• Just One WebKit

    by  • 3 April 2013

    Disclaimer: My opinion, not my employers, blah blah. You know the drill. Every once in a while, something happens that makes a few people scream: “If only everyone used WebKit, everything would be so much better.” I have two problems with this. One you’ve heard a hundred times (monoculture is bad). The other you...

    Read more →


    by  • 1 April 2013

    There’s an old H. L. Mencken quote that’s popular among mathematicians and programmers: For every complex problem, there’s an answer that is simple, clear, and wrong. But both in math and in programming we strive for elegance, anyway. We want the beautiful, obvious solution—even if it may not have been obvious at all from...

    Read more →

    Working from Home

    by  • 1 March 2013

    I’ve started this more times than I can count. Including twice this week. You’ve read–maybe you know first-hand–the benefits and drawbacks of remote workers and distributed teams. My team works really well, remotely, but that doesn’t mean it’s all sunshine and roses and unicorns. But here’s the thing, the inescapable fact about remoties: The...

    Read more →

    Actually Starting an Open Source Project

    by  • 31 January 2013

    I’m a little late to the party, but I just got around to reading Starting an Open-Source Project and, as someone who has started several reasonably successful projects, I wanted to publicly disagree with, essentially, the entire article. The article outlines seven pretty big steps to take before you can even consider open-sourcing a...

    Read more →

    Web Advent

    by  • 5 December 2012

    I wrote a blog post for Web Advent this year! It’s about making better forms for mobile users. Web Advent is the latest incarnation of PHP Advent. It’s always a great collection of writing and writers. Check it out this month!

    Read more →

    Mozilla’s Security Best Practices

    by  • 4 September 2012

    This list of resources is meant as a companion to the talk I gave at DjangoCon 2012, but it should stand on its own as a useful list for Django developers. Best Practices? What are “best practices,” anyway? The internet loves to debate these things. For us, think of it as the collective team...

    Read more →

    Mass Assignment – Security Part 10

    by  • 9 August 2012

    NB: This is the tenth post in a series of posts on web application security. “Mass assignment”? That’s a Rails thing! GitHub was the recent, high-profile target of an “attack”—it wasn’t so much a vicious attack as a “hey you guys, this is serious” attack, really gray-hat at its darkest—that made use of a...

    Read more →


    by  • 30 July 2012

    I sincerely hope to start the Advanced section of the security series tomorrow or Wednesday, but it’s been a full and hectic weekend and I didn’t have as much time to write as I’d hoped. I still need to finish the first couple of posts and get them queued up.

    Read more →

    Stay Up to Date – Basic Security Part 9

    by  • 27 July 2012

    NB: This is the ninth post in a series of posts on web application security. Rounding out this week is the last, but perhaps most important part of the basic security series: staying up to date. Keeping everything up-to-date is a pain. You have to follow the latest versions of everything you use. And...

    Read more →

    Click-Jacking and a little Phishing – Basic Security Part 8

    by  • 26 July 2012

    NB: This is the eighth post in a series of posts on web application security. Click-jacking is a process of “stealing” clicks on your site, redirecting them to other places, either by using an XSS vector to replace the targets of links (or whole sections of the page) or by putting your page in...

    Read more →