Massachusetts Paramedic Accused of Concealing Sex Offender Status

first_imgCAPE COD, Mass. — A paramedic from Sandwich dodged unemployment and losing his professional license for five months despite pleading guilty to child pornography charges and being barred from working in any job that brought him into regular contact with minors. Wesley J. Anderson, 24, of Widow Coombs Walk, pleaded guilty Aug. 3 in Barnstable Superior Court to 58 counts of possession of child pornography. He was sentenced to five years of probation and ordered “not to be employed in any position that places him in contact with minor children on a regular basis.” Click here for the full story.last_img

Women’s Top 25 Capsules

UNCASVILLE, Conn. (AP) — Kaleena Mosqueda-Lewis scored 21 points and top-ranked UConn routed East Carolina 105-56 on Sunday night to reach the American Athletic Conference final.Mosqueda-Lewis hit eight of her 10 shots, including five from 3-point range, moving her within 12 of the NCAA career record of 392.Moriah Jefferson added 20 points and six assists and five steals for UConn (31-1). Breanna Stewart had 16 points, nine rebounds and five blocked shots, and Morgan Tuck finished with 15 points.UConn will play South Florida on Monday night.I’Tiana Taylor had 17 points for East Carolina (21-10).NO.2 NOTRE DAME 71, NO. 7 FLORIDA STATE 58GREENSBORO, N.C. (AP) — Jewell Loyd scored 18 points and Notre Dame won its second straight Atlantic Coast Conference tournament title.Taya Reimer added 16 points for the top-seeded Fighting Irish (31-2), also the 2013 Big East tournament champion. They have 17 straight games.Maegan Conwright had 14 points for the second-seeded Seminoles (29-4).NO. 3 SOUTH CAROLINA 62, NO. 5 TENNESSEE 46NORTH LITTLE ROCK, Ark. (AP) — Tiffany Mitchell scored 17 points and South Carolina beat Tennessee for its first women’s Southeastern Conference tournament title.The top-seeded Gamecocks (29-2) beat the Lady Vols for the second time in two weeks, and likely secured a No. 1 seed in the NCAA Tournament.Aleighsa Welch added 14 points and eight rebounds for South Carolina.Jordan Reynolds had 17 points for second-seeded Tennessee (27-5).NO. 4 MARYLAND 77, OHIO STATE 74HOFFMAN ESTATES, Ill. (AP) — Lexie Brown scored 19 points Maryland beat Ohio State to win the Big Ten tournament title and cap a perfect run through the conference.The Terrapins (30-2) will enter the NCAA Tournament with 24 straight wins and their eyes locked on another big run after reaching the Final Four last season.They made a seamless transition to the Big Ten after 37 years in the ACC, going 18-0 in conference play. No other Maryland basketball team — men’s or women’s — had gone unbeaten in league competition.Ohio State is 23-10.NO. 6 BAYLOR 69, OKLAHOMA STATE 52DALLAS (AP) — Nina Davis scored 29 points in 25 minutes and Baylor beat Oklahoma State to advance to play for its fifth consecutive Big 12 tournament title.Alexis Prince added 12 points for the Lady Bears (29-3), the Big 12 regular-season champion for the fifth year in a row. They will play Texas in the title game Monday night.Roshunda Johnson had 16 points for Oklahoma State (20-11).NO. 17 CHATTANOOGA 61, EAST TENNESSEE STATE 56, OTASHEVILLE, N.C. (AP) — Chelsey Shumpert scored a career-high 26 points and Chattanooga beat East Tennessee State for its third straight Southern Conference championship.Chattanooga (29-3) has won 25 straight games.East Tennessee State (21-11) battled back from 24 points down in the second half, sending the game into overtime on Serena Clark’s putback with 1.7 seconds left.NO. 19 STANFORD 61, CALIFORNIA 60SEATTLE (AP) — Taylor Greenfield scored a career-high 20 points on 8-for-11 shooting and Stanford beat California for its 11th Pac-12 Conference tournament championship.Lili Thompson added 13 for the Cardinal (24-9) and Amber Orrange had 10 of her 12 points in the second half.Courtney Range led California (23-9) with 17 points. Pac-12 player of the year Reshanda Gray was held to six points and was in foul trouble for most of the game.NO. 21 GEORGE WASHINGTON 72, DAYTON 62RICHMOND, Va. (AP) — Jonquel Jones scored 16 of her 21 points in the second half George Washington rallied to beat Dayton in the Atlantic 10 championship game.Jones played just nine minutes because of foul trouble in the first half, but made up for her absence after the break as the Colonials (29-3) won their eighth straight.Amber Hoover led Dayton (25-6) with 18 points.NO. 25 SETON HALL 77, MARQUETTE 51ROSEMONT, Ill. (AP) — Tabatha Richardson-Smith had 31 points and 11 rebounds and Seton Hall beat Marquette in the Big East quarterfinals.Top-seeded Seton Hall (27-4, 16-3) advanced to its first conference tournament semifinal game since 1996. The Pirates will face St. John’s.Arlesia Morse led Marquette (9-22, 4-15) with 24 points and eight rebounds. read more

