Farm Development

Thoughts

How To Protect Against Heartbleed And Other Vulnerabilities

The OpenSSL heartbleed bug was a serious kick to the Internet's collective ass. This video provides a quick overview if you want the details. In summary, an attacker could craft a payload with a fake size (up to 64k) and trick openssl into sending a random chunk of server memory. WTF?! To understand how bad this was I spent a minute hacking on this script that was going around. I pointed it at login.yahoo.com (which is no longer vulnerable) and tried to see if I could catch a username and password flying by. I had one within 30 seconds. That's how bad it was; you could read random parts of the server's memory which may contain passwords, private keys, or whatever else OpenSSL was processing for current site visitors.

I had stolen someone's credentials. Game over, right? How do you protect yourself against something as bad as this? ...

Ramblings

Oh, hey! I almost forgot I have a blog. Well, the colors are annoying to me and my comment system sucks but, meh. I wanted to write a quick note about where you can find stuff I write.

Shame The Thieves or Fix the Music Model

David Lowery wrote a piece on how downloading music is hurting musicians (which is a response to Emily White's piece on admitting to not buying music). Here is my response.

Music is a really interesting "product," especially when distributed digitally for $0.001 cents per download (production costs: bandwidth, storage, etc). The real production costs are for the time put in by the artist, studio fees, and creativity. Besides the creativity part, that formula sounds a little bit like the FDA drug market, right? It costs about $0.001 cents to manufacture a pill so the hefty price tag goes to recoup the money spent on drug research. Or does it? Yeah, selling drugs is a messed up industry...

The Key To A Successful Startup Is Not Its Concept

In this article, a coffee shop entrepreneur laments a more "celebrity" entrepreneur who launched a similar startup but got more traction.

His conclusion: "The difference between the guy in the coffeeshop and the celebrity entrepreneur isn’t just press connections, money, and experience; ultimately it is this combination of factors."

I don't think this is true. A successful startup has very little to do with money and connections...

Let's Buy Lobbyists To Save The Internet

At ORD Camp last weekend Ben Huh led a discussion about how we -- a group of geeks and artists -- can save the Internet. We won the fight against SOPA and PIPA for now but those laws will just sneak in through some other bill. Will wikipedia be there to black out again in protest? The fight is nowhere near from over and we have to get organized...

What's Happening at Mozilla?

Most people at Mozilla are remote so each quarter we sync up face to face as a group for an all-hands meeting. There are over 600 employees! We of course sync up in smaller groups more frequently but this is a chance to see what's going on across the entire Mozilla horizon.

So what's happening at Mozilla? We're on the cusp of a huge shift towards an open web platform. That is, something more than a web browser -- something you can run "native" apps on. There's a lot of work left to do, of course. Here is a random dump of interesting projects in the works...

How Do We Open Up The Social Web?

The release of Google Plus presents a unique opportunity to open up the social web. Why? Because it's a compelling product -- it's intuitive and fun with innovative features like circles, hangouts, sparks, etc. In many ways it's a clone of Facebook but that's just a reinforcement of what Facebook (and before that, Friendster) got right. If Plus continues to succeed then the optimist in me envisions this as a golden opportunity! ...

Music Everywhere: Amazon Cloud Player

A few services have been popping up lately that let you stream music from any computer or device (the so called "cloud"). Amazon just released theirs, uncreatively named Cloud Player.

I'm pretty excited about this one because it's the first I've seen to actually offer sane, reasonable pricing ...

Firefox Goes Mobile

When I got my first Android "smart phone" it felt like a slow, hard-to-use computer on dial-up Internet. Now I use an Android G2 (HTC Vision) which I'd call a pretty snappy, easier-to-use computer. I can't say I do much on it besides calls, texting, and Twitter but I'm excited that Firefox Mobile has just been released. You'll need a newer Android phone (arm v7) to install it and it's going to eat up a whopping 14MB (plus caching) but, hey, Firefox is now mobile! ...

Firefox 4 Is Here And It's Glowing

Firefox 4 has launched! If you want to watch the whole planet upgrade in realtime head over to glow.mozilla.org (built by @potch, @jeffbalogh, and others!). If you haven't already downloaded Firefox 4 then what are you waiting for? After that, join the twitter party by using the #fx4 hashtag in your tweet...

What Happened To The Feeling Lucky Search In Firefox 4's Awesome Bar?

Firefox 4 is about to ship! And it contains a massive amount of enhancements, especially UI enhancements, blazing fast JavaScript, and more HTML5. I'll probably write more about these hot new features and how important Firefox is to the international community but first, this.

In the next week millions of people will begin upgrading to Firefox 4. A large number of them will be upgrading from Firefox 3 so they'll be disappointed to learn that when you type a name or phrase into the Awesome Bar it no longer takes you directly to the website you are looking for. Technically this feature was called Browse By Name but most people probably understand it as performing a "feeling lucky" search in Google. The forums and support site are already filling up with complaints.

Don't worry! The feature was just disabled, it wasn't removed entirely...

How To Achieve True Privacy On The Web: DOMCrypt

The Internet was invented so that data could be decentralized and liberated. Well, so much for that idea. With the rise of services such as Facebook and Twitter we are back to the original mainframe problem: everything is stored and controlled by a central authority. Ironically, today's "to the cloud" meme is making us depend on central authorities even more.

So what about data privacy? In this centralized model we go about our online lives constantly posting data to all these different servers that we trust...

