SQRL Poised To Save Us From Password Hell

A few times every decade we get to witness the emergence of a truly revolutionary back-end technology breakthrough. I recall following OpenID in the mid-00's, reading some of the early discussion groups and blog posts, eventually watching it become supplanted by OAuth. Which would go on to drastically simplify the way most people log in … Continue reading SQRL Poised To Save Us From Password Hell

DIY Internet: More on personal VPNs

A few followup thoughts regarding Monday's post about setting up a personal VPN. Self-Sufficient, DIY Internet All the Facebook Cambridge Analytica nonsense has really emphasized how dependent we have become on third party services and social networks. As I thought about it, the idea of being self-sufficient online has really started to appeal to me. … Continue reading DIY Internet: More on personal VPNs

Huge Vulnerability in WordPress 4.8

Anthony Ferrara discovered a significant security vulnerability and an even more fundamental security flaw in WordPress. The correct fix is to ditch this whole prepare mechanism (which returns a string SQL query). Do what basically everyone else does and return a statement/query object or execute the query directly. That way you can’t double-prepare a string. … Continue reading Huge Vulnerability in WordPress 4.8