Cricket News Dominant India Eye New Zealand Scalp In Important World T20 Build-Up

first_imgNew Delhi: 21 series since the last World T20 in 2016. 14 series wins and three drawn series. Only four series losses in four years. Two of those losses came against West Indies, one to Australia and one to New Zealand. The consistency and performance of the Indian cricket team in the shortest format of the game has been impressive. In 2020, in a Twenty20 year punctuated by the marquee World T20 in Australia in October, India head into the tournament as the odds-on favorites. The upcoming five-match Twenty20 International series against New Zealand, which will be the first time India players a five-match series in this format, is the most important build-up for the World T20 for plenty of reasons.One, India have a superior or even head-to-head record against all teams barring New Zealand. Throughout India’s playing history in international Twenty20s, they have failed to crack the New Zealand code of dominance. Three, India’s record in the shortest format in New Zealand is woeful. Add all the three factors and then this series assumes massive importance. India finished the series against Australia four-days ago and they arrived in Auckland on January 22.Many people would be bemoaning the lack of proper warm-ups for the series but India has been consistent even without warm-ups. Unlike other series when both teams looked even in T20Is, the advantage this time is firmly with India. KL Rahul, Virat Kohli and Rohit Sharma make up a formidable top order while Jasprit Bumrah, Mohammed Shami and Navdeep Saini make-up a potent bowling line-up. With Kuldeep Yadav and Yuzvendra Chahal in the side, and with the absence of the 2019 World Cup stars Trent Boult, Lockie Ferguson and Matt Henry, it is firmly advantage India.This is the first time India will be playing New Zealand after the heartbreak of the 2019 ICC World Cup semi-final. India will be gunning for revenge. Really? When it comes to New Zealand, Kohli is a little bit more assured that revenge is NOT on their minds when they take on the Kiwis. Afterall, India will not be encountering sledges of Australia level. New Zealand are Mr. Nice Guys of the cricketing world and the atmosphere is a bit more relaxed. “Even if you want to think of revenge, these guys are so nice you cannot get into that zone. We get along really well with these guys and it’s all about being competitive on the field. As I said in England, they are probably one side that has set the example for teams to play international cricket. They obviously want to bring out the best they can in every ball and every game, they are intense in their body language, they are not nasty, they are not doing things which are not acceptable on the field,” Kohli said.Team NewsAccording to Kohli, Rahul will continue to keep wickets in both ODIs and T20Is, but will open in the shortest format while returning to the middle-order in the 50-over format. It could mean that Prithvi Shaw is being primed for an ODI debut and a potential pairing with Rohit when the three-match series begins on February 5. The skipper also indicated a change in middle order plans. With Rahul keeping wickets, the fit-again Rishabh Pant could lose his spot in the playing eleven.Manish Pandey is expected to play as the fifth specialist batsman and Shreyas Iyer will regain his spot at number four. Pandey, Iyer and Pant batted together in the nets on Thursday, while Sanju Samson hung around, only to pad up later on. Washington Sundar and Ravindra Jadeja are the other two all-round options. The Yuzvendra Chahal-Kuldeep Yadav combination is yet to play a game together since the 2019 ODI World Cup, and it remains to be seen if things will change in this aspect. In the pace department, Mohammed Shami and Jasprit Bumrah are assured starters, while the toss-up will be between Shardul Thakur and Saini.New Zealand have a 8-3 head-to-head advantage against India in Twenty20 Internationals. (Image credit: Getty Images)New Zealand have a dearth of all-rounders to choose from but need to balance with pickings in the pace department. It remains to be seen if the Black Caps opt for two spinners in Ish Sodhi and Mitchell Santner given the really short boundaries at Eden Park, venue for the first two T20Is. Williamson, though, has urged the need to move on. Williamson, however, said it was time for the Black Caps to move on from the disappointment and focus on the India series.”You need to keep moving on. The schedule is such that challenges keep coming thick and fast and now we got a great opportunity against India who are one of the top sides in the world but different personnel in terms of the T20 format and the guys are looking forward to the challenge. At times obviously it is tough. Australia was a humbling experience to get beaten badly like we did. You do want to be playing the best. Not losing,” Williamson said.Stats, Pitch Report And WeatherNew Zealand have played 19 Twenty20 Internationals at Eden Park, Auckland but surprisingly, they have won only six matches. Their only loss to India in New Zealand came at this very venue in 2019. The Eden Park wicket is considered to be a belter with plenty of runs on offer. The third man and fine leg boundaries are 45 meters and this makes even the straight boundary short. Plenty of sixes could be on display at this venue.Also Read | India In New Zealand 2020: Virat Kohli’s Side Faces Poisoned Chalice Of T20IsThere have also been three tied games at this venue, with the recent one against England once again replaying the 2019 Final heartbreak. The weather in Auckland will be partly cloudy and there are 20 percent chances of rain. However, that might not pose problems for the match. A maximum of 25 degrees and a minimum of 17 might provide comfortable conditions for the players although the high humidity of 72 percent could result in dew. For all the Latest Sports News News, Cricket News News, Download News Nation Android and iOS Mobile Apps.last_img read more

