Many people I speak with don’t have a security mindset, not because they aren’t aware of security, but rather that it doesn’t play a role in their life. As computers become more involved in our everyday lives, we all need to understand the security implications and defend against attacks. The only proper way to defend against something is to understand how it is attacked. I’ll paraphrase a tweet I saw on Twitter 1 about security, “An attacker uses maps, but defenders use lists.” To explain what this means in security terms, let’s look at the definition of those terms. ...

At Unbounce, we have recently started using Terraform for creating our AWS infrastructure. It is working well for our needs but it does have some sharp edges, which is expected as it is a young project. The other configuration tooling we use is Cloudformation, and we provide its templates to the software development teams to use because its commands are fairly simple (and documentation is plentiful). Until our team can come up with a good user experience when working with Terraform, we will keep it for our internal infrastructure projects. That being said, we have put together some best practices for working with Terraform and keeping its scripts organized. ...

I’ll state my bias up front: I do not like interview take-home projects. I do not like them, Sam I am. They are exploitative, they lack any ability to show realistic software development, and they shift the cost from the employer to the candidate. Recently I interviewed at a friend’s startup. I went through 2 phone screens and everything was going well. It was the kind of interviewing that I like, where the process is treated as a discussion. Then I was asked if I would mind doing a small project for them. Instead of giving a resounding “yes”, I said “maybe, what kind of project” as a terrible way of weaseling out of me saying no 1. It’s hard being put on the spot during an interview. Honestly, I should have had the guts to say no, but we don’t all act ourselves when in these situations (interviews are already an unnatural setting). I was told the project was intended to take “1 day” to implement and the assignment details were emailed to me a few hours after the phone screen. ...

I was talking with one of my mentees last week and we happened upon the topic of money and wages. I mentioned to him that, in order to talk about money properly, you have to define the word “expensive.” Naturally, people think the word “expensive” means that the price of something is too high, but the problem with this definition is that it lacks context. I explained it to my mentee in this way. ...

Note: This article assumes a working knowledge of rbenv. Installing rbenv (a Ruby version manager) on a Raspbian-based Raspberry Pi is a bit difficult because the base Debian ruby-build package does not provide you with an up-to-date list of Ruby versions. To workaround this issue, you can easily install ruby-build yourself, instead of relying on the official Debian packages. I’m not a fan of the official rbenv package in the Debian repositories because it tries to install too many things (namely Ruby 1.8 for some reason), and I also don’t like to install rbenv system-wide, so let’s start by installing rbenv to our local user. ...

Here is a quick tip on how to install the pg ruby gem on OSX if you only have Postgres.app installed. First, if you attempt to install the pg gem it will fail with: $ gem install pg Fetching: pg-0.17.1.gem (100%) Building native extensions. This could take a while... ERROR: Error installing pg: ERROR: Failed to build gem native extension. /Users/me/.rbenv/versions/2.1.5/bin/ruby extconf.rb checking for pg_config... no No pg_config... trying anyway. If building fails, please try again with --with-pg-config=/path/to/pg_config checking for libpq-fe.h... no Can't find the 'libpq-fe.h header *** extconf.rb failed *** If you search for solutions to this issue you will undoubtedly be told to install the postgresql package from Homebrew. That’s nice, but you already have the Postgres.app and you don’t want to maintain 2 versions of the same application on your machine (it is also not isolated, and can cause port conflicts). ...

R-E-S-P-E-C-T, find out what it means to me. - Aretha Franklin I’m feeling a bit crabby this morning, perhaps because I had to deal with a take-home exercise that passed for an interview. But that’s another story. Today I want to focus on respect and how the software industry is mishandling it. To service the above quote, I also want to provide some insight into how I, just your average humble software developer, choose to define the term. ...

There are many ways to navigate a website these days, especially on mobile where you can swipe, pinch, and touch. But what about the people on Desktops that use keyboards? Let’s be nice to them. One trait of seasoned computer users that I’ve seen is that they start to use their mouse less often and rely more heavily on keyboard shortcuts. When it comes to reading websites, you can scroll with your arrow keys, but what about jumping to relevant sections on a web page? You could use the PgUp and PgDown keys on your keyboard, however many people now use laptops, and those keys are buried in a Control/Function-key combination, so I doubt they get much use (I don’t have data on this, it’s merely from my own experience). ...

One best practice that I rarely see used by companies is a version file that denotes what is currently in Production. Let’s step back a bit and use a real-life situation. A company released a new version of their Web application to Production from master (using the git-flow model). Some hours go by and its now late into the night when the application fails. Unfortunately, all of the developers are now at home and only the poor operator (who is on-call support) is left wondering what happened. The software didn’t fail in the test environment, what could possibly have gone wrong. ...

I recently stumbed across an gotcha with Ansible that I wasn’t aware of. It happened when I was writing notification handlers that should run after a new version of code is downloaded to a server. In my task file I was downloading (via Git) the latest code from the repository: --- # roles/app-code/tasks/install_code.yml - name: ensure code repository is downloaded git: > accept_hostkey=yes key_file={{ app_code_bitbucket_private_key_file }} repo={{ app_code_git_repository }} dest={{ app_code_home_dir }} version={{ app_code_git_version }} sudo: yes sudo_user: '{{ app_user_name }}' notify: - update gems - precompile assets - add hash marker file - restart app server Whenever new code is downloaded to the system, the task will show CHANGED and each notification handler will be called. In this case, we want each notification to happen in a specific order because you don’t want to restart the application server before the assets and third-party libraries are configured. In this case, using an array may not execute the handlers in this order even though you’d expect it to. ...