Apple’s newer platforms.

I don’t have any information about internal efforts by the AppKit or UIKit teams but it’s not immediately apparent that Apple are looking to make any dramatic changes any time soon. There are a number of possible design patterns employed in third-party frameworks which aim to improve the overall application design pattern in Cocoa but there doesn’t appear to be consensus that any one of these is necessarily the way forward. I do think these efforts reflect an interest in some kind of improvement.
mvc  software_architecture  apple  AppKit  cocoa  binding 
6 weeks ago
msaps/Pageboy: A simple, highly informative page view controller.
Looks like a nice UIPageViewController replacement.

Simplified data source management.
Enhanced delegation; featuring exact relative positional data and reliable updates.
Infinite scrolling support.
Automatic timer-based page transitioning.
UIPageViewController  uikit  github_repo  lang:swift  via:iosdevweekly 
6 weeks ago
Safeguarding Equatable Implementations – Ole Begemann
If you're not using Sourcery or something similar to ensure your Equatable implementations stay current, this approach is a useful sanity check.

See: https://pinboard.in/u:cdzombak/b:ed2bb5fc6fa1
swiftlang  lang:swift  Equatable  equality  bestpractices 
6 weeks ago
App Transport Security: What, Why, How? # Chris Dzombak
In this talk, I answer all your questions about App Transport Security: What is it? Why does it matter? How do you make your server compatible with it, and how do you configure your app to talk to non-compliant servers? Which other apps are using ATS? How does it work alongside other security strategies, like using plain old HTTPS or certificate pinning?
app_transport_security  https  tls  ssl  ios  osx  talk  via:cdzombak  bestpractices  certificates 
6 weeks ago
T-Pham/UITextField-Navigation: UITextField-Navigation makes it easier to navigate between UITextFields and UITextViews.
UITextField-Navigation adds next, previous and done buttons to the keyboard for your UITextFields and UITextViews. It allows you to specify a next field either on the Interface Builder or programmatically.
uis  keyboard  uitextfield  forms  navigation  github_repo 
7 weeks ago
ArtSabintsev/Guitar: A Cross-Platform String Library Written in Swift.
This library seeks to add common string manipulation functions that are needed in both mobile and server-side development, but are missing in Swift's Foundation library.
swiftlang  lang:swift  string  github_repo 
7 weeks ago
How to Keep Messages Secure | Teen Vogue
akgood: "Probably the best advice on (and explanation of) private messaging that's ever been published by *any* media outlet!"
security  privacy  encryption  messaging  e2e 
7 weeks ago
briansmith/untrusted: Safe, fast, zero-panic, zero-crashing, zero-allocation parsing of untrusted inputs in Rust.
Safe, fast, zero-panic, zero-crashing, zero-allocation parsing of untrusted inputs in Rust.

untrusted.rs is 100% Rust with no use of unsafe. It never uses the heap. No part of untrusted.rs's API will ever panic or cause a crash. It is #![no_std] and so it works perfectly with both libcore- and libstd- based projects. It does not depend on any crates other than libcore.
lang:rust  library  security  parser  x509  DER  PKCS  pki  github_repo 
7 weeks ago
briansmith/ring: Safe, fast, small crypto using Rust
ring is focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easy-to-use (and hard-to-misuse) API. ring exposes a Rust API and is written in a hybrid of Rust, C, and assembly language.

Particular attention is being paid to making it easy to build and integrate ring into applications and higher-level frameworks, and to ensuring that ring works optimally on small devices, and eventually microcontrollers, to support Internet of Things (IoT) applications.

ring is focused on general-purpose cryptography. WebPKI X.509 certificate validation is done in the webpki project, which is built on top of ring. Also, multiple groups are working on implementations of cryptographic protocols like TLS, SSH, and DNSSEC on top of ring.

ring is the successor of an earlier project called GFp. GFp implemented some elliptic curve cryptography over prime finite fields, also known as prime Galois fields and often denoted GF(p). When we implemented RSA, the name GFp did not make as much sense, since modular arithmetic over RSA public moduli is not GF(p) arithmetic but rather finite commutative ring arithmetic. Also note that ring started as a subset of BoringSSL, and “ring” is a substring of “BoringSSL”.

