• Boden Cross-Platform Framework with Marcus Tillmanns and Tobias Lensing

    Rob and Jason are joined by Marcus Tillmanns and Tobias Lensing to talk about the Boden Cross-Platform Framework. Marcus is currently the main software developer of Boden. He has a strong background in C++ graphics and UI development. He worked with Qt for more than 10 years on audio software and embedded projects. Tobias is currently working as a software developer and product manager on Boden. He’s passionate about start-ups and entrepreneurship. Tobias also has a background as CTO in audio software, cloud technology, and web development. News Visual Studio 2019 goes live C++23 fullptr to replace nullptr Conan 1.14 Release Marcus Tillmanns @Maddimax3 Tobias Lensing @tobiaslensing Links Boden @bodenhq Sponsors Backtrace Announcing Visual Studio Extension - Integrated (...)


  • CTO #TechMind: Making Your #security “Too Expensive To Hack” Can Save You Millions

    What is the first thing you do when you wake up in the morning? If you’re anything like me, you either turn off the alarm and go back to sleep, or you reach out to your phone and check on your social profiles. Nothing like a few likes to start your day… right?Thousands of Facebook, Instagram and Whatsapp users woke up on Wednesday with that same intention: checking on their precious social profiles and messages. With one little exception: they couldn’t.While company quickly confirmed the outage was not related to malicious efforts, questions had already begun swimming around inside users’ minds… “Was Facebook hacked? Was I hacked? Is the world ending?” These questions kept me thinking.As someone who has worked with high-end technologies his entire adult life, I’ve been able to collect some (...)

    #cryptocurrency #blockchain #hacking #cybersecurity

  • Capitalizing on the Digital Attention Economy: The Brave Browser

    “…in an information-rich world, the wealth of information means a dearth of something else: …the attention of its recipients.” (Herbert A. Simon, Professor Carnegie Mellon University, 1971)There’s a new, better way to browse the #internet: the Brave Browser.Image taken from the Brave homepage.The Brave Browser operates on a principle I’m calling the Digital Attention Economy. As Professor Simon pointed out in 1971, the world is flooded with information, but human attention is a finite resource. Capitalizing on that resource has been every corporation’s objective, and we’re all familiar with the advertisement deluge that ensues. It’s overwhelming. Now, there’s a better way.With attention, security, and privacy in mind, CEO Brendan Eich (creator of Javascript and co-founder of Mozilla) and CTO Brian (...)

    #cryptocurrency #advertising #basic-attention-token #brave-browser

  • 40% of malicious URLs were found on good domains - Help Net Security

    40 percent of malicious URLs were found on good domains. Legitimate websites are frequently compromised to host malicious content. To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers.

    Home user devices are more than twice as likely to get infected as business devices. Sixty-eight percent of infections are seen on consumer endpoints, versus 32 percent on business endpoints.

    Phishing attacks increased 36 percent, with the number of phishing sites growing 220 percent over the course of 2018. Phishing sites now use SSL certificates and HTTPS to trick internet users into believing they are secure, legitimate pages. Seventy-seven percent of phishing attacks impersonated financial institutions, and were much more likely to use HTTPS than other types of targets. In fact, for some of the targeted financial institutions, over 80 percent of the phishing pages used HTTPS. Google was found to be the most impersonated brand in phishing overall.

    After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt. Webroot found that organizations that combine phishing simulation campaigns with regular training saw a 70 percent drop in phishing link click-through.

    Nearly a third of malware tries to install itself in %appdata% folders. Although malware can hide almost anywhere, Webroot found several common locations, including %appdata% (29.4 percent), %temp% (24.5 percent), and %cache% (17.5 percent), among others. These locations are prime for hiding malware because these paths are in every user directory with full user permissions to install there. These folders also are hidden by default on Windows Vista and up.

    Devices that use Windows 10 are at least twice as secure as those running Windows 7. Webroot has seen a relatively steady decline in malware on Windows 10 machines for both consumer and business.

