I’ve written about signing your code using Authenticode a lot over the years, from a post in 2015 about my first hardware token to a 2024 post about signing using a Digicert HSM. Recently, Azure opened their Trusted Signing Service preview program up for individual users and I decided to try it out. The documentationContinue reading “Authenticode in 2025 – Azure Trusted Signing”
Author Archives: ericlaw
Guidelines for Secure Filename Display
Many years ago, I wrote the first drafts of Chromium’s Guidelines for Secure URL Display. These guidelines were designed to help feature teams avoid security bugs whereby a user might misinterpret a URL when making a security decision. From a security standpoint, URLs are tricky because they consist of a mix of security-critical information (theContinue reading “Guidelines for Secure Filename Display”
Attack Techniques: “I Already Hacked You” Scams
Scammers often try to convince you that you’ve already been hacked and you must contact them or send them money to prevent something worse from happening. I write about these a bunch: Another common “Bad thing already happened” scam is to send the user an email telling them that their devices were hacked some timeContinue reading “Attack Techniques: “I Already Hacked You” Scams”
Winter 2025 Races
Austin Half On January 19th, I ran the newly-renamed “Austin International Half Marathon” (formerly 3M). The night before I had spaghetti and meat sauce with the kids, and the morning of, I woke at 5:15 and had a cup of coffee and my usual banana. My trip to the bathroom was not very productive whichContinue reading “Winter 2025 Races”
Welcome to 2025!
I’d intended to write this post weeks ago, but I’ve been rather unproductive. I ran the Dallas Half Marathon with an out-of-town friend on December 15th. It was a hard and very slow trek, but I managed to get back to a run in the last mile and I didn’t get hurt, so I’m countingContinue reading “Welcome to 2025!”
On Mortality
Content Warning: This post is about mortality. This morning, I awoke from a dream. I’d just discovered a ticking time bomb was a fake, and the dream ended as I said to my companion “There’s nothing quite as exhilarating as finding out that today isn’t the day you’re gonna die.” As I opened my eyesContinue reading “On Mortality”
Mark-of-the-Web: Real-World Protection
Two years ago, I wrote up some best practices for developers who want to take a file’s security origin into account when deciding how to handle it. That post was an update of a post I’d written six years prior explaining how internet clients (e.g. browsers) mark a file to indicate that it originated fromContinue reading “Mark-of-the-Web: Real-World Protection”
My New Desktop
After a frustrating morning with my troublesome P1 Gen 7 laptop, I decided it was time to bite the bullet and stop working off laptops full-time, a habit that I inexplicably fell into at the start of the pandemic. I first surveyed the high-end desktop options at various vendors, but after the P1 fiasco andContinue reading “My New Desktop”
Fiddler – My Mistakes
On a flight back from Redmond last week, I finally read Linus Torvalds’ 2002 memoir “Just For Fun.” I really enjoyed its picture of Linux (and Torvalds) early in its success, with different chapters varyingly swooning that Linux had 12 or 25 million users. But more than that, I enjoyed some of the “behind theContinue reading “Fiddler – My Mistakes”
Parallel Downloading
I’ve written about File Downloads quite a bit, and early this year, I delivered a full tech talk on the topic. From my very first days online (a local BBS via 14.4 modem, circa 1994), I spent decades longing for faster downloads. Nowadays, I have gigabit fiber at the house, so it’s basically never myContinue reading “Parallel Downloading”
text/plain 