More Details About Heartbleed

If you haven’t yet patched your OpenSSL and regenerated your certs, stop reading and go fix it; it’s OK, I’ll still be here when you get back. All set? OK. I found an interesting analysis of the bug over at this guy Sean Cassidy’s blog. In brief: I have been happy for many years that other people like to write C, because it means both that I get to benefit from their work (basically my entire livelihood is based on the C ecosystem) and also that I generally don’t have to write it myself. :) XKCD 1353 - Heartbleed …

Posted on

PSA: Heartbleed OpenSSL Vulnerability

Over dinner last night one of my friends was talking about an OpenSSL vulnerability that had just been disclosed; this morning I took a closer look and decided that I want to boost the signal a bit The Heartbleed OpenSSL vulnerability affects recent releases of OpenSSL. Affected systems can be made to reveal secret keys; this is arguably one of the worst ways in which an encryption library can fail, and if you are publishing anything that is secured with SSL (e. …

Posted on

PEM Files, for the Last Damn Time

OK, I am tired of forgetting this information and having to re-research it. A PEM file is an X.509 digital certificate, specifically a “Base64 encoded DER certificate” (thank you Wikipedia). The components are concatenated in the following format: Private key (optional) Server certificate Intermediate certificate (optional) Root certificate (optional) or, in other words, cat server.key server.crt ca-bundle.crt >> server.pem. That is my final word on the subject. …

Posted on

The Wolf of Wall Street

As I was buying a cup of coffee this morning, the barista told me that I was wearing the same shirt as a character from The Wolf of Wall Street. It’s one of my favorite shirts, and quite distinctive, so I believe her; now I want to see the movie in order to determine how I feel about this. I’m currently reading A Colossal Failure of Common Sense, to put this in some more context :) …

Posted on

Octopress, S3, and file exclusion

OK, one more quick thing: I knew from the get-go that I wanted to host this blog on S3, and that I wanted to build it with Octopress. One relatively minor conflict between these two tools, though, is that S3 buckets work well for hosting static sites, but Octopress is built on top of Git, and I was sure I didn’t want to be uploading my Git metadata to S3. …

Posted on

Sic Transit Gloria Mundi

First off, hooray for the MBTA’s commuter rail WiFi, which enabled me to both catch my train home and also pay attention to an issue at work which occurred just after I left (especially because I was the proximal cause of the issue :p ). My phone will work in a pinch, but it’s awfully limited compared to my laptop. Double hooray for my Sesame Ring, keeping me from having to repeatedly dig my wallet out of my pocket as I traversed various other public transit methods running errands after work. …

Posted on

You Had One Job

On the way home today I encountered one of our housemates, also homeward bound, and as we came in the front door I was chattering happily about my second day at work. I have tasks! Tasks that I can perform! This is really exciting. I was, however, interrupted mid-sentence by a crash from the hallway, where Elijah (one of our cats) had knocked a box of tissues from the shelf to the floor. …

Posted on

First day at RunKeeper

I’m winding down at the end of my first day at RunKeeper, and I’m still walking on air :) Today started with me apparently being a bit jittery while shaving this morning: and ended with me running (while wearing clogs, ow) to North Station to catch the commuter rail, and today was STILL awesome. It’s really good to work with my old boss Matt again, and I’m really liking the generally happy atmosphere, and the tiny dog wandering around the office, and I’ve already come up with some tasks I want to try to get my arms around in the near future. …

Posted on

GitHub Commit Messages

I’m mad with power! I have CloudFront API access and I’m not afraid to use it! I sound my barbaric yawp over the roofs of the world! Reading the documentation for the Open Source Report Card led me to the following gem: Exploring Expressions of Emotion in GitHub Commit Messages It is exactly what it sounds like; NLP plus stats plus the GitHub datastream. Some of my favorite bits: …

Posted on

Hello World

Apparently it is high time I had an actual blog. …

Posted on