    “We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program,” said Hal Lonas, CTO, Webroot.

    malicious URLs good domains

    Despite the decrease in cryptocurrency prices, cryptomining and cryptojacking are on the rise. The number of cryptojacking URLs Webroot saw each month in the first half of the year more than doubled in the period from September through December 2018. These techniques can be more lucrative than ransomware attacks, since they don’t require waiting for the user to pay the ransom, and they have a smaller footprint. As far as web-based cryptojacking, Coinhive still dominates with more than 80 percent market share, though some new copycat cryptojacking scripts are gaining in popularity.

    While ransomware was less of a problem in 2018, it became more targeted. We expect major commodity ransomware to decline further in 2019; however, new ransomware families will emerge as malware authors turn to more targeted attacks, and companies will still fall victim to ransomware. Many ransomware attacks in 2018 used the Remote Desktop Protocol (RDP) as an attack vector, leveraging tools such as Shodan to scan for systems with inadequate RDP settings. These unsecured RDP connections may be used to gain access to a given system and browse all its data as well as shared drives, providing criminals enough intel to decide whether to deploy ransomware or some other type of malware.

    #Cybersécurité #Phishing #Malware

  • Keeping #third-party #dependencies in check

    Detecting vulnerabilities in third-party dependencies of your organization.In this article I am explaining the risks of third-party dependencies and how to mitigate them with appropriate tools.Damned if you don’tWhether you’re a developer, a CTO or a tech lead, I bet you have at some point faced a dilemma of adding a third-party dependency to your software. With all the benefits, they sure do come with some obvious trade-offs along the following lines:Well known vulnerabilities: there are so many people using this code, there are bound to be some smart people who have already found a way to breach itLicense restrictions: a lot of libraries and components cannot be used in some circumstances and unless you’re well versed in different types of licences, you can get into legal troubleLack of (...)

    #nexus #gradle #sonatype

  • Changemakers in #programming: Brendan Eich

    Changemakers in Programming: this new blog series will be focusing on organizations, associations and people who have had and/or continue to have a positive impact on the tech world and the world of programming!For this second post, we will learn about the inventor of #javascript. This is the story of BrendanEich, a programmer with a long and growing list of accomplishments!Currently, Eich is the CEO of Brave, which has developed a new internet browser (called Brave) that promises its users more privacy, better security, and faster browsing speeds. But you may also know him as the creator of JavaScript and co-founder of Mozilla (where he was also CTO and briefly CEO).In this blog post, we’ll explore how Eich got to where he is today and discuss his latest project (Brave) and how it might (...)

    #brendan-eich #founder-interview #braves

  • #investment Memo: 8 Reasons 8 Decimal Invested in SendFriend

    Investment Memo: 8 Reasons We Invested in SendFriendBy: Kadeem Clarke, Investment ManagerTeamSendFriend has a strong team for many reasons. The CEO, David Lighton, has a strong background in the remittance space based on his financial inclusion work for the World Bank in Haiti and #blockchain experience from MIT Media Lab paired with an understanding of the complex legal environment associated with the space. Joel Kosloski, the CTO, has 13 years of experience within the remittance space at multiple companies. Most recently, Joel served as Senior Director, Enterprise Architecture & Chief Enterprise Architect at MoneyGram (the second largest company in the payment remittances space). CRO David Anderson is leading the go-to-market efforts, having originally met David L. in class at (...)


  • Why Signal and not Threema ? : signal

    Signal is open source, Threema is not, so that disqualifies Threema as a secure app in my opinion. You could as well continue using WhatsApp since it’s also end to end encrypted but closed source. Wire is another great alternative, and it’s German.

    Hacker erklären, welche Messenger-App am sichersten ist - Motherboard

    C’est en allemand, mais c’est valable sans égard de la langue que vous utilisez pour votre communication.
    – La communication sécurisée en ligne doit obligatoirement passer par une app et un prootocole open source.
    – Il vous faut un système qui exclue ou rend très difficile la collection de métatdonnées par des tiers.
    – Votre système de communication « voice » et « chat » doit fonctionner avec des clients smartphome et desktop si vous voulez entretenir un fil de commmunication indépendamment du type d’appareil à votre disposition.