Most of the C and assembly language code in ring comes from BoringSSL, and BoringSSL is derived from OpenSSL. ring merges changes from BoringSSL regularly. Also, several changes that were developed for ring have already been merged into BoringSSL.
security  cryptography  library  lang:rust  github_repo  types  openssl  boringssl  ecc 
7 weeks ago
Misinformation Is a Norovirus and the Web Is a Cruise Ship | Hapgood
jbrennan: "Really interesting idea of looking at misinformation through the lens of epidemiology"
fake-news  facebook  epidemiology  virus  beliefs  cognitive-bias  web-browsers  socialnetworks  via:jbrennan 
7 weeks ago
Whonix is a desktop operating system designed for advanced security and privacy. It realistically addresses attacks while maintaining usability. It makes online anonymity possible via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP leaks. Pre-installed, pre-configured applications are ready for use, and installing additional applications or personalizing the desktop will in no way jeopardize the user. Whonix is the only actively developed OS designed to be run inside a VM and paired with Tor.
security  privacy  anonymity  linux  tor  tool 
7 weeks ago
Tails - Privacy for anyone anywhere
Tails is a live operating system that you can start on almost any computer from a DVD, USB stick, or SD card.

It aims at preserving your privacy and anonymity, and helps you to:

• use the Internet anonymously and circumvent censorship;
• all connections to the Internet are forced to go through the Tor network;
• leave no trace on the computer you are using unless you ask it explicitly;
• use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.
security  privacy  tor  linux  tool  anonymity 
7 weeks ago
With Personal Data in Hand, Thieves File Early and Often - The New York Times
With nothing more than ledgers of stolen identity information — Social Security numbers and their corresponding names and birth dates — criminals have electronically filed thousands of false tax returns with made-up incomes and withholding information and have received hundreds of millions of dollars in wrongful refunds, law enforcement officials say.

The criminals, some of them former drug dealers, outwit the Internal Revenue Service by filing a return before the legitimate taxpayer files. Then the criminals receive the refund, sometimes by check but more often though a convenient but hard-to-trace prepaid debit card.

The government-approved cards, intended to help people who have no bank accounts, are widely available in many places, including tax preparation companies. Some of them are mailed, and the swindlers often provide addresses for vacant houses, even buying mailboxes for them, and then collect the refunds there.
irs  taxes  security  identity_theft 
7 weeks ago
« earlier      
373proj a2council accessibility algorithms america android animation annarbor api apple applewatch appstore art associated_types async autolayout aviation bash bestpractices business c c++ charting ci clang cli clips clojure cocoa cocoa_touch cocoapods coffee color complexity concurrency coreanimation coredata corefoundation couchdb cryptography cs css culture cycling d3 data debugging design designpatterns detroit development diy dmx512 documentation elecdiy election2016 electronics embedded encryption engineering error_handling extensions facebook filetype:pdf finance flying foia font friends functionalprogramming game gcd generics gif git github github_gist github_repo golang graphics health html html5 http humor icons inspiration internet interop ios ios10 ios7 ios8 ios9 is:video java javascript journalism jquery json keyboard keychain kvo lang:swift layout life lighting linux management markdown matlab media:document memorymanagement michigan mocking music mvvm networking newspapers nginx notifications nsa nsurlsession nyc nytimes nytnow objective-c oop option_type osx parser performance photog photography php politics privacy productivity programming protocol_extensions protocols python quote radio reactivecocoa reactiveprogramming reactjs reactnative reference resources rest ruby rust_lang rx rxjava safety security shop simplicity software software_architecture solid srp ssl startups stm8 strings swiftlang sysadmin testing tls tool tools travel turbojet tutorial twitter type_members types ui uicollectionview uiimage uikit uitableview uiviewcontroller umich unicode unix ux via:andrewsardone via:androidweekly via:cdzombak via:iosdevweekly via:mattb visualization watchkit water weather web_dev windows wordpress work xcode xctest

Copy this bookmark: