Author Archive

« Older Entries
Newer Entries »

Why do people completely ignore Security?

Tim Wintle - January 27th, 2010

When it comes to security, I’m often shocked by how much people are won over by a little social engineering – but I was even more shocked this morning.

Here are some regular examples of things we routinely see people do – all of which are potentially highly dangerous, and could easily lead to an attacker stealing your bank details, work information, or your entire computer:

  • Open files attached to emails (.swf, .pdf, .doc, .wmv, .sh to name a few) We all know never to open a file we’ve been sent unless the email has been digitally signed right? But how many people actually sign their emails?
  • Embedding content from another domain into your website (pulling a .swf, .js, .class, or even .gif file from another domain can give the other website owner control over what happens on your site)
  • Emailing log-in details. (emails are sent as plain text – if either of you are on wireless, then anyone within 100 meters or so of you can see exactly what’s been sent with some very basic tools)

But what I saw today was even more shocking (to me) – I was invited to join a facebook group, ostensibly to help find a couple who lost thier camera (there’s no reason to suppose that’s not actually what the group is doing, so feel free to go ahead and join).

When I looked at the page, it has this message:

TO MASS INVITE
1)Click "Invite people to join"
2)Delete all the text in your address bar and replace it with the following
javascript:elms=document.getElementById('friends').getElementsByTagName('li');
for(var fid in elms){if(typeof elms[fid] === 'object'){fs.click(elms[fid]);}}
Then hit enter

In fact, looking at the code, that does look like it does what it says on the tin, so nothing dangerous – “what’s the big deal” you might ask?

Well that message is asking you to paste executable source code into your browser, which will run the code as if it was code trusted by facebook

i.e. whatever code you paste into your browser window, can do whatever it wants to do with your facebook account – and I suspect very very few of the people who followed the instructions actually understood exactly what the code was going to do – although I know for a fact that a lot of people did follow the instructions.

So that’s another one to add to the list – Never copy and paste anything into your browser that doesn’t begin with http: or https:

Posted in Doing Business in Public, How We Work | No Comments »

Following over 150 people? Then you’re not listening

Tim Wintle - January 25th, 2010

Interesting news today as a Oxford university researcher who’s pointed out that the human brain is only capable of dealing with 150 social relationships.

Robin Dunbar, the researcher involved, is the namesake of “Dunbar’s number” – suggesting our neocortex is only capable of managing a maximum of 150 social connections.

According to several news reports, he’s currently studying social networking sites such as facebook, and preliminary results suggest that they show exactly the same pattern.

So what about people who follow thousands of people on twitter? Well his work seems to suggest that those people simply can’t be listening to the majority of them – although there may be up to 150 people (including contacts not on twitter) who they have a real social connection with.

Posted in Shipping News | 3 Comments »

Python tip: zcd

Tim Wintle - December 16th, 2009

Another developer here suggested this to me (Thanks Rich!) – but every time I use it I think it’s really useful, so I thought I’d share it.

When you’re working with a python package like “product.section.part”, you end up with a directory tree like so:

product.section.part
    + product
        + section
            + part
               - module.py

Now, navigating through these directories is a pain – each time you want to edit module.py, you find yourself typing something like:

cd p[tab]p[tab]/s[tab]p[tab]
[editor] m[tab]
# (the "/" is required to get past the .egg-info file)
# i.e. this expands to
$ cd product.section.part/section/part/
$ [editor] module.py

Rich simply added a simple function to my .bashrc to do this automatically – so I now type

zcd p[tab]
editor m[tab]

#i.e. this expands to
$ zcd product.section.part/
$ [editor] module.py

- It’s much simpler, and makes moving between packages that little bit nicer !
Here’s the script to add to your ~/.bashrc:

function zcd() {
     X=`echo $1 | sed -e "s/\\./\\//g"`
     cd $1/$X
 }

Posted in Developer | 3 Comments »

The Greatest Web Framework ever!

Tim Wintle - December 10th, 2009

Here’s a question for the non-developers among our readers:

What web framework is this a screen-shot of?

mce1 The Greatest Web Framework ever!

Answer:

(If you answered “Wordpress” you’re wrong)

- it’s actually from something called TinyMCE – which happens to be used for editing blog posts as part of wordpress – but it’s certainly not “wordpress” – it’s commonly used when building all kinds of sites – using all kinds of frameworks.

What wordpress actually looks like (for the people who build wordpress sites):

Wordpress:

wp The Greatest Web Framework ever!

You may not have got much from looking at that screen-shot – so, for comparison, here are what two other common web frameworks look like to the people that use them to build websites:

Turbogears:

turbogears The Greatest Web Framework ever!

Drupal:

drupal1 The Greatest Web Framework ever!

The chances are that you probably wouldn’t have been able to guess which one of those was which [unless you are a developer who has worked on one or more of them for an extended period of time].

Which brings me back to the post title – What is the greatest web framework ever?

Well that depends on what you’ve got experience with, and what site you want to build.

So What’s the best?

For some reason, people often seem to thing there’s a golden bullet to solve all their problems – both developers and clients. During a discussion the other day I likened this argument to saying

“Excel is great – it’s the best Application ever”

- and from that point forward only using Excel – for anything.

You want to play some music while you work, so you fire up Excel, and start rocking out – Sure, some might say that Excel just isn’t as good at playing music as iTunes – but you carry on because “It’s the best Application ever”

Then you want to check your emails – so you fire up Excel again (Your colleagues are sniggering behind you as you ask the jumping paperclip how many new emails you’ve had today – but you use it all the same…)

Oh hang on – you don’t!

