Wget and long filenames [Vulnerability]

Recently taking a pen-testing course made me realize that security is such an important topic in software design, more so than I ever realized. Being a professional programmer for the last 15 years and attaining both undergraduate and graduate degrees in computer science helped me find only the basics of security. It took getting into the weeds to realize the woes of security flaws and in some cases these flaws are added on purpose (a feature request, where buggy code gets quickly added) to solve a problem and in turn end up adding a security risk. I guess in that case the feature was more important than the potential security risk.

Google Chrome 58 making NET::ERR_CERT_COMMON_NAME_INVALID all over the place

We use self signed certificates at LeadSift for our dev and qa servers behind the firewall and have our team just import the certificate into their computers. Recently after months of it working just fine, I got an error on Google Chrome which looked like this.

Attackers might be trying to steal your information from site.dev.leadsift.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

This server could not prove that it is site.dev.leadsift.com; its security certificate is from [missing_subjectAltName]. This may be caused by a misconfiguration or an attacker intercepting your connection. Learn more.

Where are you running from you little cron?!

A tale as long as time, the forgotten cron. During dev we had a cron that we wanted to put in prod right away and ended up putting on a server where it didn’t belong just to get things going. Days later we got the cron installed properly and decided to leave the other one running for a while since there was no harm for this to run twice. It has since become the forgotten cron; except! except that it emailed us at the same time the real one was emailing us. So twice a week we got this extra email that was formatted differently (using older code) and we didn’t bother to stop it. If you didn’t guess from my previous posts, or just from stereotypes of a programmer, I have a “slight” OCD issue. I decided to hunt that little cron down.

Asus RT-N66U broken power switch and how I learnt to stop worrying and love google

Walked into the office this morning to find that there is no wifi. Checked the router and found that the power switch doesn’t turn on. Just keeps flipping back to off. After calling a co-founder and asking her to stop by the store on her way in to pick up a new one. I took the tools and decided to open the router up and see whats making the power button not click closed. Before opening it up I decided to do a quick google search and found that this is a well known issue [1][2][3]! I was amazed how an expensive router can have such a faulty power switch, kind of absurd, shame on you ASUS.

Dear @Hackerrank your platform is buggy

I would like to start by applauding your initiative. Your team has created a really cool site that has this viral feel to it. I got addicted from my first shot. Since I love python, my first competition was the Pythonist2 challenge, I loved it. I believe it went downhill from there for me.

I am currently doing the week of code competition and found a bug that basically threw me out of the competition. Your test cases are not independently run. At least not for python!

Python Memory Footprint

This is a cross listed blog post. I had posted this blog on my company’s blog and wanted to repost here as it is a topic that very few python developers understand. Python has a high memory footprint, understanding that is the key to writing very space efficient python programs.
Note there will be a follow up to this blog post to discuss memory footprint of data structures used by numpy. Numpy has its own set of data structures that can be more efficient depending on the use case. When it comes to scientific computation (matrices, numerical methods, …) and hence Machine Learning (NLP, AI, …) can be much more efficient.

LDAP Groups Conflict

Scratching my head on this for a while, didnt really affect much so never dug deep.

If you have duplicate entries in your /etc/groups or duplicates in general, in our case the same group in /etc/group that was also in ldap. So essentially getent group returns duplicates with different ids. The first entry will take precedence when running chown and other unix utils. Therefore you will get files with a different gid than you would expect.

Slack vs Hipchat

At our company we had used hipchat for a little over 2 years, back when it was charging for when you had more than 5 users. I had previously tried to get the founders to try slack (since it was all the buzz) and failed. Since nothing was broken, I decided that hipchat was good enough for the team.

Recently, around the beginning of this year, one of my co-founders had become very impressed with slack as a company and as a product. He gave it a whirl and got the team to decide to switch to slack. Personally I wanted to try out slack and with the recent outage they had and friends jumping ship, I was pumped to make the switch.

uWSGI vs Gunicorn


Gunicorn isn’t just “trendy” it actually works really well, in some cases (like mine) works much better than uWSGI. (also it seems that uwsgi is now becoming trendy, so am I just a hipster for switching to the uncool option :P)


I have always been a big fan of the uWSGI project. It has always been my number one choice of deployment of python web apps, running behind nginx as a reverse proxy. I have always checked to see if there is anything better out there and have always decided to stick to uWSGI. Data like [Nicholas 2010] [Kgriffs 2012] [DCramer 2013] made it easy for me to stick to my uWSGI choice and make my argument for uWSGI over the more “trendy” gunicorn [DCramer 2013].