1. What you require you must also retire
  2. Browser indicators: we are currently in a transition phase. A few years ago, the browsers only indicated secure behavior. In the near future, they will only indicate insecure behavior (ex: Chrome 75 shows HTTP sites as ‘Not secure’, but it also shows the green address bar for HTTPS sites with EV certificates)
  3. HTTPS usage: 78% overall according to Firefox telemetry, but only 58% among the first 1M websites. However, we are a long way until the browsers will default to HTTPS scheme for loading a website.
  4. Plaintext HTTP/1.1 is about 8 times slower compared to encrypted HTTP/2 HTTPS. https://www.httpvshttps.com/
  5. Fiddler is really powerful (ex. replay requests, intercept mobile traffic, etc), but Havij (SQL injection) is close to magic when it comes to penetration testing
  6. Certificate transparency is a really useful tool. The CT monitoring tool is arguably the only useful thing ever created by Facebook
  7. A few tools: SuperLogout (maybe try this in an incognito window; it will log you out of all the popular websites), ZoomIt (screen zoom and annotation tool), Windows key + . (just try it if you’re on Windows 😉)
  8. The expectation of privacy is different on a tech website compared to an online dating one
  9. Trust, but verify: you should trust the CDNs and rely on them for the massive performance improvements, but you must verify them using SRI. Tip: you don’t need to SRI your own assets.
  10. The main value proposition of the Content Security Policy is mitigating XSS attacks. A strategy to get started: use a non-production environment, report only, default-src ‘none’, watch the console and build your CSP by cleaning the console errors one by one.
Oslo is wonderful on good weather

The tools that I’m using #4

Written on 8 September 2018, 01:10pm

Tagged with: , ,

It’s time for a new post about the tools that I’m using. See previous editions:
2013
2014
2016

As usual, most of the applications are still there, but there are some changes. More importantly, I merged Productivity and Work into a single section since I no longer see a good reason to separate them.

Productivity and work

  1. Chrome
  2. Dropbox
  3. f.lux
  4. Logitech SetPoint
  5. Sublime Text
  6. Total Commander
  7. + LastPass
  8. + Workflowy
  9. + Pocket
  10. + BitVise
  11. + WizzMouse
  12. + Ditto
  13. + Freedome VPN

Gone are the anti-virus/anti-malware apps (Avast, MalwareBytes), along with the KeyTweak (I got a new notebook and I no longer need to tweak the keys). Also gone Beyond Compare (even though I’m still using it from time to time), and OneNote, replaced by Workflowy (Google Keep currently under evaluation) F-lux is at the borderline – still there, but I don’t know for how long. New entries: Wizz Mouse, because it makes your mouse wheel work on the window currently under the mouse pointer, instead of the currently focused window. Workflowy because of its brilliant simplicity and LastPass + Pocket because I forgot to add them 3 years ago. BitVise – because it’s much better than Putty + WinSCP combined. And finally, Ditto, a clipboard manager. Clear privacy issues, since it stores your clipboard forever, but it saved me a few times. Speaking of privacy – Freedome VPN is now in the list, since you can no longer not have a VPN nowadays…

Entertainment

  1. Neflix
  2. FastStone Editor
  3. WebShots
  4. + Photolemur

VLC and FastPictureViewer are gone, Photolemur is a new entry. And WebShots is still awesome!

The tools that I’m using #3

Written on 14 July 2016, 01:30pm

Tagged with: , ,

It’s time for a new post about the tools that I’m using. See previous posts:
2013
2014

Naturally, most of the applications are still there, but there are some changes:

Productivity

  1. Chrome
  2. Dropbox
  3. f.lux
  4. Logitech SetPoint
  5. MalwareBytes
  6. Avast
  7. WebShots
  8. KeyTweak

I removed from the list Skype, CrashPlan, WinRar, Avira.

Work

  1. Sublime Text
  2. Total Commander
  3. OneNote
  4. Beyond Compare

I removed from the list Wamp, Putty, Win Merge

Entertainment

  1. VLC
  2. Neflix
  3. FastStone Editor
  4. FastPictureViewer

Image resizer, GomPlayer and µTorrent are gone.