Secure Sockets Layer version 3: A Eulogy

As we put OP_NO_SSLv3 in all our software, we close a chapter of the history of the Internet. We’re laying to rest a faithful companion, one that gave us the commercial Internet we have today, and we’re also saying goodbye to one of the last closed protocols in mainstream use. And finally, we’re saying goodbye … Continued

Restricting BrowserStack access within your local network

BrowserStack provide a virtual browser service which lets you test websites with multiple different browsers. BrowserStack provide far more browsers on more platforms than even large organisations could justify on their test budgets, so the service is valuable to companies like Surevine that require the ability to test that websites work correctly on a broad range of web browsers. … Continued

The Secrets of the Ancients

That Nathan Fritz. He’s a smart guy, and always been very nice to me, at least, if we discount that incident. And over on the &Yet blog, he’s posted about sending hints rather than data. And when I read it, my heart sank. Now, I should stress, my heart didn’t sink because Fritzy is in any way … Continued

Air disasters and software; not such a tenuous link

United 173 It’s ten past five in the evening of the 28th of December, 1978. In the skies above Portland International Airport, Oregon, there’s a DC-8, with 189 souls on board, coming in to land. As they lower the landing gear there’s a loud thump – both heard and felt in the cockpit. So it’s … Continued

Reflected XSS

Reflected XSS TL;DR Logout early, logout often. Having found a number of reflected XSS issues in third party products in the last couple of weeks, including accidentally stumbling on one in the popular WordPress plugin wp-supercache (you’ve upgraded to the latest wp-supercache already, right?), I’ve had some interesting discussions with software vendors. Donncha, an experienced WordPress … Continued

Openfire. Reloaded.

People sometimes ask what the real benefit in open source is. It’s clearly not simply having the source code; if that were the reason, you’d write everything in-house – and while that would certainly keep me employed, it’s not the reason. Back in 2002, a new version of Windows had recently graced the scene. Called “XP”, … Continued

Decentralize Camp – Dusseldorf

Last week I headed off to Dusseldorf to attend Decentalize Camp, a first time event aiming to kickstart the movement to return the internet to its roots in the early 90s of decentralized and indie(pendent) sites. The day consisted of a single-tracked morning session focussing less on the technical and more of the ‘why’ of … Continued

London Bupa 10k 2014

Last weekend saw 5 of the Surevine team partake in the 7th annual London Bupa 10k race (called the Vitality London 10,000 from 2016). The event has a focus on fundraising, with many of the participants aiming to raise money for numerous charities. The Surevine team ran in support of our nominated charity: Lifelites, who strive … Continued

The heart bleeds on open source projects

The Heartbleed bug in OpenSSL has been described by Bruce Schneier as “on the scale of 1 to 10, this is an 11“. It means any program using an affected version of OpenSSL could be probed easily for random chunks of its memory – allowing anything the supposedly secure program was working with to be sent over the connection to the … Continued

Surevine Labs

Here at Surevine I’m lucky enough to work alongside a bunch of really smart, tech-minded people. From time to time my colleagues come up with ideas for projects (mobile apps, websites, etc), some of which are great! As a company I don’t think we are special in this regard. It seems to be a common … Continued