Tuesday, February 2, 2016
It Is a Good Thing to be Scared When It Comes to Security
While at a software security training, I realized that when it comes to security, nothing is more important than being scared. It is good thing to be scared. Every day when we work on our feature, we focus on what makes our customer happy, the product great, and finally releasing on schedule. Security is not the top priority in our mind. Making a software secure is not fun, doesn't shine like that fancy new capability, and a lot of time it is a boring task. However, the fear of a hacker that can ruin your work and bring it down is a good motivation.
Learning about different threats, I could feel the fear building in me and eventually transferred to a sense of urgency and a motivation to learn more and take action. I think every engineer should take couple of hours every week and read about security incidents. Nothing can keep you more alert than stories of companies that got hacked and critical business data that got compromised. The devastating effect that these security incidents have on companies and individual's life is enough to keep you awake at nights. It is a good inconvenience to have, and a lot better than having your system compromised.
Wednesday, January 20, 2016
How to clean up your git credintials on windows (i.e. Credential stored by wincred)
One problem that I noticed with wincert is that after I changed my password, it doesn't ask me for new password. It tries the old password and if it fails it returns. My expectation was that if the password fails, it prompts for a new password and replaces the old password after successful attempt. However, it doesn't do this. You have to manually do the following
1- Go to Credential Manager Win key -> and search for it
2- Click on windows credentials
3- Remove the address that starts with git:http...
This should solve your problem. :)
Wednesday, April 23, 2014
Why the Future of Software Licensing is Subscription
The fist time I installed Photoshop on my computer was around 1996 or 1997. I was very amazed by it capabilities. The fact that you could easily edit an image on screen of your computer was great. That version of Adobe was sitting on my computer and was used for casual photo editing or even some creative funs.
The next version that I installed was version 6, released in 2000. You wouldn't need to be an expert to see the differences that two version had. It was a lot better, and more exciting.
Same for AutoCad. My father uses AutoCAD a lot. I remember the first version that he installed was AutoCAD 13, installed on MS-DOS with very basic GUI. At the time, although they have started to using it in some limited cases, but the software was still far from a complete solution. They could not move completely from pen and paper to the computer. I remember people were counting days for the new version, so they can get more features and more stable software. They wouldn't hesitate to purchase the software the first day it was released. Even if they had to buy better operating system and upgrade their hardware. Main reason was, new version had features that could significantly increase their productivity and as result make more money for the business.
However, as we move forward I see less and less enthusiasm among professionals (i.e. photographers, architect) to upgrade their software, the most important tool for their craft. Seems today's software are good enough and they no longer can justify an expensive annual purchase of new AutoCAD or Photoshop license just because it has some new fancy feature that probably 99% of the time they don't use. There are many other examples, MS Office is also victim of its success. Its current features are more than enough for most people who just want to write a letter, an essay or make simple presentation. As result, when a new version of office comes although it might have something that makes power users happy, but doesn't look necessary for normal users and they cannot justify a new purchase.
This doesn't work for software companies. They still have engineers working on new advance features, fix bugs and release security patches. They need to spend money on R&D and new products, and still have to pay their shareholders.
This is where the subscription model comes into play. It guaranties that someone pays for the ongoing work of bug fixes and security patches while adding new features constantly. High speed Internet and reasonable availability makes it easy for this business model. Companies can no longer convince customer to pay for new software every year.
Companied will try to add more value to the subscription like cloud storage and very frequent update. This still cam make some customers unhappy because previously people could see purchase of a software like Photoshop as an investment similar to purchasing of a new camera. They could be confident that they don't need to pay in the next 2-3 more years or until whenever they feel there is a need for an upgrade. However, In this new model they are just a tenant and they have to pay rent each month or they get eviction notice.
The next version that I installed was version 6, released in 2000. You wouldn't need to be an expert to see the differences that two version had. It was a lot better, and more exciting.
Same for AutoCad. My father uses AutoCAD a lot. I remember the first version that he installed was AutoCAD 13, installed on MS-DOS with very basic GUI. At the time, although they have started to using it in some limited cases, but the software was still far from a complete solution. They could not move completely from pen and paper to the computer. I remember people were counting days for the new version, so they can get more features and more stable software. They wouldn't hesitate to purchase the software the first day it was released. Even if they had to buy better operating system and upgrade their hardware. Main reason was, new version had features that could significantly increase their productivity and as result make more money for the business.
However, as we move forward I see less and less enthusiasm among professionals (i.e. photographers, architect) to upgrade their software, the most important tool for their craft. Seems today's software are good enough and they no longer can justify an expensive annual purchase of new AutoCAD or Photoshop license just because it has some new fancy feature that probably 99% of the time they don't use. There are many other examples, MS Office is also victim of its success. Its current features are more than enough for most people who just want to write a letter, an essay or make simple presentation. As result, when a new version of office comes although it might have something that makes power users happy, but doesn't look necessary for normal users and they cannot justify a new purchase.
