Blog / Unboxed Roundup: Our links for w/c 17th April 2017

April 21, 2017

You are @ 10K Apart - Charlie

https://a-k-apart.com/#winners

This was a website competition where submissions had to deliver a usable experience in under 10KB of transferred content. Some submissions are better than others but I thought it was a good competition idea.

Why you shouldn’t use ENV variables for secret data - Charlie

https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data

Bit of a clickbait title… a short write up commenting on some of the problems that can arise from storing secrets in environment variables. There’s also a (docker specific) alternative explained that allows secrets to be encrypted at rest.

Using your device’s light sensor to steal browser data - Abraao M

https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/

These researchers argue against a proposal to use sensor data without asking for user permission by showing it’s possible to exfiltrate browser data (such as account recovery QR codes) by flashing the screen. It’s a fairly slow to exploit in a real scenario but shows the dangers of exposing sensitive API’s.

Track of the Week - Murray S

You know who is brilliant? It’s Björk. It’s always Björk. I can’t think of a situation that wouldn’t be improved by a Björk soundtrack. What I’m saying is that you should probably be listening to more Björk. In fact, why not listen to some now:

Björk - Jóga