Author Archives: Jared

How to store passwords: Use Argon2

If you’re designing a service that requires passwords for authentication, store them using the Argon2 or bcrypt password hashing functions. Don’t use MD5, SHA-1, SHA-2 or SHA-3 — they’re not designed to keep passwords secure against attackers that gain access to your password database. Reference article: How LinkedIn’s password sloppiness hurts us all by Jeremi […]

Google’s use of Java APIs ruled “fair use”

I’ve been following the Ars coverage of the Oracle v Google trial regarding whether Google’s use of Java APIs is “fair use”. I didn’t think Google would win, but was pleasantly surprised when the jury decided in their favor. Hurrah! However, just because Google won, doesn’t mean that companies can indiscriminately copy APIs and have […]

How the internet works — Submarine fiber

Ars has an interesting article showing how the internet works with regard to the underseas cables that tie the continents together. I had no idea there were repeaters to help the signal propagation, or how broken cables were repaired.

URL shorteners can compromise security

It’s useful to shorten long URLs, especially when sending them in tweets and in text messages. An article helped me learn that they can be a security risk: URL shorteners such as and perform a straightforward task: they turn long URLs into short ones, consisting of a domain name followed by a […]

The Beauty of the Netherlands

I ran across pictures by Albert Dros, displaying the beauty of the Netherlands. I lived there for two years as a missionary for the LDS Church. I spent much of my time on a bicycle, riding through wind and rain, and enjoying sunsets and the verdant landscape. I had the opportunity to visit Keukenhof and […]

KeyCzar: Encryption made easy

Encrypting sensitive data-at-rest (i.e. in a database) is a good idea, but how does one manage the encryption keys, and rotate keys or start using a new algorithm down the road without orphaning or migrating the old data? Use KeyCzar Cryptography is easy to get wrong. Developers can choose improper cipher modes, use obsolete algorithms, […]

Gotcha’s of command-line tools

I came across this recently, and I think it’s worth sharing. It outlines gotchas of commonly used commandline tools and arguments such as when ‘rm -rf’ doesn’t remove a directory, and how to get around it, or when ‘wc -l’ fails to count the last line in a file.

RabbitMQ, memcache, and too many socket connections

What happens when you have hundreds of services connected to RabbitMQ and memcache, and those services have a bug that causes them to keep their previous socket connections open, and repeatedly reconnect to RabbitMQ and memcache? They crash. It occurred to me that one can prevent too many connections using iptables on the RabbitMQ and […]

Great tools: ag and rlwrap

It’s fun to learn about new command line tools from coworkers. Here are two. rlwrap can be used to wrap anything in a realine command history. It’s useful to preserve command history, including the commands typed in remote ssh sessions. Just wrap ssh in rlwrap. ag, the silver searcher, is a super-fast recursive grep tool. […] “Changes in the TLS certificate ecosystem”

I was glad to come up to speed with what has been happening with TLS in the last couple of years, and I highly recommend reading these articles. I learned about HTTP Public Key Pinning, Certificate Transparency, and STARTTLS stripping, among other things. Here’s one of many good quotes: The core problem of […]