A few days ago, a colleague was telling me about a project where she needs to implement a crypto scheme from an external vendor in order to talk to their API over HTTP. For complicated (and probably wrong) reasons, they decided to eschew TLS and develop their own system instead, relying on DES –not even triple DES! Basic DES, the one from the ‘70s that is horribly insecure today– and RC4, which isn't great either.
Programming rails · ruby · upgrade
In 2011 I wrote a small Rails app in order to learn Ruby better and see what all the fuss was about â this was Antipodes, a website that shows you the antipodes of a given point or country/state using google maps. I built it using the latest and greatest version of Rails available at the time, which was 3.2. It has since fell to various security issues and has been superseded by newest version, and is currently unsupported.
So, remaildr.com had been in a pretty sorry state for a couple of months now, and I kept thinking I should go have a look into it and get to the bottom of the issue. And the bottom of the issue was the 6000 spam emails sitting in the inbox, making the server crash at startup. They're now deleted, and everything is back up and happy. I'm currently thinking about different monitoring options, but given it's all email-based, no solution that I know of seem overly practical to me.
“So, the tests sometimes fail inexplicably” is a sentence you probably hear pretty often if you're running any type of full-stack, browser-driven integration tests over a large-enough code base, especially when customising on top of an existing product. Today's instance was puzzling at first - the tests would sometimes fail to log in at all. That is, open the login page, fill in the username and password, wait until the URL change and assert that we're now on the dashboard - nope, failure.
Programming java · less · maven
Sorry, this is a rant. I was recently investigating Maven plugins for LESS compilation. The use-case is pretty run-of-the-mill (I think?): I want to be able to write a .less file anywhere in my project src/ folder and have Maven compile it to CSS in the corresponding folder in target/ at some point of the build pipeline. I first looked into lesscss-maven-plugin, a short-and-sweet kind of tool that looks perfect if you have one (and only one) target folder for all of your CSS.
I recently had to implement a new functionality for an internal web application:Â a button to download a specially-formatted file. The right way to do it is, of course, to deploy server-side code generating the needed file in the backend and make it accessible to the user via the front-end. The application in question is an important company-wide production system and I was on a hurry, so I decided to go the Quick way rather than the Right way 1.
Sometimes, your network is just too good. Today I ran into this issue as I was testing an application running off a VM in the local network. Latency and bandwidth were excellent, as you'd expect, but nowhere near the conditions you'd encounter over the internet. Testing in these conditions is unrealistic and can lead to underestimating issues your users will experience with your app once it's deployed. So let's change that and add artificial latency, bandwidth limitations, and even drop a few packets, using tc.
Programming c · stack overflow
I recently set out to implement a few basic data structures in C for the hell of it (and to reassure myself that I can still code C), and ran into an interesting compiler wart… I was trying to instantiate a static array of 10 million integers (who doesn't?), in order to test insertions and deletions in my tree. However, as you can astutely deduce from the title of this post, this was too much for the stack of my poor program and ended up in a segfault - a textbook stack overflow.
(This blog post is better followed with the associated github repo. Run the Sinatra server with ‘ruby slowserver’, pop up a browser, and follow the revisions to see how the code gradually gets better. :) ) Recently at work, we wanted to modify some js ad code to include weather data for better ad targeting. For certain caching reasons, weather data has to be fetched by an AJAX call, then fed to the ad code.
« Newer Older »