Via sebsauvage. Bonne introduction à Windows

Interesting post about enforcing unique usernames on a website and what examples could lead to some social engineering fails.

"The world works the way it works, not the way we want it to work. It's one thing to point at the flaws that make it hard to do cryptography in Javascript and propose ways to solve them; it's quite a different thing to simply wish them away, which is exactly what you do when you deploy cryptography to end-users using their browser's Javascript runtime."

very good points about critical software

password expiration and why it's a bad idea nowadays

TL;DR lengthy paper about RoR applications and possible attacks. Good read for any dev.

TL;DR