Do you Trust password managers?

2018-04-28 • Comments [1]

Password managers are very popular these days. There are some that store your passwords locally (e.g., KeePass), but vast majority store your passwords online. Two, most popular ones are 1password and LastPass.

All online password managers claim they are secure. But do you know that for sure? Additionally you have no idea what code changes developers working on them are making everyday. You have no idea whether that 128-bit identifier generated locally is actually unique, and cannot be sniffed by spyware on your machine.

Is storing all password in 1 place, behind 1 password better than reusing passwords on multiple sites? When website it being hacked, they usually leak encrypted password (most of the time with salt). If somebody get access to all your passwords though, you are in BIG TROUBLE. I don’t feel I need to even explain what can happen. It didn’t happen to the most popular managers yet, but…

I believe password managers are useful, but should not store most sensitive passwords there. Including your e-mail, bank account, etc. Remember these, or store them on external flash drive. You can also use KeePass to encrypt them. Additionally, you should not store, not-generated passwords. If these get compromised attacker gets some idea what your other passwords can be.

What’s your toughts? Are you using password managers?

Comments [1] Category: security • Tags: , ,

Get Computer Science Crash Course with Imposter’s Handbook

2018-04-10 • Comments [0]

THE IMPOSTER'S HANDBOOK

I just finished reading Rob Connery‘s book Imposter’s Handbook. It’s a very good high-level overview of Computer Science concepts that you may not encounter in everyday job. It is also a good guidance for “what I should know”.

If you do not have CS degree I recommend you to check out this book. You can skip chapters about concepts that you are familiar with. If something is new to you – this book will provide you nice introduction to the topic, which you can later on dive in on your own.

If you do have CS degree, I still recommend you to at least check out what’s there. I’m sure you will learn something, or at least refresh your knowledge.

Check out hacker news discussion!

Do you have CS degree or you are self-taught programmer?

Comments [0] Category: programming, studies

Properly measuring HTTP request time with node.js

2018-02-23 • Comments [2]

When your backend code is calling external APIs you may want to measure particular request time to identify bottlenecks.

The most straight forward, but incorrect, way to measure how long request takes is to use JavaScript Date object:

var request = require('request');

let start_time = new Date().getTime();

request.get('https://google.com', function (err, response) {
    console.log('Time elapsed:', new Date().getTime() - start_time);
});

However, this won’t give you the actual time that request takes. Above request call is async, and you start measuring time at the time when request was queued, not actually sent.

In order to determine how much time elapsed since sending request, you can use the time parameter:

var request = require('request');

request.get({ url: 'http://www.google.com', time: true }, function (err, response) {
    console.log('The actual time elapsed:', response.elapsedTime);
});

You can also compare results returned by both methods:

var request = require('request');

let start_time = new Date().getTime();

request.get('https://google.com', function (err, response) {
    console.log('Time elapsed since queuing the request:', new Date().getTime() - start_time);
});

request.get({ url: 'http://www.google.com', time: true }, function (err, response) {
    console.log('The actual time elapsed:', response.elapsedTime);
});

When I run it, I got the following results:

The actual time elapsed: 72
Time elapsed since queuing the request: 156

Notice that the first callback resolves after the second one(!)

The difference is almost 2x. Depending on your server side code, this difference might be even larger, and give you incorrect hints while you are profiling your application.

Comments [2] Category: programming • Tags:

Boogie board – notepad of the future

2018-02-07 • Comments [0]

Are you using paper notepads to write down ad-hoc notes?

These multi page paper notebooks are super useful. You can just turn the page, save your old sketch and have clean page for new one! WRONG! This is the worst feature! You never look at these notes again, and they just pile up.

Recently, I got Boogie Board – an LCD writing tablet! It cost $20 and it changed my life.

BoogieBoard

You can sketch whatever you want, and erase with one button click. It’s like a pocket whiteboard. If something is important I just dump it to my OneNote before erasing (rarely happens). You don’t have to look for pen anymore. You have one that can be attached to the board, and you can even write with your hands (nails) on it.

I also got bigger one for in-office use. My desk before and after:

BoogieBoard - before BoogieBoard - after

Get one or big one for yourself! It will change your life!

Comments [0] Category: hadrware, other • Tags:

Add custom metadata to Azure blob storage files and search them with Azure Search

2018-01-31 • Comments [2]

Did you know that you can add custom metadata to your blob containers, and even to individual blob files?

You can do it in the Azure Portal, using SDK or REST API.

The most common scenario is adding metadata during file upload. Below code is uploading sample invoice from disk, and adds year, month, and day metadata properties.

const string StorageAccountName = "";
const string AccountKey = "";
const string ContainerName = "";

string ConnectionString = $"DefaultEndpointsProtocol=https;AccountName={StorageAccountName};AccountKey={AccountKey};EndpointSuffix=core.windows.net";
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(ConnectionString);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(ContainerName);

const string FileName = "Invoice_2017_01_01";
using (var fileStream = System.IO.File.OpenRead([email protected]"D:\dev\BlobMetadataSample\invoices\{FileName}.pdf"))
{
    var fileNameParts = FileName.Split('_');
    var year = fileNameParts[1];
    var month = fileNameParts[2];
    var day = fileNameParts[3];

    var blob = container.GetBlockBlobReference(FileName);
    blob.Metadata.Add("year", year);
    blob.Metadata.Add("month", month);
    blob.Metadata.Add("day", day);
    blob.UploadFromStream(fileStream);

    var yearFromBlob = blob.Metadata.FirstOrDefault(x => x.Key == "year").Value;
    var monthFromBlob = blob.Metadata.FirstOrDefault(x => x.Key == "month").Value;
    var dayFromBlob = blob.Metadata.FirstOrDefault(x => x.Key == "day").Value;

    Console.WriteLine($"{blob.Name} ({yearFromBlob}-{monthFromBlob}-{dayFromBlob})");
}

If you just want to add metadata to existing blob, instead of calling blob.UploadFromStream(fileStream) you can run blob.SetMetadata().

When you create new index for blob in Azure Search, we will automatically detect these fields. If you already have Azure Search index created, you can add new fields (has to be the same as metadata key), and all changes will be synchronized with next re-indexing.

Comments [2] Category: programming • Tags: , , ,

< 1 2 3 4 5 >»