Links for 2013-09-22

  • RSA warns developers not to use RSA products

    In case you’re missing the story here, Dual_EC_DRBG (which I wrote about yesterday) is the random number generator voted most likely to be backdoored by the NSA. The story here is that — despite many valid concerns about this generator — RSA went ahead and made it the default generator used for all cryptography in its flagship cryptography library. The implications for RSA and RSA-based products are staggering. In a modestly bad but by no means worst case, the NSA may be able to intercept SSL/TLS connections made by products implemented with BSafe.

    (tags: bsafe rsa crypto backdoors nsa security dual_ec_drbg rngs randomness)

  • A Case Against Cucumber

    This is exactly my problem with Cucumber and similar BDD test frameworks.

    When I write a Cucumber feature, I have to write the Gherkin that describes the acceptance criteria, and the Ruby code that implements the step definitions. Since the code to implement the step definitions is just normal RSpec (or whichever testing library you use), if someone else is writing the Gherkin, the amount of setup to create a working test should be about the same. So you’re only breaking even! However, I don’t believe that it would really be breaking even. Cucumber adds another layer of indirection on top of your tests. When I’m trying to see why a specific scenario is failing, first I need to find the step that is failing. Since these steps are defined with regular expressions, I have to grep for the step definition.

    (tags: ruby testing bdd cucumber rspec coding)

  • Gamasutra – Opinion: The tragedy of Grand Theft Auto V

    This is watching your sharp, witty father start telling old fart jokes as his mind slows down. And as much as the internet is habituated to defending GTA as “satire,” what is it satirizing, if everything is either sad or awful? Where is the “satire” when the awful parts no longer seem edgy or provocative, just attempts at catch-all “offense” that aren’t honed enough to even connect? Here’s a series that has been creating real, meaningful friction with conventional entertainment for as long as I can remember, and rather than push the envelope by creating new kinds of monsters, it’s reciting the same old gangland fantasies, like a college boy who can’t stop staring at the Godfather II poster on his wall, talking about how he’s gonna be a big Hollywood director in between bong rips. You call the trading index BAWSAQ? Oh, bro, you’re so funny, you’re gonna be huge.

    (tags: gamasutra games gaming gta gta-v via:skamille)

  • CCC | Chaos Computer Club breaks Apple TouchID

    “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token”, said Frank Rieger, spokesperson of the CCC. “The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access.” iPhone users should avoid protecting sensitive data with their precious biometric fingerprint not only because it can be easily faked, as demonstrated by the CCC team. Also, you can easily be forced to unlock your phone against your will when being arrested. Forcing you to give up your (hopefully long) passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands.

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.