Owners of cemetery asked to reopen part time

first_imgGLENDALE – City officials are asking the owners of the shuttered Grand View Memorial Park to reopen the cemetery part time, with City Hall assuming liability. Officials have been negotiating with operator Moshe Goldsman for several weeks to unlock the 121-year-old cemetery’s iron gates, which have been chained since June after the facility’s owner was accused of financial mismanagement and mishandling remains and came under state investigation. The proposal would permit the cemetery at 1341 Glenwood Road to open once a week – possibly Sundays, said Senior Assistant City Attorney Mike Grant. The city will extend insurance coverage over the 25-acre facility during visiting hours and staff the grounds with park rangers. “We’re just waiting for a commitment,” Grant said. AD Quality Auto 360p 720p 1080p Top articles1/5READ MOREWhy these photogenic dumplings are popping up in Los Angeles Though criminal charges against her were dropped, she is due for an administrative court hearing Aug. 21 to determine if her business license will be revoked. Even if the parties reach a deal, a partial opening is likely temporary since the cemetery’s unkept grounds and browning lawns could eventually become a fire hazard, Grant said. A permanent solution means finding a buyer for the cemetery, though that could be difficult amid the legal problems. Still, Harvey Wise is hoping he will get to visit his wife’s grave Aug. 26 – their 61st wedding anniversary. She was buried there in 2003 after she died at 82 from an inoperable brain tumor. “I’ll go over, take some clippers, clean up the headstone and stuff, and take flowers,” said Wise, 86, of Arleta, who plans take flowers from a rose and orchid garden inherited from his wife. “I’ll do a little bit of talking to her, tell her about what’s going on with the family.” [email protected] (818) 546-3304160Want local news?Sign up for the Localist and stay informed Something went wrong. Please try again.subscribeCongratulations! You’re all set!center_img David Baum, an attorney representing Goldsman, said Monday his client is willing to work with the city. “We’re optimistic that in the near future, we can open the park for limited visiting hours,” he said. The city plans to raise the issue Thursday at a civil suit hearing between the cemetery’s owners and some 25 plaintiffs with loved ones interred there. Paul Ayers, an attorney representing lead plaintiff Mary Louise Largey, said a reopening is overdue. “In light of the city’s offer, there’s no excuse for the operators to continue to keep it closed,” he said. Both Goldsman and cemetery owner Marsha Howard must agree to the proposal. Howard, who could not be reached for comment, allegedly resold already-purchased graves and illegally disposed of human remains, according to the state Department of Consumer Affairs. last_img read more

