Next for NextUp In late 2008 or early 2009, Ben and I were in a recurring status meeting—these days we’d call it a stand-up—that tended to run long. So we mashed up his
automation Don't Do, Write Setting up a new server? Adding a new user? Installing a new package? Running a new service? Don’t do it, write it. It doesn’t really matter how or where you write
dinner TIC #sttp Today I cooked (“TIC”) dinner. I am always looking for simple things I can do in 1-2 pans and 10-20 minutes with no left overs. I used Pasta Butter Beech Mushrooms† Garlic Thyme
bitly Onward.ly! Later this month I will be joining the Bitly team! I am extremely excited to be joining such an amazing group working on a product that touches so much of the web, one
culture Valley vs Alley In an interview in New York recently, I got one of my favorite questions ever: “Besides technical things and coding, what’s something you’ve done that you’re proud of or happy
identity Pseudonymity and Consequences For the past few years, whenever anonymity and pseudonymity come up, I’ve thrown a sidelong glance at TodaysMeet. TodaysMeet is a tool for semi-private, semi-anonymous, ephemeral back channel conversations (in other words,
cas Simple out-of-process lock with Python and Memcached On TodaysMeet I need to check that a name is not in use before creating a new record. Unfortunately, because names can be reused over time, I can’t create a UNIQUE key
administration Using supervisorctl with linux permissions but without root or sudo I love supervisord, it’s been a fantastic way to manage things like gunicorn and celery processes. But I didn’t like that I needed to use sudo to restart a running server,
Quo Vado? “Where am I going?” I didn’t intend to be annoyingly coy or secretive. There is no bag, and certainly no cat to let out of it. I’m not going to some
Life A New Chapter Nearly four years ago, I moved West to join Mozilla. About a year later, I moved East to come home to New York. I consider those two of the best changes I’ve
Our Daily Errors Over the past 24 hours, support.mozilla.org has recorded a few dozen errors. That’s pretty good. In the past three days, it’s more like a few hundred. These are sporadic,
browser Just One WebKit Disclaimer: My opinion, not my employers, blah blah. You know the drill. Every once in a while, something happens that makes a few people scream: “If only everyone used WebKit, everything would be
Elegance There’s an old H. L. Mencken quote that’s popular among mathematicians and programmers: For every complex problem, there’s an answer that is simple, clear, and wrong. But both in math
remote Working from Home I’ve started this more times than I can count. Including twice this week. You’ve read–maybe you know first-hand–the benefits and drawbacks of remote workers and distributed teams. My team
Code Actually Starting an Open Source Project I’m a little late to the party, but I just got around to reading Starting an Open-Source Project and, as someone who has started several reasonably successful projects, I wanted to publicly
forms Web Advent I wrote a blog post for Web Advent this year! It’s about making better forms for mobile users. Web Advent is the latest incarnation of PHP Advent. It’s always a great
django Mozilla's Security Best Practices This list of resources is meant as a companion to the talk I gave at DjangoCon 2012, but it should stand on its own as a useful list for Django developers. Best Practices?
django Mass Assignment - Security Part 10 NB: This is the tenth post in a series of posts on web application security. “Mass assignment”? That’s a Rails thing! GitHub was the recent, high-profile target of an “attack”—it wasn’
django-nyc-security Intermission I sincerely hope to start the Advanced section of the security series tomorrow or Wednesday, but it’s been a full and hectic weekend and I didn’t have as much time to
django Stay Up to Date - Basic Security Part 9 NB: This is the ninth post in a series of posts on web application security. Rounding out this week is the last, but perhaps most important part of the basic security series: staying
click-jacking Click-Jacking and a little Phishing - Basic Security Part 8 NB: This is the eighth post in a series of posts on web application security. Click-jacking is a process of “stealing” clicks on your site, redirecting them to other places, either by using
django Server Configuration - Basic Security Part 7 NB: This is the seventh post in a series of posts on web application security. Configuring a server correctly is both 1) hard and 2) critical. You’ve probably spent a bunch of
django Session Fixation and Hijacking - Basic Security Part 6 NB: This is the sixth post in a series of posts on web application security. Don’t put session IDs in the URL. Django explicitly does not support this because it’s just
access control Access Control - Basic Security Part 5 NB: This is the fifth post in a series of posts on web application security. Proper access control is an absolutely key part of web app security and is easily overlooked—possibly because
django Injections, SQL and otherwise - Basic Security Part 4 NB: This is the fourth post in a series of posts on web application security. SQL Injection SQL injection is a vector that lets a user insert their own SQL into a statement
