63934007
submission
ChelleChelle2 writes:
“Script injection vulnerabilities are a bane of Web application development: deceptively simple in cause and remedy, they are nevertheless surprisingly difficult to prevent in large-scale Web development. “ Unfortunately, code inspection and testing are typically not enough to ensure the absence of XSS bugs in large web applications. Luckily, the engineers at Google have developed practical software design patterns that make the development of Web applications much more resistant to the inadvertent introduction of XSS vulnerabilities into application code.
63342189
submission
ChelleChelle2 writes:
Network reliability is an important issue in distributed computing. “the degree of reliability in deployment environments is critical in robust systems design and directly determines the kinds of operations that systems can reliably perform without waiting.” Unfortunately, however, the degree to which networks really are reliable in the real world is the subject of considerable and continued debate. Complicating matters in this discussion is a general lack of evidence. In this article, Peter Bailis (UC Berkeley) and Kyle Kingsburg (Jepsen Networks) take the first step toward a more open and honest discussion of real-world partition behavior by providing an informal survey of real-world communications failures.
61985545
submission
ChelleChelle2 writes:
The Association for Computing Machinery (ACM) was founded in 1947. Today, it is considered one of the most prestigious scientific and educational computing societies in the world. For decades ACM membership was considered to be a mark of a professional; however, this is no longer the case. Many programmers today consider the ACM a purely academic institution of little use or relevance for professionals. In this article, Vinton Cerf—one of the “fathers of the internet” and a past president of the ACM—asks how can ACM “adapt its activities and offerings to increase the participation of professionals?” Is there anything the ACM can do to better serve professional programmers? Join in the conversation
61572201
submission
ChelleChelle2 writes:
If there’s anything that the Heartbleed fiasco has taught us, it’s that when it comes to free software you get what you pay for. Many free and open-source software (FOSS) projects are underfunded and thus badly staffed, creating the potential for bugs like Heartbleed to go undiscovered for years. So how can we generate funding for FOSS? In this article Poul-Henning Kamp provides a funding model based on his personal experience with FreeBSD and Varnish.
60924533
submission
ChelleChelle2 writes:
“Thomas Jefferson said, ‘Eternal vigilance is the price of liberty.’ It is the price of security as well.” So says network and computer consultant Thomas Wadlow in the most recent of a series of articles centered on the theme of “security” published by acmqueue. In this incredibly informative article Wadlow lays out a series of best practices for security, detailing how to determine whom you trust, what you trust them with, and how much you trust them.
60669415
submission
ChelleChelle2 writes:
In February Apple made headlines when it revealed a major SSL vulnerability that had rendered hundreds of millions of devices vulnerable since September 2012. In a cleverly worded article (“Finding More than One Worm in the Apple) Mike Bland (formerly a member of Google’s Test Mercenaries team) addresses five big questions about the SSL vulnerability—what was the bug? How did it happen? How could a test have caught it? Why didn’t a test catch it? How can we fix the root cause? Taking issue with recent explanations of why the bug made it past the tests and tools Apple had in place, Bland lays the blame on the failure of corporate culture to recognize the importance of unit testing. Seeing this as a “teachable moment,” Bland advocates for greater automated testing and code quality.
60139793
submission
ChelleChelle2 writes:
Andy Gill, head of the Functional Programming Group at the University of Kansas, provides an in-depth look at embedded Domain-specific Languages (EDSLs). An EDSL—which is essentially a language inside a language—considerably lowers the cost of developing and maintaining a DSL by reusing the facilities and tools of the host language. Expanding on a paper delivered at the 2011 International Conference on Engineering of Reconfigurable Systems and Algorithms, Gill discusses how Haskell is a great host for EDSLs.
59862021
submission
ChelleChelle2 writes:
Edward Snowden’s release of classified material exposing the existence of numerous global surveillance programs (obtained while working as an NSA contractor at Booz Allen Hamilton) has been referred to as “the most damaging breach of secrets in U.S. history.” Regardless of whether one choses to champion or condemn Snowden’s actions, it is apparent that the NSA needs to dramatically rework its security measures. In this article Bob Toxen, renown author of several books and articles on Linux Security, discusses the security practices that could have stopped Snowden. Equally interesting, he weighs in on the constitutionality and morality of the NSA’s spying on all Americans.
47012463
submission
ChelleChelle2 writes:
So asks Patrick Meenan, of Google, in this article from acmqueue. Meenan’s question is an important one—it’s a well-known fact that a Web site’s performance (speed) directly correlates to its success. Meenan discusses active testing techniques—both traditional and new—that can be used to monitor Web site performance.
45876903
submission
ChelleChelle2 writes:
We’re living in a world where mobile clients are increasingly on the rise. As a result, it’s becoming ever more important to take into consideration the customer experience on a mobile device. In this article, Kate Matsudaira suggests that if you are having mobile performance issues you “fix the back end, not just the client.” Matsudaira provides a concise and helpful reference for API developers to ensure that mobile clients are remotely served data and application resources reliably and efficiently.