Saugus girls out for revenge

first_imgDown two games to none, Saugus seemed to gaining momentum with a 20-16 lead in the third game, but a couple of Vikings 4-0 runs kept the Centurions from forcing a fourth game. With five matches left on each team’s schedule, the winner of tonight’s meeting might be slated to play for the league title against Hart. But that’s only if the Indians (8-3, 4-1) win their next three matches (Golden Valley, West Ranch and Canyon) and the winner of the Saugus-Valencia match does not lose again until it meets Hart. Saugus will visit Hart on its second-to-last match on Halloween night. The Centurions beat the Indians Oct. 12 (25-23, 25-21, 25-19). Valencia will host Hart on its final regular season match Nov. 2. [email protected] (818) 713-3607160Want local news?Sign up for the Localist and stay informed Something went wrong. Please try again.subscribeCongratulations! You’re all set! VALENCIA Bowed heads and watery eyes were common among a handful of Saugus High players on the girls’ volleyball team. This was after the Centurions, playing on their home court, lost to Foothill League archrival Oct. 4. The match, highly anticipated by both teams, was supposed to give an indication, perhaps, of which team can take this year’s league title. But it was not expected that the Vikings would win the match in three games (25-21, 25-19, 25-21). Saugus’ wait for a chance at revenge is over. AD Quality Auto 360p 720p 1080p Top articles1/5READ MORESurfer attacked by shark near Channel Islands calls rescue a ‘Christmas miracle’The Centurions (22-3, 4-1) visit the Vikings (11-11, 4-1) at 5 p.m. today, but Valencia, winner of the last four league titles, is out to prove it’s still the team to beat despite losing to Hart (17-25, 26-24, 25-9, 23-25, 15-12) Tuesday night. The Indians’ come-from-behind win not only snapped the Vikings’ 23-game win streak against league opponents but also set up a three-way tie atop the Foothill League standings, giving tonight’s Saugus-Valencia match greater significance than the previous one between these teams. In that match, behind outside hitters Courtney Alberi (11 kills) and Layne Castro (eight kills) and junior setter Taylor Kasha (30 assists), the Vikings were able to hold off a pressuring Centurions team. “I was thinking about that game all day through every single class,” Kasha said about the Oct. 4 match. “All I could think of is, we’re not losing to Saugus. We’d had that thought since the beginning of summer.” But the Centurions didn’t go down without a fight. last_img read more

Burns vows ‘I’m not done yet’ after losing world title

first_img“I think where he came back from before is about ten levels below where we are now,” Hearn said.”The Zlaticanin fight felt like the end of the world. “Tonight he lost in a unification fight to a very good fighter. If he can come back from the Zlaticanin defeat then he can certainly come back from this.”While saying that he would give any big fight consideration, Burns did rule out an all-Scottish affair with up-and-coming talent Josh Taylor, suggesting the desire for a fight was coming from trainer Barry McGuigan more than Taylor himself.“I’m not entertaining that,” he said. “Josh is a cracking fighter, I get on well with him and he’s the Commonwealth champion but how many fights has he had?“I think there’s a lot bigger fights out there for me than Josh Taylor.”Reflecting on the defeat to Indongo, Burns admitted the verdict was fair.He said his opponent’s style was difficult to get around and that the IBF and IBO champion was a big hitter.“The better man won,” he said. “Obviously I’m devastated that I’ve lost my title.“He was a lot more awkward and better than we thought he was going to be.“The first few rounds we knew what we were going to do. We were going to play it safe with a high guard, be on the move and try to take the sting out of him. He could punch, by the way. My head’s thumping.“The better man won on the night and I don’t know what else to say. I’m gutted.“I’m going to have a couple of weeks off. A couple of my stable mates are fighting next week so I’ll go down and watch them. I’ll probably go down and see Eddie before I go on holiday and we’ll discuss what’s next.” Ricky Burns said he was devastated by losing his WBA world super-lightweight title to Julius Indongo but insisted he still has some big fight nights left in him.The 34-year old was beaten in a unanimous points decision by the Namibian southpaw at the Hydro on Saturday night, suffering the sixth defeat of his 48-fight professional career.Having bounced back from losses to become a three-weight world champion, he wouldn’t rule out more big occasions in the future.“I’ve still got a few years in me and I’ve still got a few big nights left so we’ll see what happens,” Burns said. “I’m not finished yet. “Losing is the most gutting feeling ever but I’ve always said I will fight anybody at all. I’m not afraid to lose but just now it’s not nice.“They could say to me you’re fighting anyone at all and I would say ‘no bother’. My attitude is that a fight is a fight. I’m not afraid to go in with the best because boxing is all I’ve ever wanted to do.“There are still some great big fights out there for me and I’m not done yet.”Promoter Eddie Hearn agreed with Burns, saying that the road back from losing to Dejan Zlaticanin after defeat to Terence Crawford had been far more damaging.last_img read more

