Understanding The Web Security Model, Part IV: Cross-Origin Resource Sharing (CORS)

My "A" races for 2024 were Sean O'Brien 100K at the end of January and Tushars 100K at the end of July. 6 months is a long training block and so I decided to break it up with something in between. I've been leaning towards mountainous races with a lot of vert lately (SOB notwithstanding) and after doing a bunch of searching on UltraSignup I...

Generated by Midjourney. Prompt "Man waiting for EV to charge, bored expression, EV charging station, photorealistic --ar 4:3" I spent some time reading this HN thread in response to Wired's article on how many EV charging stations we need and I'm dumber than when I started (isn't that usually the way it is on the orange site?). On one side, we...

As mentioned in previous posts, the IETF has decided not to add support for post-quantum (PQ) encryption algorithms to TLS 1.2. In fact, the TLS WG is taking a rather stronger position, namely that it's going to stop enhancing TLS 1.2 more or less entirely, including support for PQ algorithms: While the industry is waiting for NIST to finish...

On Saturday 1/27 I ran the Sean O'Brien (SOB) 100K in Southern California. I ran this same race back in 2021 and got my 100K PR, so I knew the course and felt like it was an opportunity to do better. My training had been going well and I was dropping PRs on my local courses, so I was looking forward to a strong race and taking off bunch of time,...

Identifying the communicating endpoints is a key requirement for nearly every security protocol. You can have the best crypto in the world, but if you aren't able to authenticate your peer, then you are vulnerable to impersonation attacks. If the peers have communicated before, it is sometimes possible to authenticate directly, but this doesn't...