This doesn't work for software companies. They still have engineers working on new advance features, fix bugs and release security patches. They need to spend money on R&D and new products, and still have to pay their shareholders.
This is where the subscription model comes into play. It guaranties that someone pays for the ongoing work of bug fixes and security patches while adding new features constantly. High speed Internet and reasonable availability makes it easy for this business model. Companies can no longer convince customer to pay for new software every year.
Companied will try to add more value to the subscription like cloud storage and very frequent update. This still cam make some customers unhappy because previously people could see purchase of a software like Photoshop as an investment similar to purchasing of a new camera. They could be confident that they don't need to pay in the next 2-3 more years or until whenever they feel there is a need for an upgrade. However, In this new model they are just a tenant and they have to pay rent each month or they get eviction notice.
Friday, June 24, 2011
IE Tries to Download Json Response
Apparently, IE 8 and below doesn't like "application/json" mime type in ajax response. When it receives the response, it tries to download it as a file, and prompts a "Save as" dialogue. Although the standard json mime type is "Application/json", you need to use "text/plain" to fix this issue, So if you are using .Net MVC you need to use:
return Json(result, "text/plain");
Where "result" is the object you want to convert to Json.
Important: Do not use "text/html", it creates an XSS flaw in your application. See here for more info
return Json(result, "text/plain");
Where "result" is the object you want to convert to Json.
Important: Do not use "text/html", it creates an XSS flaw in your application. See here for more info
Thursday, June 23, 2011
Regex For Matching File Names with Date
Here is some example of file name matching regex:
File Format:
FileName-dd-mm-yyyy.EXT:
^(FileName)-([1-9]|0[1-9]|[12][0-9]|3[01])-([1-9]|0[1-9]|1[012])-(19[0-9][0-9]|20[0-9][0-9])\.EXT$
See here for a good reference: http://msdn.microsoft.com/en-us/library/az24scfc.aspx
Also you can test your expression here: http://www.regextester.com/
File Format:
FileName-dd-mm-yyyy.EXT:
^(FileName)-([1-9]|0[1-9]|[12][0-9]|3[01])-([1-9]|0[1-9]|1[012])-(19[0-9][0-9]|20[0-9][0-9])\.EXT$
See here for a good reference: http://msdn.microsoft.com/en-us/library/az24scfc.aspx
Also you can test your expression here: http://www.regextester.com/
Saturday, January 8, 2011
Facebook Quiz Applications
Quiz application is an application template created by applatform.com, I think they are one of the FBFund recipients! Its simply provides a wizard for anybody to create what ever quiz applications he/she wants. Yes! a NEW application for each quiz!
So what is the big deal? First, every body can create stupid quizzes. This means there are thousands of quizzes out there in different languages based on different cultures. Second, every time someone takes one of the quizzes, a big ugly feed gets posted on your news feed. (Well the look really depends on the quiz designers' taste which experience shows most if the times it sucks!). Since each quiz is a different application with a unique ID, with the current design of facebook there is no way to shut up the whole thing. For example, if you block "Which part of body are you?" quiz, this does not stop "Find out How stupid you are?".
The end result is, when around 11 PM you finally get a chance to log in to your face book to read what you actually concern like your friends status, events, wall-to-walls, or a nice video that your friend has posted, you just see a page full of quizzes some of them in the languages that you don't even understand!
At this time, as far as I know, many people are concern about this app, specially application developers because their application get buried between spams. They are pushing to ban this application under section 5.3 of Facebook Platform Policy. Also, facebook team promised to come up with a better filtering facility. Well, if Facebook CEO stops dreaming to have a copy of twitter in the heart of facebook. Meanwhile, I think it is just a general responsibility that each of us must take. A virtual social ethic that should not be different than what we have in our day to day life. I mean do you really walk in the street and shout to the people, or say things in different languages that they don't understand.
You can simply stop this spam. How? Well. when you take a quiz, at the end when it asks you to send it to all, simply say NO.
your own safety:
Virtual ethic is not just for others' convenience , but for our own safety. Remember hackers and identity thieves are not like what you see in the movies. A nerd sitting in a dark room with many flat screens. Usually they are social engineers who spend time to find information about people. Valuable information that we usually leave carelessly around. They use this information to impersonate themselves to access our governmental or financial accounts .
Also, when you are adding a new application think three times! :). Most of these applications are not developed by facebook and face book does not control them or accepts responsibility for any damages caused by aplications. Have you notice when you want to add a new app, it ask you to give it permission to have a full access to your data?! This applications can be used to steal your information, hijack your session, and execute different cross script attacks. What I never thought that can be possible is to use your profile as a bot for DOS attacks!
There is one golden rule, and it is not just for the facebook, but for the entire virtual world. the rule is when you want to submit any thing (e.g. comment, a picture or a note), think twice. Imagine if you were actually sitting around a huge table with all of your lets say 100 friends, including your best friends and your current colleges. Would you still going to do the same thing that you are going to do on the net?
Subscribe to:
Posts (Atom)