    Passons sur les exigences plus poussées, je ne vois que Signal qui satisfait tous ces besoins. Après on peut toujours utiliser plusieurs « messenger apps » afin de rester au courant des « updates » de tout le monde - à l’exception des apps de Facebook (Whatsapp), Wechat et Google parce que leur utilistion constitue une menace de votre vie privée simplement par l’installation sur votre portable.

    Roland Schilling (33) und Frieder Steinmetz (28) haben vor sechs Jahren begonnen, an der TU Hamburg unter anderem zu dieser Frage zu forschen. In einer Zeit, als noch niemand den Namen Edward Snowden auch nur gehört hatte, brüteten Schilling und Steinmetz bereits über die Vor- und Nachteile verschiedener Verschlüsselungsprotokolle und Messenger-Apps. So haben sie beispielsweise im vergangenen Jahr geschafft, die Verschlüsselung von Threema per Reverse Engineering nachzuvollziehen.

    Ihre Forschung ist mittlerweile zu einer Art Aktivismus und Hobby geworden, sagen die beiden: Sie wollen Menschen außerhalb von Fachkreisen vermitteln, wie elementar die Privatsphäre in einer Demokratie ist. Im Interview erklären sie, auf was man bei der Wahl des Messengers achten soll, welche App in punkto Sicherheit nicht unbedingt hält, was sie verspricht und warum Kreditinstitute sich über datenhungrige Messenger freuen.
    Roland Schilling: Bei mir ist es anders. Ich bringe die Leute einfach dazu, die Apps zu benutzen, die ich auch nutze. Das sind ausschließlich Threema, Signal und Wire. Wenn Leute mit mir reden wollen, dann klappt das eigentlich immer auf einer von den Dreien.
    Frieder: ... Signal und WhatsApp etwa setzen auf die gleiche technische Grundlage, das Signal-Protokoll, unterscheiden sich aber in Nuancen. Threema hat ein eigenes, nicht ganz schlechtes Protokoll, das aber beispielsweise keine ‘Perfect Forward Secrecy’ garantiert. Die Technik verhindert, dass jemand mir in der Zukunft meinen geheimen Schlüssel vom Handy klaut und damit meine gesamte verschlüsselte Kommunikation entschlüsseln kann, die ich über das Handy geführt habe. Signal und WhatsApp haben das.
    Roland: Ein gutes Messenger-Protokoll ist Open Source und ermöglicht damit Forschern und der Öffentlichkeit, eventuell bestehende Schwachstellen zu entdecken und das Protokoll zu verbessern. Leider gibt es auf dem Messenger-Markt auch viele Angebote, die ihre vorgebliche „Verschlüsselung“ diesem Prozess entziehen und geheim halten, oder das Protokoll zwar veröffentlichen, aber auf Kritik nicht eingehen.

    Secure WhatsApp Alternatives – Messenger Comparison

    Threema and Telegram under Control of Russia’s Government ?

    WhatsApp Exploited by NSA and US Secret Services?
    Go to the profile of Vadim An
    Vadim An
    Mar 7, 2018
    This is the end of era centralized communication!

    The 2017/2018 years are hot and saturated with cybersecurity challenges. Almost every week, a major media source reported hacking incidents or backdoor exploits in popular communication and messaging services. Some of which granted government agents unauthorized access to private and confidential information from within the communications industry.

    According to mass-media reports, one of the most popular Swiss secure messaging apps Threema moved under the control of the Russian government and has been listed in the official registry with a view to controlling user communications.

    This can be seen on regulatory public website https://97-fz.rkn.gov.ru/organizer-dissemination/viewregistry/#searchform

    This knockout news was commented by Crypviser — innovative German developer of the most secure instant communication platform based on Blockchain technologies, of the point of view, what does it mean for millions of Threema users?

    To answer this question, let’s understand the requirements for getting listed in this registry as an “information-dissemination organizers” according to a new Russian federal law, beginning from 01 June 2018.

    The law requires that all companies listed in internet regulator’s registry must store all users’ metadata (“information about the arrival, transmission, delivery, and processing of voice data, written text, images, sounds, or other kinds of action”), along with content of correspondence, voice call records and make it accessible to the Russian authorities. Websites can avoid the hassle of setting aside this information by granting Russian officials unfettered, constant access to their entire data stream.

    This is very bad news for Threema users. Threema officials have reported that they are not aware of any requirements to store, collect, or provide information. Maybe not yet though since there is still some time until 01 June 2018 when the new law kicks in and Threema will be obligated to provide direct access to sensitive user’s data.

    It’s possible that Threema is fully aware of this despite claiming otherwise. They may realize that the most popular messenger in Russia, Telegram, has been under pressure since refusing to officially cooperate with Russian secret services. If Russia takes steps to block Telegram as a result, then Threema would become the next best alternative service. That is assuming they’re willing to violating the security and privacy rights of its users by giving in to the new law’s requirements.

    Based on the reports of Financial Time magazine, the Telegram founder agreed to register their app with Russian censors by the end of June 2017. This, however; is not a big loss for Telegram community because of the lack of security in Telegram to date. During the last 2 years, its security protocol has been criticized many times and many security issues were found by researchers. Although there is no direct evidence showing that Telegram has already cooperated with the Russian government or other governments, these exploitable bugs and poor security models make Telegram users vulnerable victims to hackers and secret services of different countries.

    The same security benchmark issues have been explored in the biggest communication app WhatsApp. The security model of WhatsApp has been recognized as vulnerable by the most reputed cryptographic experts and researchers worldwide. According to the Guardian, a serious “backdoor” was found in encryption. More specifically, the key exchange algorithm.

    A common security practice in encrypted messaging services involves the generation and store of a private encryption key offline on the user’s device. And only the public key gets broadcasted to other users through the company’s server. In the case of WhatsApp, we have to trust the company that it will not alter public key exchange mechanism between the sender and receiver to perform man-in-the-middle attack for snooping of users encrypted private communication.

    Tobias Boelter, security researcher from the University of California, has reported that WhatsApp’s end-to-end encryption, based on Signal protocol, has been implemented in a way that if WhatsApp or any hacker intercepts your chats, by exploiting trust-based key exchange mechanism, you will never come to know if any change in encryption key has occurred in the background.

    The Guardian reports, “WhatsApp has implemented a backdoor into the Signal protocol, giving itself the ability to force the generation of new encryption keys for offline users and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered. The recipient is not made aware of this change in encryption.”

    But on the other hand, the developer of Signal messaging app Open Whisper Systems says, ”There is no WhatsApp backdoor”, “it is how cryptography works,” and the MITM attack “is endemic to public key cryptography, not just WhatsApp.”

    It’s worth noting that none of the security experts or the company itself have denied the fact that, if required by the government, WhatsApp can intercept your chats. They do say; however, WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. With this statement, agrees on a cybersecurity expert and CTO of Crypviser, Vadim Andryan.

    “The Man-in-the-Middle attack threat is the biggest and historical challenge of asymmetric cryptography, which is the base of end-to-end encryption model. It’s hard to say, is this “backdoor” admitted intentionally or its became on front due lack of reliable public — key authentication model. But it definitely one of the huge disadvantages of current cryptographic models used for secure instant communication networks, and one of the main advantage of Crypviser platform.”

    Crypviser has introduced a new era of cryptography based on Blockchain technologies. It utilizes Blockchain to eliminate all threats of Man-in-the-Middle attack and solves the historical public key encryption issue by using decentralized encryption keys, exchanges, and authorization algorithms. The authentication model of Crypviser provides public key distribution and authorization in peer-to-peer or automated mode through Blockchain.

    After commercial launch of Crypviser unified app, ”messenger” for secure social communication will be available on the market in free and premium plans. The free plan in peer-to-peer authentication mode requires user interaction to check security codes for every new chat and call. The full-featured premium plan offers Blockchain based automated encryption model and powerful professional security features on all levels.

    You can see the comperisation table of Crypviser with centralized alternatives in the below table

    #internet #communication #sécurité #vie_privée

  • Certainty Theater

    We often reward Certainty Theater (a not-so-distant relative to Success Theater).I remember when a CTO asked me for a more detailed, solution-oriented roadmap. I resisted. He asked repeatedly. I finally caved and spent twenty minutes sketching out a dozen ideas based mostly on gut feel. “John really nailed this! He has a super clear vision. We need to start on this in Q2!” Ooof…not my best work. I was participating in Certainty Theater.Why did I resist? Because I knew the opportunity was lucrative…and that the company would deliver better outcomes if a cross-functional team of designers, developers, and customers started together (including further exploring the problem). If I committed to that big batch of prescriptive work before we started together, we’d miss out on all sorts of (...)

    #agile #certainty-theater #product-management #design #ux

  • A zero cost abstraction ?—Josh Peterson

    Safe and performant?

    A zero cost abstraction? by Josh Peterson

    From the article:

    Recently Joachim (CTO at Unity) has been talking about “performance by default”, the mantra that software should be as fast as possible from the outset. This is driving the pretty cool stuff many at Unity are doing around things like ECS, the C# job system, and Burst (find lots more about that here). One question Joachim has asked internally of Unity developers is (I’m paraphrasing here): “What is the absolute lower bound of time this code could use?” This strikes me as a really useful way to think about performance. The question changes from “How fast is this?” to “How fast could this be?”. If the answers to those two questions are not the same, the next question is “Do we really need the (...)


  • Seven Habits for a More Toxic Code Review #culture

    Please don’t practice any of the following “advice.” From junior developer to CTO of a Fortune 500, we’re all guilty of making mistakes within software development. We’ve picked the worst examples we’ve seen around code review and pulled them together into one terrible, awful reviewer:Look — I get it. You’ve done everything you could to ensure that no one would ever ask you to do a code review, but they’ve gone and promoted you anyhow. Now you have a whole team to bring down with you, down to the depths of a toxic code review culture.This won’t be easy — making enemies never is — but if you follow these seven highly effective habits, no one on your team will even think about submitting a pull request. And less pushes means less work. Win-win.1. Just the facts — opinions are for lesser developersDon’t (...)

    #engineering-leadership #software-development #code-review #engineering-mangement

  • How to balance idea experimentation & product focus

    By #cto Pete KoomenPhoto by rawpixel on UnsplashThis post originally appeared on the Optimizely Blog. Optimizely, Hacker Noon’s weekly sponsor, is the world’s leader in digital experience optimization, allowing businesses to dramatically drive up the value of their digital products, commerce, and campaigns through its best in class experimentation software platform. Optimizely enables product development teams to accelerate innovation, lower the risk of new features, and drive up the return on investment from digital by up to 10X.At Optimizely, our product team meets each week to discuss experiments we plan to run in our products. It’s an open meeting called “Experiment Review” and we use it to share best practices and ensure we’re running high quality experiments. This week in Experiment (...)

    #product-focus #idea-experimentation #weekly-sponsor #startup

  • The 6 Best Mechanisms To Put In Place When #scaling Your Company

    Photo by Shane Aldendorff (Unsplash)Good Intentions Don’t Scale — Mechanisms DoIn the early days, the goal of any #startup is clear: keep the business moving forward — ideally, upwards and to the right.Because the team is so lean and tightly focused on a small number of goals, every employee understands who owns what, what work needs to be done, and what the quality of that work should be. The processes that are in place, if any, are basic.And that’s ok.Young companies don’t need overly complicated systems to act as blockers to early momentum.But, what happens as that young company starts to scale? As a five-person team becomes fifty? As your customer base grows from 20 to 20,000? Just as a company matures, so too must the mechanisms by which it operates.At FirstMark’s 2018 CTO Summit, Ian Wong, (...)