Wired’s First “Geeks in Suits” Event Was Great

first_imgOn Monday, Wired held its first-ever business conference, titled “Disruptive By Design.” A stellar cast was on stage and, perhaps more interestingly, in the audience as well. The audience had people you would normally see on stage, like Mary Meeker and Tim O’Reilly. Conde Nast, the new owner of Wired, seems to be recognizing that the old prophecy (long known to readers here) “the geek shall inherit the earth” has finally come to pass. This event was about geeky tech stuff really changing the world.The Stellar CastWith this list of speakers, you can certainly attract an audience:Shai AgassiChris AndersonJesper AndersenJeff BezosTim CadoganJeff ImmeltVivek KundraElon MuskToby SegaranMark ShuttleworthScott ThompsonNeil YoungOkay, one disappointment: it was not that Neil Young! This Neil Young gave a very interesting talk about the future of gaming, even if he never did break into Old Man.The stand-out session for me was Shai Agassi of Project Better Place. But at any other event, most of the other sessions would have been top of the pack. Jeff Bezos was awesome as always: Tim O’Reilly already reported well on his talk. Elon Musk was fascinating, and the juxtaposition of him and Shai Agassi was event as art: first Car 2.0 and then Oil 2.0. Jeff Imelt, CEO of a little company called GE, gave the kind of insight you only get when you run a $180 billion (in revenue) business and have to bring in $15 billion in revenue growth every year to keep investors happy.The Geek Shall Inherit the EarthIt is no coincidence that Conde Nast closed Portfolio magazine just a few months before running Wired’s first business event. Portfolio celebrated the old heavy hitters: you know, the Wall Street crowd. Those guys are hiding right now and not exactly prized by advertisers.Silicon Valley has always held the view that geeks rule. That just happens to be a relatively novel idea here in New York City. Conde Nast is the quintessential New York publisher: a great spotter and amplifier of trends. Its message to the social crowd in New York was, invite engineers to your next party, and forget about those hedge fund guys.Gutenberg’s Bible and the Panic of 1907The event was held at the Morgan Library and Museum, a venue choice full of historical echoes and ironies. This was the house where JP Morgan assembled Wall Street’s heavy hitters in 1907 to stop the financial meltdown that is probably the closest historical parallel to the post-Lehman financial panic we saw in the fall of 2008.The cocktail party was in JP Morgan’s library. It was fun to look at the first Gutenberg Bible while recalling Jeff Bezos saying that “Print has had a good 500-year run,” while waving his Kindle to imply that the run is over.The Retro Chic of PrintConde Nast is the ideal owner for Wired. It understands how great design can make a print product a must-have. One can imagine Vogue and Vanity Fair thriving in print forever. Wired is marvelously retro. That a magazine heralding the future should be one of the few magazines that geeks want to read in print is deliciously ironic.Wired seems to understand that print has retro-chic appeal, a bit like vinyl for music heads.Shai Agassi and Better PlaceI would have attended this event just to hear Shai Agassi of Better Place. His is one of those incredibly big, audacious ideas that make one optimistic about humanity. He has his share of critics who say he will fail, of course. But the scale of what he has already achieved is amazing:Electric car battery replacement in less time than it takes to swipe a credit card,Persuaded governments in Israel and Denmark to implement his electric refueling stations across the country,Persuaded a large global car company, Nissan, to build electric cars for these markets at scale.His mission is to end oil dependency. Of course, he also wants his company to make money because that is the only way this idea will be self-sustaining, and he owes that to his investors. But this is one guy you believe when he says it is really not about the money. If someone were to copy his idea and out-execute him, he would be happy enough, because he reckons that we need a billion electric cars to end oil dependency. He needs this idea to be validated by others.Wired put on a great show by having Elon Musk talk about Tesla, a totally amazing achievement, and then following him with Shai Agassi. Tesla is a real production pure electric car. Hearing Musk and Agassi speak, one comes away convinced that electric cars, powered by renewable energy sources, will be a mass-market reality fairly soon. That is a pretty big deal! Tags:#web 8 Best WordPress Hosting Solutions on the Market Why Tech Companies Need Simpler Terms of Servic… bernard lunncenter_img Top Reasons to Go With Managed WordPress Hosting Related Posts A Web Developer’s New Best Friend is the AI Wai…last_img read more