What The New Open Web Can Do: Firefox 4 Demos

Firefox 4 is near the end of its beta cycle but what is so special about this release? Why not see for yourself on the new demo site, the Web of Wonder (requires Firefox 4 beta but some demos do work in Chrome and Safari). I'll be honest, as a web developer, the new power of HTML5, CSS3, SVG, WebGL, etc totally blows my mind...

Fudge Goes 1.0

Fudge, the python mock tool, goes 1.0! You can grab it with pip install -U fudge or directly from PyPI. This marks the end of a long incubation period where the community and I used Fudge in real world scenarios to see what worked and what didn't. I'm sure there are many more improvements to make but as of 1.0 I'm very satisfied with what we've accomplished. This is thanks to its small but vocal community of users, to all contributors and to everyone who pointed out flaws...

The Promise of the Cloud

As web developers we are faced with this problem: how do we scale up our code to handle high traffic? A lot of time and engineering goes into this problem -- time to simulate the traffic we expect and add servers to our cluster, cache heavy database access, etc, in anticipation of the load. Time is precious. This time could be spent optimizing the usefulness of our web product and creating interesting content. No one really congratulates you when a website works, they expect it to work.

When Google App Engine was released their pitch was...

I've Joined the Web Dev Group at Mozilla

Compiling Python 2.5 on Mac OS X 10.6 (Snow Leopard)

CHIRP Radio Is Looking For Android Developers

Dark-Launching or Dark-Testing New Software Features

Python Package Index (PyPI) Mirrors

PyCon 2010 - Get Your Proposals In

Fixture 1.3, Now With That Tangy Django Flavor

Using Dropbox As A Worm Hole To All My Computer Worlds

Why you should NOT license your code as GPL

Unit Testing JavaScript With JsTestDriver

Nose 0.11 released (nifty new features)

Degradable Ajax by Sharing Mako Templates With Dojo

The Python Packaging Problem

PyCon Happenings

Fudge 0.9.2 Released

A new version of Fudge, mock object library for Python

What Makes Pylons Stand Out As a Web Framework

Googlebot's Fatal Flaw And How You Can Fix It (or Get Rich Trying)

Fudge: Another Python Mock Framework

Debugging doctests interactively

Chicago JavaScript Meetup: JS.Chi()

Glögg, Swedish mulled wine, the Chicago recipe

Python 3.0 On Mac OS X (alongside 2.6, 2.5, etc)

Are you hiring web developers?

Try out the Mercurial Subversion extension (hg svn) on Mac OS X

Automated Model Based Testing of Web Applications (GTAC 2008)

Taming The Beast: How To Test an AJAX Application (GTAC 2008)

The Future of Testing (GTAC 2008)

When Online Advertising Actually Works

Presenting a Solid Tutorial at PyCon

Adrenallin For The Brain

T'is be'a Fixture 1.1.1 fer ya!

Web Frameworks Do Not Make DBAs Happy

Real Test Engineers Love Dots

It's Time to USE The Web : Mozilla Labs Releases Ubiquity

aintjustsoul.net: A portable record player for the Internet

Chicago's Google App Engine Hack-A-Thon Recap

Fixture Goes 1.0 (Testing With Data In Python)

An In-Process, Headless Web Browser for Python?

After the release of Google App Engine, the Rubyists ...

Making Erlang indentation-sensitive

The Python Make tool

Testing Google App Engine sites

PyPi (Cheeseshop) on Google App Engine

Unicode In Python, Completely Demystified (slides available)

Data mining in Python and beyond?

The Monty Hall Problem (win a goat or a car)

Building Flash/ActionScript sites entirely in code and using FireBug for debugging

Software is written by hand

Converting ReStructuredText to Wiki syntax

Leapfrog Online is looking for some Django developers (Chicago area)

Datejs - A JavaScript Date Library

WSGI Intercept Has A New Home

importing modules from setup.py (chicken vs. egg!)

How To Get Started Writing Open Social Applications

Pycon in Chicago, Excited Yet?

GTAC Highlights Part 1 - Selenium is Alive and Well, Model Based Testing Is Smart, And...

Python on TextMate demo (Chicago area)

Hacking python frames

fileinput : nice module for file processing

context_tools, bridging the gap between test methods and test classes?

Going to the GTAC (Google Test Automation Conference)

What does the def-star-variable (or def-asterisk-parameter) syntax do in Python?

What I Thought I Knew About Unicode in Python Amounted To Nothing

undefined reference to `__stack_chk_fail' (compiling subversion 1.4.3 on Ubuntu)

documentation for fixture module

Humans are here to stay!

multiple inheritance woes

testing just got easier (a few nose plugins)

unicode and unicorns

Live doctest in TextMate (IPython + Twisted?)

PyCon: A Star Schema in pure python code? Is this guy INSANE?

You vs. The Real World: Writing Tests With Fixtures (Sunday at Pycon!)

Why People Don't Use Hand Dryers

Industry of the Ordinary

2 stupid things I coded this week

Coffee! ... and python

Housecall from the pydoctor (finally, a doc generator that works!)

Generating python with python

Python gets true closures in 3000 - do I care?

New Chicago City Sticker

You vs. The Real World: Testing With Fixtures (Coming Soon)

Creating a subversion checkout/ dev target for easy_install

Blogging, Blogosphere, or something

Recent Projects

  • JSTestNet

    Like botnet but for JS tests in CI.

  • Nose Nicedots

    Nose plugin that prints nicer dots.

  • Fudge

    Mock objects for testing.

  • Fixture

    Loading and referencing test data.

  • NoseJS

    Nose plugin that runs JavaScript tests for a Python project.

  • Wikir

    converts reST to various Wiki formats.