By User:Salimfadhley (Own work) [GFDL ( or CC-BY-SA-3.0 (], via Wikimedia Commons

4-way TCP handshake and firewalls

Jarek Siembida wrote “This is one of those pieces that you keep in your head for ages but never get around to write up. Tcpdumping I was doing of late brought it back so here it is. We all know the 3-way handshake in TCP: SYN + SYN/ACK + ACK and voila! But this is not the end…”

By Hubbard, Tom, 1931-, Photographer (NARA record: 8464449) (U.S. National Archives and Records Administration) [Public domain], via Wikimedia Commons

Simple user authentication: ASP.NET Identity and NHibernate

Martin Eden wrote “ASP.NET MVC 5 introduced a new system for managing users and authentication, known as ASP.NET Identity. Over the last few years we have built and now maintain a couple of MVC applications. We started with MVC 2, and have since upgraded to 3 and then 4. So despite MVC 5 being out since the end of…”

By Btcpg (Own work) [CC BY-SA 4.0 (], via Wikimedia Commons

Practising Software Engineering

Matthew Sackman wrote “A tourist stops a musician on the streets of New York. “Excuse me, can you tell me how to get to Carnegie Hall?” “Of course”, answers the musician, “Practise, practise, practise!” In the book ‘Outliers: The Story of Success’, the author Malcolm Gladwell repeatedly mentions the “10,000-Hour Rule”, claiming that the key to achieving world…”

By ENERGY.GOV (HD.17.028) [Public domain], via Wikimedia Commons

Global Alliance for Genomics and Health

James Uther wrote “Gene sequencing has been diving in cost: It’s no longer in the wild ride of 2008, but still the cost is now low enough that genome data is piling up in research centres the world over. It’s been realised that a lot of the really interesting research questions can only be answered by sampling a…”

On being almost there

James Uther wrote “Personis is an ongoing line of research projects about how we can store personal data (thing location tracking, fitness trackers, etc) in a way that leaves us in control of our data but at the same time allows us to give permission to useful services to process that data for us. A canonical example would…”

Smart meters

David Ireland wrote “I’ve been using a micro-controller to automatically dim lights according to the time of day and ambient light conditions. At some point, I decided it would be easier to tinker with if I just used a raspberry pi, logged into it, and edited a python program. This doesn’t work: The pi basically can’t do PWM…”

Facebook android security fail

David Ireland wrote “I wrote about the Ocado android applications ridiculous privileges  list a while back. Facebook has reminded me of it: Facebook app now reads your smartphone’s text messages? THE TRUTH. Facebook want to be able to capture the two factor auth message straight from your text messages, so they ask for access to all your text messages.…”

Android app security

David Ireland wrote “Reading Japanese govt: Use operator-run app stores, not Google Play reminded me of an app that I use a lot, but who’s permissions are a cause for concern: Ocado on the Go. The Ocado app wants to use your phone’s video camera, so it can scan bar codes. This is a legitimate requirement: there’s no way…”

Secure communication in the Cloud

David Ireland wrote “The internet does reliability end to end. That is, when a node A sends a message to node B, the message travels through many other nodes. These intervening nodes make a best effort at delivery, but if they don’t succeed, they just forget about it. B must confirm receipt, and A must try again if…”

Squaring Zooko’s Triangle, part two

Paul Crowley wrote “A few days ago, in Squaring Zooko's Triangle, I sketched out a proposal for a new naming scheme which to a limited extent achieved all of the contradictory-seeming aims set out in Zooko's Triangle. Having discussed the essay with a few folk since, it seems like it might be worthwhile trying to clarify the ideas behind it. ”