Records Management: Top RM Challenges

first_img October 7th, 2009 ‹ Innovation: Electronic Readers on the Horizon ECM: What can an ECM System do For Me? › The office of the inspector general has identifed the top 10 challenges that NARA, the National Archive and Records Administration, is facing in 2009. Most of the challenges aren’t unique to NARA but can be applied in a similar way to private enterprises.Transitioning from Paper to Electronic Archives.  NARA has experienced budgeting problems and delivery delays in getting an electronic repository set up.Finding and classifying documents as records.  Government is anything but immune to the huge increase in data and documents.  The challenge here is to identify those documents which are important and need to be maintained as records.IT Security.  Keeping pace with trends in data security to safeguard important information and retain credibility.  More than private industry, government data systems are frequent targets of breakins and attacks.Public Access to information.  NARA needs to have a system in place that allows information to be identified in a timely way for declassification and to be made available for public scrutiny.Storage Needs.  NARA and government agencies need to make sure that their storage policies and media comply with their own NARA regulations.Preservation Needs.  NARA is facing a backlog in older documents that need to be properly preserved and maintained.  A plan to address this is needed.Project Management.  NARA must be able to have a proper project management structure in place so that projects can effectively oversee the acquisition and deployment of new systems as well as to maintain existing systems.Physical Holdings Security.  NARA must assure that facilities where records are housed are secure and are designed to withstand man-made or natural disasters.Contract management and administration.  NARA is challenged to continue strengthening their internal workforce and improve the management and oversight of federal contractors.Workforce.  NARA’s challenge is to adequately assess its human capital needs in order to effectively recruit, retain and train people with the technical understanding and content knowledge that NARA needs for future success. Category: Records Management Leave a Comment last_img read more

Announcing Marshall Kirkpatrick as Co-Editor, ReadWriteWeb

first_imgrichard macmanus Related Posts Why Tech Companies Need Simpler Terms of Servic… Tags:#Admin#web Top Reasons to Go With Managed WordPress Hostingcenter_img I’m pleased to announce that long-time ReadWriteWeb blogger Marshall Kirkpatrick is officially now our Co-Editor, sharing editor duties with yours truly Richard MacManus. When I founded this site almost 7 years to the day, I was the lone blogger. Today ReadWriteWeb has a team of around 20; and in particular our writing team has grown a lot over the past year. Given this expansion, we’ve decided to split the Editor role into two: Marshall will lead our daily news team, while I will continue to lead the feature and channel writers.Marshall also continues in his other role of VP Content Development here at ReadWriteWeb, which is closely aligned with our editorial program.You can see our entire team on our About page and you can also follow us all on Twitter. 8 Best WordPress Hosting Solutions on the Market A Web Developer’s New Best Friend is the AI Wai…last_img read more

