Joseph T. Lapp

JSON Web Tokens (JWTs) are the new thing. Blog after blog and book after book tell you how to generate them and use them to authorize access to web services. But there is one little detail that everyone is leaving out: it is much harder to secure a server that generates JWTs than a server that generates session IDs. This is because the JWT signing key must be protected, whereas there is little need to secure session IDs, and session IDs are easily secured by hashing, anyway. As a consequence, the push to use JWTs for local authentication is making sites more vulnerable. Here you might dismiss me as a random loon for questioning the JWT love, but I do have years of experience professionally evaluating systems to assess and document their security. I've performed IV&Vs for NSA, evaluated NetWare's file system for a TNI Class C2 rating, and developed a reputation for being able to quickly identify security flaws in large software systems. Mind you, that was COMPUSEC, not ...

A gentle breeze blows across the mountain meadow. Waves ripple over the green and yellow grasses. Thistles and Queen Anne’s lace rock quietly from side to side. Small purple flower buds draw circles through the air. A yellow flower also sways slowly to the rhythm, alone among the grasses of the field. The flower shines fiery and effulgent, glowing and radiating like a splash of liquid sunlight. Its petals are long and narrow, and they ride the wind as if floating up and down on waves of water. A bee flits by and leaves a memory of its gentle hum. The bee returns and swings around to a side of the flower, hovers there briefly, and then swings around to the other side. The shifting winds turn the bee's hum into melody. Hovering over the flower, the bee stretches its legs forward, and dips its abdomen to land among the golden petals. In one swift blur, the petals retract sharply from the bee and swing the flower onto the side of its stem. The bee darts backwards and turns itse...

A child dances in the flame The sky is a ruddy flood. Basalt clouds pump brilliant blood. And a child dances in the flame. The ground is a surface of darkness, an empty sheet shaping hill and plain. Fiery footprints lash upon nothing, spontaneous flares quick-to-die. A body races, the body dances, a beating frolic, torchlight lurid. Glowing knees hurl high and down-hammer hard, torso twists, face flashes. The hair strikes out across the clouds, the head thrown back, the hands thrown high. A silhouette is seen in silent laughter. A child dances in the sunset flame. (Written in October of 1992 while sitting on the grass one evening at the University of Maryland, College Park)

Here is a collection of my favorite quotes, in no particular order: "Ultimately, it is your commitment to the process that will determine your progress ." ~James Clear "Every action you take is a vote for the type of person you wish to become." ~James Clear " Because the people who are crazy enough to think they can change the world, are the ones who do." ~Apple Computer, Inc., 1997 "The meaning of life is to find your gift. The purpose of life is to give it away." ~Pablo Picasso "Against the assault of Laughter nothing can stand." ~Mark Twain "If she's amazing, she won't be easy. If she's easy, she won't be amazing. If she's worth it, you won't give up. If you give up, you're not worthy. ... Truth is, everybody is going to hurt you: you just gotta find the ones worth suffering for." ~Bob Marley "[W]e find a capacity for fulfillment we never knew we had when we accept love and jo...

Here is a technique for pilling a dog without getting your fingers crushed between the dog's molars. Try this technique if your dog manages to spit out the pill no matter how you disguise it, or if the pill disintegrates too quickly for any other means of delivery. The technique should work with medium or large dogs. I don't know how well it works with small dogs. I was able to train my shar-pei mix to enjoy pilling for many years, although later in life it became less fun again. My cattle dog mix never cared for the pilling, but she is happy to get it out of the way because I always reward her with a meal afterward. Cardinal Rules The most important rule when pilling a dog is that the dog should be happy to have participated by the end. Praise her each step of the way for even the slightest bit of cooperation. For a dog, praise is an excited, happy tone. The words you use hardly matter. Praise especially when you're done. The corollary of this rule is that pillin...

It had always been a mystery to me how arthropods manage to get bigger by shedding—or "molting"—their exoskeletons. If you're molting an exoskeleton, you're losing mass, right? It makes more sense that an arthropod would get smaller by molting. I've seen spiders before and after molting, but it wasn't until I witnessed a large spider molting that I finally understood what was going on. It turns out that I had seen the process before when a butterfly emerges from a chrysalis. It is most apparent that a spider's legs get longer after molting. Here are two photos I took of a spider in 2011. Both photos are of the same spider, taken two days apart. The bottom photo is of the spider prior to molting, and the top is of the spider after molting. The measurements given are the lengths of the first legs. The two photos are proportioned correctly relative to each other, so you can visually compare the before and after sizes. The spider is a male Mecaphesa d...

Usually when I come across a spider, I can tell which family of spiders it belongs to, but this spider baffled me. I found a female under a dog bed on my patio on November 23, 2014, in Austin Texas. Three days later I found a similar-looking male spider, and again I couldn't be sure of the family. The female is on the left, the male on the right. These photos are not proportionally scaled: the female has a body length of 4.5mm and the male 4mm. We don't include the legs. These two spiders have the general body shape and color pattern of a wolf spider (lycosidae), but they don't have the eyes of a wolf spider. Often a spider that looks like a wolf spider but isn't might be a funnel spider (agelenidae), but these eyes also were not a match for agelenidae. It is hard to see in these photos, but these spiders' eyes are in two rows of four, with all eyes about the same size. Funnel spiders have eyes in three rows, except for Tegenaria , which these definitely are ...