Nearly four years ago, I moved West to join Mozilla. About a year later, I moved East to come home to New York. I consider those two of the best changes I’ve ever made. Now Spring is here again and it’s time for another change. Last week, I announced to the company that I...
Read more →This list of resources is meant as a companion to the talk I gave at DjangoCon 2012, but it should stand on its own as a useful list for Django developers. Best Practices? What are “best practices,” anyway? The internet loves to debate these things. For us, think of it as the collective team...
Read more →NB: This is the tenth post in a series of posts on web application security. “Mass assignment”? That’s a Rails thing! GitHub was the recent, high-profile target of an “attack”—it wasn’t so much a vicious attack as a “hey you guys, this is serious” attack, really gray-hat at its darkest—that made use of a...
Read more →NB: This is the ninth post in a series of posts on web application security. Rounding out this week is the last, but perhaps most important part of the basic security series: staying up to date. Keeping everything up-to-date is a pain. You have to follow the latest versions of everything you use. And...
Read more →NB: This is the eighth post in a series of posts on web application security. Click-jacking is a process of “stealing” clicks on your site, redirecting them to other places, either by using an XSS vector to replace the targets of links (or whole sections of the page) or by putting your page in...
Read more →