Understanding Subresource Integrity

first_img (Large preview)As you can see, the hash that’s specified in my page no longer matches the file, so the file gets blocked.Using SRI In Your Own ProjectsHaving this capability for libraries on a CDN is great, and if you see the option to use an embedded file with an integrity attribute then you should definitely favor that option. But it’s not limited to big projects on CDNs, you can use this yourself for your own sites.It’s not at all far fetched to imagine a scenario where a hacker manages to get access to just a few files on your site. I think most of us have see a client, colleague or friend who has at some point had a WordPress site compromised with a load of nasty junk that they didn’t even realise was there.SRI can protect you from this too. If you generate integrity hashes for your own files, then you can have your site reject any changes just as it would for a remotely hosted file.Generating HashesYou can, as you’d expect, run some commands at your computer’s terminal to generate a hash for a file. This example of how to do so comes from the MDN Subresource Integrity page:cat FILENAME.js | openssl dgst -sha384 -binary | openssl base64 -A That’s getting the content of FILENAME.js and passing it as input to openssl to create a digest using sha384, which is then passed as input into another openssl command to base64 encode the result. Not only is that complicated and obscure, but it’s also not the sort of thing you want to be doing by hand every time your JavaScript file changes.More usefully, you’ll want to integrate this somehow into your site’s build process, and as you’d imagine, there are plenty of ready-made options there. The exact implementation is going to vary wildly based on your project, but here are some building blocks.If you use Gulp to build your sites, there’s gulp-sri which will output a JSON file with a list of your files and their hashes. You can then make use of this in your site. For example, for a dynamically rendered site, you might create a template plugin to read that file and add the hashes to your templates where needed.If you’re still with Gulp but have a static site (or a statically generated site) you might use gulp-sri-hash which will actually run through your HTML pages and modify the pages to add hashes where needed, which is very handy.If you’re using Webpack, there’s webpage-subresource-integrity which in true Webpack style is more complex than any human might expect it to be, but does appear to work.For those using the Handlebars templating engine, there appear to be options available to you, and if your build process is just basic JavaScript, there are simple solutions there too.If you’re using a CMS like WordPress, I found a plugin that appears to make it easy, although I’ve not tried it myself. Googling for your own platform of choice with SRI or Sub Resource Integrity will likely point you in the right direction.You essentially want to hook your hashing in after your JavaScript files have been minified and then make that hash available in some way to whatever part of your system outputs the tags. One of the wonders of the web platform is that it’s so technically diverse, but that sadly leaves me unable to give you good implementation instructions!Other Things To NoteIn this article, I’ve talked a lot about JavaScript files because that’s really where it makes the most sense to defend against hacking attacks. SRI also works with CSS, and so you can use it in exactly the same way there. The risk for malicious CSS is much lower, but the potential to deface a site still exists and who knows what browser bugs could also lead to CSS inadvertently exposing your site to a hacker. So it’s work using SRI there too.Another interesting thing you can do is use a Content Security Policy to specify that any script (or styles) on your page must use SRI, and of course that SRI must validate.Content-Security-Policy: require-sri-for script; This is a way to ensure that SRI is always used, which could be useful on sites worked on by multiple team members who may or may not be fully up to speed with how to do things. Again, a good place to read more about this is the always-great MDN docs for Subresource Integrity.The last thing that’s worth talking about is browser support for SRI. Support in modern browsers is broad, with the main exception being Internet Explorer. Due to the backwards-compatible way the specification has been implemented, however, it’s safe to use immediately. Browsers that understand the integrity attribute will use the hash and check integrity, and older browsers will just carry on as they always have and keep working. Of course, you’ll not get the added protection in those older browsers, but you will in the browsers that do offer support.ConclusionWe’ve seen not only what those weird hashes in the integrity attributes do, but how we can use them to defend against certain types of attacks on our website. Of course, there’s no one silver bullet that will defend our sites against every type of exploit, but Subresource Integrity is a really useful tool in the chain.Exploiting a security flaw is often about getting multiple small pieces to line up. If A is in place, and you can make B happen, then a bug in C makes D possible. Browser features like SRI give us a good way to tie things down just a little bit more and potentially break that chain and prevent a hacker from getting what they want. What’s more, if you can integrate it into your build process or CMS, it’s something you should be able to set up once and then forget about and it won’t cause you day to day inconvenience.As such, I’d really recommend taking a serious look at Subresource Integrity and implementing it on your sites if you can. (yk, il)From our sponsors: Understanding Subresource Integrity (Large preview)I can see that bootstrap.min.js (and also the jQuery file it needs) have loaded successfully.Let’s see what would happen if I update the hash to be something I know to be incorrect. Understanding Subresource Integrity Understanding Subresource Integrity Drew McLellan 2019-04-09T12:30:59+02:00 2019-04-09T12:34:37+00:00If you’ve ever used a CDN-hosted version of a JavaScript library, you may have noticed a strange looking integrity attribute on the script tag. This attribute contains seemingly endless alphanumeric junk that you may be tempted to strip out in the quest for cleaner code.All that junk is actually a really useful security feature