Fifteen Years is a Solid Run

, in Personal

After fifteen years of being on twoevils.org, I've decided that it was time to move to a new domain.

$ whois twoevils.org
Domain     : TWOEVILS.ORG
Domain ID  : D80038331-LROR
Status     : Live
Registered : 2001-11-20
Expiry     : 2017-11-20

When I first registered the domain, I used exclusively lesser@twoevils.org, but nobody ever got the joke. “Who's lesser?” I eventually switched to using april@twoevils.org which made even less sense and still garnered weird looks.

$ whois pokeinthe.io
Domain     : pokeinthe.io
Domain ID  : DOM-388773
Status     : Live
Registered : 2016-03-27
Expiry     : 2017-03-27

Hopefully I (and everybody else) will still find pokeinthe.io just as amusing in 2032.

[Category: Personal] [Permalink]

CSP on addons.mozilla.org (AMO)

, in Security

Content Security Policy (CSP) is one of the most important steps a website can take to reduce its vulnerability profile. Implemented properly, it can reduce the risk of cross-site scripting (XSS) attacks to near zero.

AMO is one of the highest profile sites both at Mozilla and on the internet at large. An XSS attack against it could lead millions of Firefox users to unwittingly install addon exploits. After six years of hard work, the Mozilla Infosec team and the AMO team successfully implemented CSP.

You can read my write-up of our experiences on the Mozilla Hacks blog.

[Category: Security] [Permalink]