Leeland's blog

Leeland's picture

Defensive Java Programming Notes (01 of 11) Introduction

Taking a course on Defensive Java Web Programming presented by Kevin Poniatowski from Security Innovation http://www.securityinnovation.com and there are a lot of cool things to think about and remember. So starting this thread so I can write notes essentially to myself, but hey why not share.

"Threat trend data shows that applications are more commonly attacked than the perimeter"
Depository Trust and Clearance Corporation

Leeland's picture

How to Write 3v1L, Untestable Code

I always love a good laugh and this one is great. The developers and testers at Google have put up a great "How to Write 3v1L, Untestable Code" article with tongue in cheek and enough sarcasm to really tickle your thought processes. In reality is a list of things not to do as a developer. I love the reverse style delivery. You can find the complete post here: Google Testing Blog (http://googletesting.blogspot.com/2008/07/how-to-write-3v1l-untestable-c...).

Leeland's picture

PuTTY SSH + default pointer + rdesktop = where is my mouse?

I work on a beefy Linux box with multiple desktops & monitors. I also have a windows laptop to do office junk and some testing. If my computers are side by side things are pretty sweet and I use Synergyc / Synergy2 (http://synergy2.sourceforge.net/) to make all my monitors flow together.

But, I also have another beefy Linux development box in a shared team space where again I have multiple desktops & monitors. No problem I just use rdesktop (http://www.rdesktop.org/)to make one of the monitors turn into my windows screen. All is fine in the world.

Leeland's picture

New IDL from Google Claims to be an order of magnitude faster than XML

Well this is interesting on a Google's blog (http://google-opensource.blogspot.com/2008/07/protocol-buffers-googles-d...) Monday, July 7, 2008 Kenton Varda announced that Google is using an internally developed interface description language (IDL) that is easier to use and faster then XML call Protocol Buffers (http://code.google.com/p/protobuf/).

Leeland's picture

Minimizing the Attack Surface

Chris Eng has written two excellent articles on development considerations:

Leeland's picture

Shooting Fireworks by Hacking My Camera

Well 2 days of preparation and a lot of reading really paid off. The last few years I have not been very happy with my photographic results from events like the 4th of July shows. So this year I decided instead of being a rank amateur I would try and figure it out.

Leeland's picture

FCGI and output streams

OK so this took more then a while to figure out. I had to go read the FAST CGI specification (http://www.fastcgi.com/devkit/doc/fcgi-spec.html), the lighttpd FastCGI Interface docs (http://trac.lighttpd.net/trac/wiki/Docs:ModFastCGI), the Django FastCGI docs (http://www.djangoproject.com/documentation/fastcgi/) and a number of other forum posts in a number of groups.

All this just to answer the question: How do I get my Python Django applications to print to the the lighttpd error logs when using Lighttpd + FastCGI?

At last I found the answer. At least partially...

Leeland's picture

Captcha is online

With a few code reviews and tweaks to SCT Tools basic captcha support is now online. I still need to integrate the captcha call into the user registration system.

The nice part is now email addresses are hidden unless a captcha check is done. Further captcha checks time out after a short period. Is this open to some kind of mining pass? Possibly a replay attach. Need to check that out. Of course Django is supposed to be pretty solid. Need to see about coping cookies around a little.

Leeland's picture

Laughing at myself

Back in 1988 I started a BBS in San Diego. I put out a lot of money, installed 2 separate phone lines, had state of the art 2400 baud modems and an Amiga 2000 with nearly 100 MB of disk space and a eye popping 2 MB of RAM. I coded and tested for hundreds of hours. Finally it was ready and I put it online. I published in the local computer magazines that it was up and running. Then I sat and watched it for hours waiting for someone to come use what I created for them. And I waited, and I waited and ... well you get the picture.

Leeland's picture

Backup and restore worked

Well in a moment of testing need I decided to determine if the backups where working. So I took a backup of the database and restored it to an entirely different database service. I altered the database handler to point at the new database service and kicked the web services.

What a surprise it actually all came back up just like it is supposed to.

I am in shock. Not only are all the forums back in place, the posts are there, the blogs are there and all the test user data is there too.

Leeland's picture

A command line google search interface

This is pretty interesting. In that it works. I wonder if it will get blocked by some corporate firewalls as it is a means to bypass content filtering right now...


Leeland's picture

Agile Modile-Driven Development

A rather interesting message set went by today on model driven development. The article referenced is worth a read.

From Scott W. Ambler (Tuesday, June 3, 2008, at 6:35:39 AM):

In the current issue of Better Software Celso Gonzalez and I have an article entitled "Agile Model-Driven Development: Scaling Agile to Meet the Needs of Real-World Projects". The URL is http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0608/

Leeland's picture

At Last The Static Stuff Is WorkingAt Last The Static Stuff Is Working

Oh what a relief, I was trying to figure out why none of the static elements of the site were working. Well not really. I was actually trying to determine how the templates get all wrangled up when I noticed a lot of 404 error messages in the log files. Which is when I figured out why some of the site's interfaces were not working exactly right.

Leeland's picture

How Much To Charge For Consulting

Standing there asking people for money is not an easy thing to do. Even more important is figuring out how much to charge. A lot of people feel guilty and charge far less then they should. Further you always feel like "man if I charge more I wont get hired." Well take it from me there is an upper limit, but it is higher then you probably think. I have personally seen consultants with only a few years experience charge $250 / hour and get large contracts, while really smart people charging only $50 / hour are always on the verge of starving.

Leeland's picture

Weekend well spent

Back at the job and code crawling. Got more done this weekend on my site project then I did in the last year. Of course a new kid will always crush your schedule for a couple of years. So not really complaining.

The main page now shows the site goals. I think I need to expand on those a little bit. But first I need to figure out how to integrate a source code control system. I want to be able to get at my source code from anywhere and I definitely want to be able to publish parts of it here.

Thread Slivers eBook at Amazon

Syndicate content