called Subresource Integrity (SRI) that can help to defend your site against certain types of hacks and compromises. In this article, we’ll take a look at what SRI is, how it can help protect you, and how you can start using it in your own projects, not just for files hosted on CDNs.A Bit Of HistoryWay back in the days when JavaScript was very much the poorer cousin to HTML and CSS, we didn’t need to think too much about how our scripts could be used as an attack vector for our websites. Most sites were all hosted on a single physical server somewhere on our own hosting infrastructure, and it was the server we thought about defending when it came to security best practices.As browsers became more capable and net connections got fatter, we started to use more and more JavaScript, and eventually, reusable JavaScript libraries began to spring up. In those early days libraries like script.aculo.us, Prototype and eventually jQuery began to gain adoption amongst developers looking to add more interactivity into their pages.With these added libraries and subsequent plugins came added page weight, and before long we were starting to think seriously about front-end performance. Resources like Content Delivery Networks (CDNs) that had previously been the reserve of giant corporations were becoming commonplace for everyday folk building snappy websites.Along the way, some bright spark noticed that sites were all requesting their own copies of common libraries — things like the latest jQuery — and if there was a common CDN version of those libraries that could be used by every site, then the user wouldn’t need to keep downloading the same file. They’d take the hit for the first site to use the file, but then it would sit in their local browser cache and downloads could be skipped for each subsequent site. Genius!This is why you’ll see CDN links for your favorite libraries using URLs like jsdelivr.com — they’re making use of a common CDN to host the files so that their users see the performance benefits.What Could Go Wrong?This remains a good, practical way to work, but it does introduce a potential vector for attack. Let’s imagine that it’s 2012 and everyone is using the brand new jQuery 1.8. Back with the traditional way of doing things, everyone would have their own jQuery 1.8 file hosted as part of their own website on their own server.If you were some kind of evil actor — like some sort of jQuery-based Hamburglar — and had figured out a sneaky way to hack the library for your own evil gains, you’d have to target every website individually and compromise their servers to have any impact. That’s a lot of effort.But that’s not how things are now, as everyone is using jQuery loaded from a common CDN. And when I say everyone, I don’t mean hundreds of web pages. I mean millions of web pages. Suddenly that one file has become a very attractive target for our shady hacker. If they can compromise that one file, they can very quickly have code running in millions of web pages across the globe.It doesn’t matter what that code is. It could be a prank to deface pages, it could be code to steal your passwords, it could be code to mine cryptocurrency, or it could be sneaky trackers to follow you around the web and make a marketing profile. The important thing is that the innocent file that the developer added to a page has been changed and you now have some evil JavaScript running as part of your site. That’s a big problem.Enter Subresource IntegrityRather than rolling back the clocks and abandoning a useful way to use code, SRI is a solution that adds a simple level of security on top. What SRI and the integrity attribute does is make sure that the file you linked into a page never changes. And if it does change, then the browser will reject it.Checking that code hasn’t changed is a very old problem in computer science and thankfully it has some very well established solutions. SRI does a good job of adopting the simplest — file hashing.File hashing is the process of taking a file and running it through an algorithm that reduces it to a short string representation, known as a hash or checksum. Without getting into the weeds, the process is either repeatable or reversible, so much that if you were to give someone else a file along with the hash they’d be able to run the same algorithm to check that the two match. If the file changes or the hash changes, then there’s no longer a match and you know something is wrong and should distrust the file.When using SRI, your webpage holds the hash and the server (CDN or anywhere) holds the file. The browser downloads the file, then quickly computes to make sure that it is a match with the hash in the integrity attribute. If it matches the file is used, and if not it is blocked.Trying It OutIf I go to getbootstrap.com today to get a CDN link to a version of Bootstrap, I’m given a tag that looks like this:You can see that the src attribute is as we’re used to, and the integrity attribute holds what we now know to be a hash.The hash is actually in two parts. The first is a prefix to declare which hashing algorithm to use. In this case, it’s sha384. This is followed by a dash and then the hash itself, encoded with base64.(You may be familiar with base64 as a way of encoding inline files like images into pages. It’s not a cryptographic process — it’s just a fast and convenient way to encode potentially messy data in a way that translates neatly to ASCII. This is why it’s used a lot on the web.)On seeing this the browser will download bootstrap.min.js. Before executing it, it will base64 decode the hash and then use the sha384 hashing algorithm to confirm that the hash matches the file it’s just downloaded. If it matches, the file is executed.I can test this out by putting that tag in a page, and then flipping to the Network tab in my browser tools to see that the file has been loaded. HomeWeb DesignUnderstanding Subresource Integrity Posted on 9th April 2019Web Design FacebookshareTwittertweetGoogle+share Understanding Subresource IntegrityYou are here: Related postsInclusive Components: Book Reviews And Accessibility Resources13th December 2019Should Your Portfolio Site Be A PWA?12th December 2019Building A CSS Layout: Live Stream With Rachel Andrew10th December 2019Struggling To Get A Handle On Traffic Surges10th December 2019How To Design Profitable Sales Funnels On Mobile6th December 2019How To Build A Real-Time Multiplayer Virtual Reality Game (Part 2)5th December 2019last_img read more