Punting on SxSW (Brad Feld) -- I came across this old post and thought: if you can make money by being a dick, or make money by being a caring family person, why would you choose to be a dick? As far as I can tell, being a dick is optional. Brogrammers, take note. Be more like Brad Feld, who prioritises his family and acts accordingly.
Probabilistic Structures for Data Mining -- readable introduction to useful algorithms and datastructures showing their performance, reliability, and resources trade-off. (via Hacker News)
Dataset -- a Javascript library for transforming, querying, manipulating data from different sources.
Many HTTPS Servers are Insecure -- 75% still vulnerable to the BEAST attack.

Back in the good old days things were a lot simpler. You didn’t have to worry about packet capturing or password extracting, and as a result a lot of the original protocols like HTTP, FTP and POP3 didn’t worry about sending your passwords over the wire in plain text. But in today’s increasingly sophisticated API-driven world this isn’t enough.

For developers storing a username and password and sending them to a web server was easy – most APIs and libraries included simple username and password fields. This most common form of this kind of authentication, typically known as HTTP basic authentication, has been available to users of the Twitter API for some time now, and its convenience has made it more attractive than secure protocols like OAuth for a number of developers. However, on June 30th Twitter will be shutting off basic authentication:

You’re going to be hearing a lot from me over the next 9 weeks.  Our plan is to turn off basic authorization on the API by June 30, 2010 — developers will have to switch over to OAuth by that time.  Between now and then, there will be a *lot* of information coming along with tips on how to use OAuth Echo, xAuth, etc.  We really want to make this transition as easy as we can for everybody.

As always, please feel free to reach out to this group, or to @twitterapi directly.  if you need help remembering the date - http://bit.ly/twcountdown

And as noted above the Twitter team has even created a handy countdown clock to help you count the days:

The change will only affect the REST API, while the streaming API will continue to support basic authentication.

The effect of the change is not limited to small hobby projects – popular Twitter clients like TweetDeck have traditionally used basic authentication (although they have made the switch to OAuth). While Twitter will provide a lot of documentation and support for the change over to OAuth, the onus is still on developers to make the required changes, and there are lots of mashups that make use of the Twitter API.

Related ProgrammableWeb Resources Twitter API Profile, 384 mashups

We're no strangers to paranoia and online personal finance, but popular webapp Mint still won us over in the long run. Security professional and blogger Jason Owens offers tips for how he'd add extra layers of security to your sensitive Mint account. More »

Some folks aren't having quite the honeymoon with their barely-smudged iPad as others, because they're finding Wi-Fi connections buggy and unreliable. Apple suggests at a KnowledgeBase support page that the issue might involve dual-band routers that can set up separate networks for each frequency range, but keep the same names or have separate security protocols. Apple suggests giving those bands their own name, as in adding "G" and "N" to those respective connections, ensuring they use the same security, and, if all else fails, resetting your iPad's network settings. [Apple via Gizmodo] More »

The people who uncovered GhostNet, an extensive cyber espionage network that targeted the Tibetan exile community, are back with a sequel. Starting with an infected machine that was found during that investigation, an international team of researchers has uncovered a completely separate network that primarily targeted the Indian government, and turned up some classified documents that had been obtained by the hackers. By reconstructing the network, the team was able to trace things back to the hacking community in Chengdu, China.

The work involved a collaboration between the Information Warfare Monitor and the Shadowserver Foundation, but, over the course of its work, involved dozens of other security groups and experts. It also benefitted from extensive cooperation with the Office of His Holiness the Dalai Lama, which had previously approached the security researchers in response to security lapses that unearthed GhostNet. The researchers take what they term a "fusion methodology," which is basically a combination of fieldwork—studying infected systems in situ—with standard security approaches.






Read the comments on this post