07 Jun

Presentation on Unit Testing Inertia

I gave a talk on Tuesday at the Las Vegas PHP Meetup Group titled Unit Testing Inertia.

The basis of the talk was getting over the inertia in writing tests in either a pre-existing application or just getting started writing unit tests in general. It went over very well with a good question and answer session afterwards. While I didn’t spend as much time prepping for this talk, I was comfortable enough with the material (and helped there was no code involved) that it was a solid presentation.

The short summary of the talk is for every new method/bug-fix/feature written, write a test for something else at the same time, and start with the stuff that is easier to test.

I’ve been going through a few different pieces of software for writing and displaying my presentations and this is the first time I’ve been really happy with the tool-chain. I used Deckset, which is a Markdown based presentation system with some great looking styles.

Humorous aside, my spelling is atrocious and even though I had to type out “inertia” dozens of times I misspelled it every time and even just now writing this up, I misspelled it every time.

11 Apr

Talks I’ve Given In The Past Few Months

Since moving to Las Vegas, I’ve joined the PHP Users Group. Overall it’s been a great experience meeting people in the community and hearing about more PHP stuff. Since I’ve been there I’ve given a few talks and figured I should list them here.

First up, a talk that was an introduction to CakePHP. Probably my best talk out of the three listed. It was informative, with lots of questions and I knew the material really well (one would hope considering it is my day job).

Next was a talk on Ember.js, this one didn’t turn out so well. I under prepared for it, and it showed. It also didn’t help that I mostly based my talk on a co-worker’s slides. Overall this was novice hour for me. Moral of the story – don’t give talks unless you know the information and don’t try to base a talk using someone else’s work.

Last presentation was one on PHPUnit, which went ok. I knew the material better than the Ember stuff but there were a few weak areas. Overall I think it went pretty well but it could have gone better.

Some random thoughts on public speaking

Public speaking (of a sort) is something that I used to do much more often, it’s been good to stretch that part of my brain over the past few months and get a handle on delivering talks that deal with technical information for a generally technical audience. It is definitely something I want to do more of in the future and to get better at.

Not everyone may want to do this type of thing, but if you are interested in it, I would urge you to give it a shot. It is easier than what you think. I would suggest pick a topic you are very familiar with and can answer questions on the fly about. Feel free if you get a question that you can’t answer to say so, rather than present imprecise information.

07 May

Google’s Buildings Hackable

We reported this issue to the Google Vulnerability Rewards Program (VRP). After much heckling from my former colleagues at Google, they quickly pulled this system offline. We also applaud Google for creating a program like the VRP and giving us the chance to share our story with a wider audience. At the time of this blog post, this exact issue affects tens of thousands of devices on the Internet and thousands of different organizations. Thank you Google for helping us raise awareness on this issue! I asked that any proceeds from the VRP be donated to the Wounded Warrior Project, but apparently this issue doesn’t qualify for VRP rewards.

If you have a corporate campus or a modern building of any sort… you’re likely running similar systems someplace on your network. We’ve already discovered over twenty five thousand of these systems facing the Internet… one down, twenty four thousand, nine hundred, ninety nine to go 🙂

If Google can fall victim to an ICS attack, anyone can.

Hacking systems that control a building infrastructure.

22 Jul

The Word of Notch – On Patents

But there is no way in hell you can convince me that it’s beneficial for society to not share ideas. Ideas are free. They improve on old things, make them better, and this results in all of society being better. Sharing ideas is how we improve.

via The Word of Notch – On Patents. Notch (the guy who started Minecraft) has a really good piece on why patents are a bad idea. My opinion on patents has slowly changed from thinking that just software and business process patents to getting more convinced that patents in general are a bad idea.

21 Feb

Mailinator(tm) Blog – How Mailinator compresses email by 90%

Given the title of this article, the first thing that should pop into your mind is probably – “well, use a compression algorithm – right?”.

Right! Well, yes, well, not exactly. Read on.

via Mailinator(tm) Blog – How Mailinator compresses email by 90%. A fun journey through algorithms to find a solution to getting some awesome compression stats.

16 Feb

ArsTechnica – High Orbits and Slowlorises: understanding the Anonymous attack tools

Most members of Anonymous would prefer to stay, well, anonymous. But as the group has engaged in increasingly high-profile attacks on government and corporate websites, doing so effectively and staying out of harm’s way have become an ever-growing challenge. To protect itself, the group has altered its tactics over the past year to both increase the firepower of its attacks and shield members from the prying eyes of law enforcement.

via ArsTechnica – High Orbits and Slowlorises: understanding the Anonymous attack tools. Fascinating look into both some of the tools Anonymous uses to launch it’s attacks and how it/they attempt to stay anonymous.

15 Feb

Backups, Automated and Off Site

One of the biggest issues in running a server1 is making sure if everything disappears you can be up and running as quickly as possible. So how do I do it?

Simple answer is I use a cron job that runs every day and does daily, weekly and monthly database and file system backups and then pushes those to Amazon S3. I rolled my own bash script to perform the backups and after a few months of both testing and improving it’s ready to be shown off.

The script is extremly simple:

  1. Import config settings from a file
  2. Dump MySQL Databases, gzip and move the file to your backup folder
  3. Dump PostgreSQL Databases, gzip and move the file to your backup folder
  4. Dump MongoDB Databases, gzip and move the file to your backup folder
  5. Tar and gzip the local webroot and move the file to your backup folder
  6. Delete daily backup files older than 7 days from the backup folder
  7. If Monday
    1. Copy just created database and webroot backups to be weekly backups
    2. Delete weekly backup files older than 28 days from the backup folder
  8. If First of Month
    1. Copy just created database and webroot backups to be monthly backups
    2. Delete monthly backup files older than 365 days from the backup folder
  9. Use S3 Tools to essentially rsync the backup folder with an Amazon S3 Bucket

It’s clean, quick and above all has worked without fail for several months now. The slowest part of the process is uploading the files to S3 which has never taken that terribly long. It’s also repeating the mantra from my earlier post of “tar it then sync”.

This method is simple and it seems to work great for most single server setups. I haven’t optimized the database dumps, mainly because that is highly dependent upon your particular use of each. If you have multiple servers or separate database and web servers, why are you taking sys admin advice from me?

It’s available on GitHub: S3_Backup


  1. I use a virtual host from Linode for this site and a few others, they are great. 

24 Jan

inessential.com – Fantastical and language detection

I like this. The best Mac developers have been famous for taking the extra steps. Most people won’t need this — but those who do it will delight.

via inessential.com – Fantastical and language detection. That is practically the definition of great software, causing your users delight in the everyday workings.

19 Jan

TED.com – Defend our freedom to share (or why SOPA is a bad idea)

What does a bill like PIPA/SOPA mean to our shareable world? At the TED offices, Clay Shirky delivers a proper manifesto — a call to defend our freedom to create, discuss, link and share, rather than passively consume.

via TED.com – Defend our freedom to share (or why SOPA is a bad idea). Clay Shirky delivers a clear and cogent history and explanation of PIPA/SOPA, walking through both the intent and what the ramifications of the bill and how it changes the entire legal system under which websites operate. Shirky also makes the very real point that even if PIPA and SOPA are killed (as appears increasingly likely) a bill similar to them will be back.