Farm Development

Thoughts on Whatever

back to all thoughts

How To Protect Against Heartbleed And Other Vulnerabilities

The OpenSSL heartbleed bug was a serious kick to the Internet's collective ass. This video provides a quick overview if you want the details. In summary, an attacker could craft a payload with a fake size (up to 64k) and trick openssl into sending a random chunk of server memory. WTF?! To understand how bad this was I spent a minute hacking on this script that was going around. I pointed it at login.yahoo.com (which is no longer vulnerable) and tried to see if I could catch a username and password flying by. I had one within 30 seconds. That's how bad it was; you could read random parts of the server's memory which may contain passwords, private keys, or whatever else OpenSSL was processing for current site visitors.

I had stolen someone's credentials. Game over, right? How do you protect yourself against something as bad as this? ...

Ramblings

Oh, hey! I almost forgot I have a blog. Well, the colors are annoying to me and my comment system sucks but, meh. I wanted to write a quick note about where you can find stuff I write.

CHIRP Radio Is Looking For Android Developers

CHIRP Radio in Chicago is looking for someone to help us build a custom Android application so that our listeners can have a better experience on their Android phone. There are already a few Android apps for radio but they are clunky. Also, we have some plans to better engage listeners on phone apps with currently playing tracks, click-to-request-a-song, and other ideas like that.

We already have a pretty slick iPhone application created by volunteer John Carlin and after only a few months it already has 1,000+ downloads...

Using Dropbox As A Worm Hole To All My Computer Worlds

Dropbox has nailed a use case that I've struggled with for a long time. I have a computer at work. I have a computer at home. Generally I keep files in sync via version control (Subversion, Mercurial, etc) but this is cumbersome for large files, specifically mp3 files. I consume a lot of music, digital and otherwise. How do I keep my music in sync between computers? ...

Glögg, Swedish mulled wine, the Chicago recipe

Now that it's -5 F in Chicago with a windchill of -25 F I thought it was an appropriate time to share one of the secrets to surviving a Chicago winter: Glögg! If you live in the old Swedish neighborhood (Andersonville) like I do then you can sip Glögg at most local bars but with weather like this, why even leave your house? Here's my recipe...

When Online Advertising Actually Works

Telemarketing is one of the most ineffective forms of advertising. Hello? Yes? I'm cooking dinner, why would I want to buy something? How do you know I'm even remotely interested in your product? Online advertisements like text ads and banner ads are slightly different. I usually buy things online out of convenience so the venue is good for advertising. There is also a lot of information about me online ...

Adrenallin For The Brain

Someone passed me a link to this really nice article, Annals of Science: The Eureka Hunt, which talks about how neuroscientists have been studying what goes on in the brain when we get those amazing ideas that seem to come from nowhere. In my own life I can think of several times where I've experienced a sudden "burst" of thought like this. Sometimes it seems like...

The Monty Hall Problem (win a goat or a car)

There is a puzzle used in game shows known as The Monty Hall Problem. It's been around for a while but over lunch yesterday someone explained it to me for the first time and 3 out of 4 of us argued convincingly the same answer. And it was wrong. Here's the problem:

Suppose you're on a game show, and you're given the choice of three doors: Behind one door is a car; behind the others, goats. You pick a door, say No. 1, and the host, who knows what's behind the doors, opens another door, say No. 3, which has a goat. He then says to you, "Do you want to pick door No. 2?" Is it to your advantage to switch your choice?

The most logical answer to me was no it doesn't matter if you switch or not because you never knew what was behind the first door you chose anyway. It seemed to me that the problem was no different than having two choices, a goat or a car and randomly choosing one. But this is all wrong!

Since I'm not good at math I could only loosely follow the explanations for why I was wrong. So, naturally, I wrote some code to see it in action (bear with me, I spent all of 5 minutes on it):

import random
from decimal import Decimal
choices = ['goat','goat','car']
tries = 99000
switch_correct, stay_correct = 0, 0
for num in range(tries):
    doors = [c for c in choices]
    random.shuffle(doors)
    first = doors.pop(random.randint(0,len(doors)-1))
    for i,val in enumerate(doors):
        if val == 'goat':
            doors.pop(i)
    switched = doors[0]
    if switched == 'car':
        switch_correct += 1
    elif first == 'car':
        stay_correct += 1
print "stay: you win %s%% of the time" % (Decimal(stay_correct) / Decimal(tries) * 100)
print "switch: you win %s%% of the time" % (Decimal(switch_correct) / Decimal(tries) * 100)

I found the result astonishing:

stay: you win 33.5% of the time
switch: you win 66.5% of the time

The wikipedia link above explains why this is but it is still incredible to me, like a magic trick.

Software is written by hand

...that's right, it's not molded or prefabbed, it's not made on a production line or in a lab. Are we insane??! Here is a hilarious probe into the darker side of this art we call programming.

Blogging, Blogosphere, or something

So ... I have a blog now. Dunno about Bonde but I always kinda told myself I'd never have a blog because I don't read them much and think the whole phenomenon is a little weird and self-indulgent.

On the flipside, I find myself googling a lot for things like "make it work damnit!" (more specifically of course) and usually that pops up a blog where someone kindly posted his/her instructions for making it work. So hopefully this will be a useful blog for technical nerd stuff at best.

I also find myself perusing Planet Python via RSS on my lunch breaks these days. I always seem to find some useful python tidbit in there. Then again, being a nerd is hard work so I'll probably post my handful of useless, self-indulgent rants and add to the clutter we call the Internet. Oh, what beautiful clutter it is.

Speaking of blogs, can someone post a comment if they know of a good blogging app for python? I say python because I would be interested to contribute if it was well designed, open source, etc. I ended up installing Wordpress for my sister, even though I loathe PHP for all the usual reasons. Wordpress pretty much rocks, but as a wounded PHP veteran, I have no desire to touch the language ever again.

Typo seemed promising at first but looks a little dead. I tried installing Mephisto and, although their install instructions seem more reasonable now, when I tried a month ago it required subversion and rails edge. Both of which caused the tests to break. And pass. Then break again. You get the picture. I couldn't even get the thing to run without a 500 error and gave up after a couple of weeks. Woodlog looked promising too since I like Django but that too seems a little dead. Sigh.

So I built this thing with Django in about 4 sittings and it's super basic but seems to work!

Recent Projects

  • JSTestNet

    Like botnet but for JS tests in CI.

  • Nose Nicedots

    Nose plugin that prints nicer dots.

  • Fudge

    Mock objects for testing.

  • Fixture

    Loading and referencing test data.

  • NoseJS

    Nose plugin that runs JavaScript tests for a Python project.

  • Wikir

    converts reST to various Wiki formats.