Profile cover photo
Profile photo
Tinco Andringa
51 followers
51 followers
About
Posts

Post has attachment
We have a new blog article up about resolving web application resource bottlenecks with concurrency. It is a general introduction into the performance improvements application servers offer and a good read for both new devs and for the more experienced.

Post has attachment
Hi, we wrote a blog about debugging some issues in Rails 5 ActionCable :)

Post has attachment
The latest Passenger release contains some exciting new monitoring features for Node.js applications. One of these is that Passenger can now deep-inspect applications to measure how long various function calls take, and log the results to Union Station.

Union Station is Phusion's brand new take on application analysis and monitoring for Passenger web apps.

https://blog.phusion.nl/2015/12/09/passenger-node-js-union-station-logging-support/

Post has attachment
Hi Rubyists, Phusion has a new Union Station blog post online, this time about the Union Station weekly summary feature. A great way to stay up to date on the health of your application without even leaving your inbox: https://blog.phusion.nl/2015/11/24/union-station-newsletter/

Post has attachment
Please do not under any circumstances follow this advice without picking the words by flipping through a paper dictionary at random.

Password databases get stolen all the time from big companies like Sony and Gawker. There is a very real and significant risk that your password will get stolen this way. If you use an insecure password, and use that across many sites the thieves (or government) will be able to log into all of those sites.

An example: the 3 words 'this', 'is' and 'fun' are all within the 3000 most common words, so there are 3000^3 combinations possible. Even the highly recommended secure password hash scheme (salt+bcrypt) can be cracked at ~5000 c/s, on a single computer. This means you need just 60 computers to crack it in a day. This means anyone who gets your password hash and is a little bit interested in your private information can crack it for just a couple hundred bucks on a service like Amazon (or a few hours in their government facility).

If you pick a password, make sure it is picked at random (for example, throw a dice three times to get a page number (pretend 6 is a zero) and open the dictionary at that page. Then blindly pick a word there, and repeat this 3 times. That's really random!

Don't buy this 'how does the attacker know you have picked three words with spaces in between?' argument. Hackers aren't stupid, they don't begin with an all combinations bruteforce. They start with small dictionaries and build out to larger ones, eventually going through any scheme you could come up with and more.

Don't assume 100 years is a long time. 100 years on a single computer means 1 year on 100 computers. Every once in a while a breakthrough comes that makes computers 10 times as fast, and suddenly you're looking at a month.

There's a compromise between "this is fun" and "Uc([u+e>q#iZ|Xrhl@@HkCfnd=R~5". And it lies somewhere around picking 3 difficult to guess words that you didn't pick yourself, and don't form a logical or grammatically correct sentence. It won't be hard to remember, I promise you :)



 
Add a comment...

Post has attachment
#ifihadglass I would write an app that would record what people see together with that they are listening to on their music device, so people could share their musical experiences while cycling through nature!
Add a comment...
Wait while more posts are being loaded