Yet as developers we often find that we’re required to build a site using a specific technology – because “It’s the best application ever”

Some examples:

If you’re creating a blog then wordpress is really great – if you’re editing a blog post then there’s a TinyMCE already built-in, along with blog comments, and the ability to list blog posts in reverse-chronological order on the frontpage. If you don’t want those features – or you want other features, then you’re going to have to start building those things from scratch – that means no easy-editing form, no automatic page generation etc (unless you code it yourself).

Google Wave is written using GWT – which is a great tool for their specific requirements as it lets you design web applications that look like desktop applications in a very nice manner (if you’re a pythonista then you’d probably try something like pyjamas for that).

One of the web apps I spend a lot of time in is written in a mixture of Python and ANSI C (no web framework at all) – and that’s the best decision for that application and it’s requirements.

Another project I work on is in Zope – and another one is based around the Shindig OpenSocial framework – again, they’re the right frameworks for the tasks at hand

- and they’re all different because the tasks are all different.

Posted in Developer, How We Work | No Comments »

Multiple python versions – collective.buildbot

Tim Wintle - December 7th, 2009

One of the applications I work on recently dropped support for python 2.4 – and much to my surprise I found out buildbot was failing – despite the instructions to use the 2.5 interpreter.

We had the following code as part of the a collective.buildout:project configuration:


build-sequence =
          python2.5 bootstrap.py
          ./bin/buildout -t 50
test-sequence =
          python2.5 bin/tests -v --v

But looking at the logs, this was being re-written to use “python” (i.e. the version the buildslave was running on) during the buildout.

I guess I could have created separate buildouts for 2.5 /2.6 buildslaves for these projects – but having one buildbot buildout is just simpler.

I found that calling python by it’s full path in the configuration has avoided this issue – although it does mean maintaining different project sections for different python versions.

i.e.


build-sequence =
          /usr/local/bin/python2.5 bootstrap.py
          ./bin/buildout -t 50
test-sequence =
          /usr/local/bin/python2.5 bin/tests -v --v

Posted in Developer, Doing Business in Public | 2 Comments »

Browser usage stats – Windows 7

Tim Wintle - December 2nd, 2009

I’ve just released our browser statistics for 2009 over on the viral ad network blog – but I thought I’d cross-post this here.

I found this chart quite amazing – it seems that users on Windows 7 have chosen Firefox over Internet Explorer.

Are we only seeing statistics for technical users of Windows 7 (i.e. those who upgraded early)? I don’t know – but here’s the chart:

windows 7 web browser share 2009 Browser usage stats Windows 7

windows-7-web-browser-share-2009

(more stats are here)

Posted in Developer, Doing Business in Public | No Comments »

CRU hacked

Tim Wintle - November 21st, 2009

I’m amazed that this has barely been fully covered in the UK press, but the Climate Research Unit at the University of East Anglia has been hacked, and a large amount of data (and emails) released onto the web?

Why is this so interesting? Well for one thing, the CRU have come under question quite a lot in the past for refusing access to their raw data – effectively refusing other scientists the chance to validate or reject their research. The Wall Street journal has read the emails released, and reports:

“Many of the email exchanges discussed ways to decline such [FOIA] requests for information, on the grounds that the data was confidential or was intellectual property. In other email exchanges related to the FOIA requests, some U.K. researchers asked foreign scientists to delete all emails related to their work for the upcoming IPCC summary. In others, they discussed boycotting scientific journals that require them to make their data public.”

Now a lot of the data is publicly available, it will be interesting to see what independent researchers make of the data.

The leak is also incredibly important because the CRU is one of the main research departments in the world on climate change – and it’s research changes both public and national opinion.

Posted in Misc | No Comments »

Closure Compiler – Javascript optimising compiler

Tim Wintle - November 20th, 2009

While I still haven’t got around to releasing my python port of the yui-compressor (I will soon, I promise), my plan had originally been to extend the compressor into an optimising compiler for javascript – but I  just stumbled upon the a Google project that seems to have beaten me to it.

The Closure Compiler (google code page) does exactly that – it takes your javascripts and optimises them for both filesize and run-time.

I haven’t looked too deep yet, but it seems that it uses the parser from Rhino, and augments it with an implementation of a javascript AST, and an optimiser that works on the generated AST.

The Closure compiler is written in Java – anyone who feels like working on a python version is likely to find pynoceros (the python version of Rhino’s parser I annouced a few weeks ago) useful.

Tags:
Posted in Developer | 2 Comments »

Dilbert does cloud computing

Tim Wintle - November 19th, 2009

Dilbert.com

Posted in Shipping News | No Comments »

Optimisation – it’s sometimes needed.

Tim Wintle - November 10th, 2009

Here at Team Rubber, we pride ourselves on working in a fairly agile manner. For the viral ad network in particular, this means that the most important thing at the end of an iteration is to ship working features, rather than to wait until everything is perfect before shipping.

As a side effect of this, optimisation is generally left until it becomes a noticeable issue. Obviously we worry about the complexity of our algorithms, and not designing ourselves into a corner – but I’m generally happy to take a constant speed reduction in exchange for faster development.

The code I’ve been working on this iteration was a different story, however, and I thought this story might be useful to people in the same situation.

My first implementation took about six CPU hours (in userspace alone!) to process just 1.5 Gb of data. Sure it scales sub-linearly, but I don’t want to have to bring loads of extra hardware on-line just to support this program.

The first thing to look at was the profiling information. pstats showed me that we were spending over 35 minutes looking up entries in my custom cache class – which is shared between different applications. This has a knock-on effects on the rest of the system as our cached items have to expire within a set time – this 35 minute delay means at least 10,000 extra (expensive) cache misses during this run. Each cache miss takes an average of 0.03 CPU seconds, so that’s an extra five minutes on top

(more…)

Posted in Developer, How We Work | 2 Comments »

« Older Entries
Newer Entries »