At Smarking we receive data from third-party vendors. This data comes in various formats: XML, CSV, Excel, PDF, and JSON, and we use an Extract-Transform-Load (ETL) process to store the data in our database. This kind of ETL process is used by many organizations that ingest data from external sources. What are the security considerations pertaining to this process?

The security issue is that a third party may unintentionally provide data laden with exploits. This can happen if the third party accumulates but does not filter free-form data submitted by users. Such data may include names, street addresses or free-form…

Whitfield Diffie and Martin Hellman are researchers who invented a safe method to communicate a password. Their 1976 paper opens with the following:

WE STAND TODAY on the brink of a revolution in cryptography.

The development of computer controlled communication networks promises effortless and inexpensive contact between people or computers on opposite sides of the world, replacing most mail and many excursions with telecommunications. For many applications these contacts must be made secure against both eavesdropping and the injection of illegitimate messages. At present, however, the solution of security problems lags well behind other areas of communications technology. …

This is a technical article concerning web development.

Third party cookies help advertisers track people’s interests in order to show relevant ads. Given a choice between irrelevant versus relevant ads, I chose later. Thank you, third party cookies.

A third party cookie is any cookie set on an embedded resource inside a web page. If your web page has an image ad that is loaded from an advertising web server on another domain, then the ad may change based on who is browsing.

There is a security issue with third party cookies called Cross Site Request Forgery (CSRF), which arises…

This is a technical article for web developers.

Are you working on a “stealth” web based project that you wish to demo to a potential client or investor, yet do not wish to leave it wide open to the public? There are several ways to do it, the simplest of which is to password protect it. This, however, requires you to give out the password and sharing a password has its own security complications. Also, it makes user experience worse.

An alternative solution is to block access from all IP addresses except a few. When you wish to demo a…

Today I gave a math lesson to my five year old and stumbled upon a mathematical property that I didn’t know of: any square number is a sum of two triangular numbers.

During the lesson, I used these two toys: Subtraction Abacus by Melissa & Doug and MathLink Cubes by Learning Resources. Here they are:

Subtraction Abacus by “Melissa & Doug”

When interfacing to third-party web services, one often has to deal with self-signed SSL certificates that trigger verification errors. One workaround is to suppress those errors. (For instance, the Curl tool has the ‘insecure’ flag for this purpose.) However, at Smarking, we found ways to verify such certificates in order to safeguard from Man-in-the-Middle attacks.

Conventionally a web browser relies on a Public Key Infrastructure (PKI) to verify SSL certificates. Every certificate is signed by another (signing) certificate. That signing certificate must be signed by another, in a chain ending on a trusted certificate. This linkage allows a web server…

At Smarking, we use the Amazon Web Services (AWS) infrastructure. We help organizations improve the efficiency of parking lots, and to do that we need to communicate with their computing systems. However, these organizations, which include hospitals and universities, often run closed private networks. Outside vendors like us may access those networks only through an IPSec-based VPN.

Is it possible to create an IPsec tunnel from an AWS Virtual Private Cloud (VPC) to a network outside of AWS? The use case that AWS supports well is connecting your own on-premises network with the VPC. Thus, in naming components, AWS uses…

It’s been a long time since I read, nay, swallowed the famous novel “Crime and Punishment” by Dostoyevsky (Достоевский). But yesterday, I took part in a meetup discussion on this book, which brought the novel into my focus.

Over the last twenty years, I have learned a few things from Ayn Rand that gave me the tools to see “Crime and Punishment” on the meta level. First, the novel is written in a Romantic style, much like writings of Hugo, Dumas, Jules Verne, and Ayn Rand. In the Romantic literary style, characters such as Edmond Dantes (the Count of Monte…

In the previous article The Tree Table Workstation I have written about how I came up with the Tree Table, and listed all the accessories that I use to make it a full workstation. In this article, I focus on the fact that it is also an alternative version of a standing desk.

In the last years, developers have seen a trend of using standing desks, so as to avoid sitting all day. Some went so far as to create a treadmill desk, on which they walk and work at the same time.

The Tree Table is a new kind…

The Tree Table

In my previous article titled “The Outdoor Office” I described how I used Roll-a-Table to take my work outdoors. That table allows me to set up virtually anywhere, but it weighs more than 10 lb.. Half of that weight comes from sturdy legs, the other from the body of the table.

As I walked around the parks looking for the perfect spot to set up, I looked at trees. I thought to myself that a tree’s trunk is like a leg of a roundtable. If I could get a table mounted off of this “leg”, the table could be made…

Boris Reitman

The course of history is determined by the spreading of ideas. I’m spreading the good ones.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store