    #okr #engineering #tips

  • Microservices for Startups: An Interview with Isaac Mosquera of Armory

    This interview was done for our Microservices for Startups ebook. Be sure to check it out for practical advice on microservices. Thanks to Isaac for his time and input!Isaac Mosquera is the CTO at Armory, which helps software teams ship better software, faster.For context, how big is your engineering team? Are you using microservices and can you provide a general overview of how you’re using them?Our current team is quite small — only 5 engineers — but we work on an open source deployment tool called Spinnaker that was open sourced by Netflix in 2015. Netflix uses it to deploy over 2,000 microservices roughly 4,000 times a day. We help enterprise customers achieve that velocity with microservices and Spinnaker.We see deployments as a critical component to obtaining the value of microservices. (...)

  • Why you should join an #early-stage startup

    As en engineer, you have a massive impact ? on the product you work on ?‍? and the organization you join ?Steve and Steve in Steve’s parents’ garageThere are opportunities in all kinds of tech companies, especially if your are an engineer. If you don’t really pay attention, you only hear about the big ones, because they make sure to capture most of the attention even though they only represent a fraction of the available jobs. Also, even in 2018, some people argue than joining a startup is uncertain if not dangerous for your career.Fuck. That. Shit *A light and efficient organization️ ⚡️An early-stage startup has a very small team. There is no chain of command, no managers, no heavy processes and no legacy systems. Such a small team is efficient by nature. All stakeholders are part of it, so the CTO (...)

    #future-of-work #engineering

  • Do Tech Leaders Need to Be Agnostic with Stacks?

    Being perfectly unbiased, and only using the best tools for any given job. If humans weren’t the entirely irrational collection of cells that we are, being technology agnostic wouldn’t even be a discussion — it would be taken for granted.Unfortunately, we people are just big bags flesh, bone and imperfection. Familiarity often overwhelms better judgement, which, if you’re a business leader, can have serious implications for the organisation that you steer.We spoke to three business leaders — Jason Blackman, CIO of carsales.com, Brett Raven, CTO of RedBalloon, and David Bolton, Head of Engineering at Woolworths Digital, about the need to be technology agnostic as a business leader, and their personal experiences working towards that aim.The Need for AgnosticismBlackman, Raven and Bolton each see (...)

    #tech-stack #tech-leaders #management #agnostic-stacks #leadership

  • You haven’t mastered the internet, until you’ve also mastered #traffic.

    This post is for the entrepreneurial engineers.I have some harsh reality for you. The following quote is a lie.“If you build it they will come”No. No, they will not. How do I know? Because In 2015, my #startup failed.We had raised a few hundred thousand dollars and had some minor successes, but at the end of the day, our burn rate exceeded our runway. We were forced to close the doors. At the time we said things like “our target market’s sales cycles are really slow!” to justify our failures. We blamed each other. Etc.The reason we failed was that no one on our team understood marketing and sales, and the fact that they are actually MORE important than the product.The reason my company failed is that I sucked at marketing.Sure, I was the CTO, and when thinking of a CTO’s role, you probably don’t (...)

    #entrepreneurial-engineers #startup-lessons #entrepreneurship

  • #microservices for Startups: An #interview with Christian Beegden and Stefan Zier of Sumo Logic

    This interview was done for our Microservices for Startups ebook. Be sure to check it out for practical advice on microservices. Thanks to Christian and Stefan for their time and input!Christian Beegden is the CTO at Sumo Logic. Stefan Zier, the Chief Architect at Sumo, joined for this interview. Sumo Logic is a cloud-native service that is one of the most powerful machine data analytics services in the world.For context, how big is your engineering team? Are you using Microservices and can you give a general overview of how you’re using them?The engineering team is about 100 and two thirds of them are writing code. The idea behind Sumo was to get away from solving log management via enterprise software and turn the product into a service. For almost 10 years before starting Sumo Logic, (...)

    #startup-microservices #sumo-logic #startup