Deal with top security vulnerabilities

Cross-site request forgery is an attack in which an attacker coerces a user to perform an action the user did not intend to, on a server the attacker has no control over.
For this reason, cross-site request forgery (or CSRF) is often referred to as a drive by attack. As a user drives by an attacker-controlled site, their browser is told to do things on a different, target website. When you visited the exploited page, JavaScript posted a transfer request to your website. In 2013 a CSRF attack on Facebook could let an attacker take over a user's account by targeting Facebook's email change functionality. CSRF attacks are also known by a number of other names, including XSRF, "Sea Surf", Session Riding, Cross-Site Reference Forgery, and Hostile Linking. Microsoft refers to this type of attack as a One-Click attack in their threat modeling process and many places in their online documentation. More...

Public speaking and pitching your ideas

Being anxious about speaking leads to many costly outcomes. The fear associated with presenting in front of others is pervasive and problematic. The word “anxiety” comes from the Latin word “angusta,” which translates to “a narrowing corridor that presses down on one passing through.” Thus, anxiety refers to the concern of not making it through something, like a presentation or meeting. The anxiety that originates from speaking in front of others is known as communication apprehension. This apprehension is both the real-time anxiety associated with actually speaking and the anxiety that comes with just thinking about speaking. If you asking for funding and you don't get this funding you get anxious. If we can see it as opportunity and like conversation it can minimize this anxiety. Visualization can be very helpful, just do deep breath, get a good night sleep, do not hide your nervousness, just play with it. Expectation from people is not that you are perfect, fake it till you make it, and make an eye contact. Imaging what it would be like if you can be on the stage and you can pitch your idea to angel investors and can connect to these people, if they can see you as more confident? More...

Creativity is not a talent

"Creativity is not a talent. it is a way of operating." - John Cleese. What, where, why, and how? Find your center - creative place for creative routine. Some people have it in the jacuzzi or sauna. Discover your distractions - read first of all you have done and review it, after this start creating it. Make sure that at some point you improve and if you read stuff that you did before is ideal, if it is code, music lyrics. Know your inspiration - stop for a second and use other people that are better than you. Creative, musical, writers and other inspirations. Establish your routine - check other people creative routines and figure out one for yourself. A lot of ideas in this creativity post are from James Whittaker talk - he is distinguished engineer in Microsoft. More...

Security versus privacy in software

Security often supports privacy, and that’s true. If you maintain security effectively, you can protect the confidentiality and integrity of data, and that is good for the privacy of the data subject. But security is often opposed to privacy, because the primary interest as regards security is: who did what, when? There are tools that allow you to ask that question—logs. When you activate logging tools to monitor your network, you capture packets. Security in that context is basically surveillance. When you are engaging in surveillance, of course, it can be an invasion of privacy. And so that tension exists. Keeping your family, your computer and your identity safe is an essential task in our online world. You are responsible for knowing what type of information you are handling. More...

Cross-Platform with .NET Core

Many people mean .NET Framework when they say .NET, but there's more to it than that. .NET is an ECMA standard that has different implementations - .NET Framework Mono, Unity and now .NET Core. .NET Core is cross-platform it runs on Windows, OS X and multiple distributions of Linux. It also supports different CPU architectures. For example Linux distribution and CPU architecture will be supported soon. Goal is to make the cost of abstraction clear to developers, by implementing a pay-for-play model that makes obvious the costs that come from employing a higher-level abstraction to solve a problem. .NET core will favor performance with standard library that minimizes allocation and the overall memory footprint of your system. More...