Just ran into something interesting - not sure if this is a Known Issue or not.  Using Safari 5.0.5 on OSX 10.6.8, I was authenticated into a Google property (gmail). Switched to "Private Mode" in Safari, then attempted to log out of gmail and switch to a different account. Even after clicking on "Sign in as a different user" I am still returned to the same page, prompting me to authenticate the last user logged in.

While web development is only a portion of our business, it is a growing chunk that we have hired more resources for and gained more customers.  To that end, I'm going to start featuring websites on here that we either build.  If we get really ambitiuous, we'll add a portfolio section to the site, but one thing at a time...

Yesterday RSA announced their SecurID system was breached.

Been on a blogging lull - have a growing list of things to talk about, but been busy on a few fun projects (more on those in coming days!).

This, though, had a good dose of originality, so I thought I would share - Naked Password

We've now been working with Drupal for over two years! Over that time as our experience has grown, we have tried to give back to the community through helping others, testing code, and helping junior developers grow.  We're proud of what we've done so far, but honestly, it's past time for us to put our money where our mouth is. So today we joined the Drupal Association.

It's no secret that I have no love for AT&T. I live in San Francisco, and I have an iPhone. What more do I need to say?

I was without signal while sitting in my office for about an hour this afternoon.  Finally I noticed the signal came back, so I fired up the Mark the Spot app to...mark the spot. Again. Latest version of the app asked if I wanted to register with AT&T so they could provide feedback as they improved things.  Golly, sure! So it fires off an SMS message to AT&T.  The response I get back? Fail...

This is a question that both our current and potential customers ask: "How much will it cost do perform a penetration test on our company?"  Usually our method to answer this is to go through a survey with the client that addresses several topics:

I'm all for statistics as much as the next security person.  When I'm talking to clients, I try to quote useful statistics to help them make business decisions, not to scare them into purchasing things.  But I digress...

This is sorta fun, although I'm sure not new: malicous factions seeding Google's index with hostnames too long to display, perhaps an un-educated user would think it's a bug in Google and just a cache link??

I think I'm adding a new step to my acceptance procedures for cloud servers: always re-generate the ssh host key. Providers aren't always doing their homework and making sure that the ssh host keys on their customers servers properly created.