RIP Aaron Swartz. Don't let his efforts be in vain.
May 7, 2022 • 6 tweets • 4 min read
@PaulJacobs__@fasterthanlime As an educator: I disagree. Project-based learning is *by far* the most effective way to learn something new; I actively encourage my students to think of a project they *want* to build, regardless of the complexity. As long as they are aware that it's a big goal, that's fine!
@PaulJacobs__@fasterthanlime Every big goal can be split up into smaller goals; every complex project can be reduced to a very small and simplified version. You do need to explain this to students, and emphasize that even if they never reach the original idea, they will still have learned a lot along the way
Mar 15, 2022 • 4 tweets • 1 min read
Your periodic reminder that "don't scan QR codes" is bad infosec advice, and that if that's your response to the QR-code-in-the-sky thing, you need to think about that more carefully.
QR codes are *meant* to be scanned. In and of themselves, they do not carry security risk.
What you're essentially arguing by that point is "people shouldn't visit URLs", in which case, uhhhh, do you realize what you're arguing for here?
Do you realize that if *that* is your advice, you (as the industry) have completely failed at your job of making computers safe?
Jan 19, 2020 • 7 tweets • 2 min read
Periodic reminder that you should NEVER use MD5 or SHA1 in any new project/system.
What to use:
- Password hashing: argon2i
- Cryptographically secure hashes (most usecases): BLAKE2 (fastest) or SHA3 (if needed for compatibility)
- Non-CS hashes: xxhash (faster than MD5)
Q: When do you need a cryptographically secure hash function?
A: When an attacker tampering with it in *any* way would cause a security issue. That's almost always, *including* for file deduplication on shared systems.
Q: What about scrypt/bcrypt?
A: Okay if needed for compat.