Wget and long filenames [Vulnerability]

Recently taking a pen-testing course made me realize that security is such an important topic in software design, more so than I ever realized. Being a professional programmer for the last 15 years and attaining both undergraduate and graduate degrees in computer science helped me find only the basics of security. It took getting into the weeds and actually learning exploits to realize the woes of security flaws and in some cases these flaws are added on purpose to solve a problem and in turn end up adding a security risk. I guess in that case the feature was more important than the potential security risk.

Google Chrome 58 making NET::ERR_CERT_COMMON_NAME_INVALID all over the place

We use self signed certificates at LeadSift for our dev and qa servers behind the firewall and have our team just import the certificate into their computers. Recently after months of it working just fine, I got an error on Google Chrome which looked like this.

Attackers might be trying to steal your information from site.dev.leadsift.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

This server could not prove that it is site.dev.leadsift.com; its security certificate is from [missing_subjectAltName]. This may be caused by a misconfiguration or an attacker intercepting your connection. Learn more.

Where are you running from you little cron?!

A tale as long as time, the forgotten cron. During dev we had a cron that we wanted to put in prod right away and ended up putting on a server where it didn’t belong just to get things going. Days later we got the cron installed properly and decided to leave the other one running for a while since there was no harm for this to run twice. It has since become the forgotten cron; except! except that it emailed us at the same time the real one was emailing us. So twice a week we got this extra email that was formatted differently (using older code) and we didn’t bother to stop it. If you didn’t guess from my previous posts, or just from stereotypes of a programmer, I have a “slight” OCD issue. I decided to hunt that little cron down.

Asus RT-N66U broken power switch and how I learnt to stop worrying and love google

Walked into the office this morning to find that there is no wifi. Checked the router and found that the power switch doesn’t turn on. Just keeps flipping back to off. After calling a co-founder and asking her to stop by the store on her way in to pick up a new one. I took the tools and decided to open the router up and see whats making the power button not click closed. Before opening it up I decided to do a quick google search and found that this is a well known issue [1][2][3]! I was amazed how an expensive router can have such a faulty power switch, kind of absurd, shame on you ASUS.

Dear @Hackerrank your platform is buggy

I would like to start by applauding your initiative. Your team has created a really cool site that has this viral feel to it. I got addicted from my first shot. Since I love python, my first competition was the Pythonist2 challenge, I loved it. I believe it went downhill from there for me.

I am currently doing the week of code competition and found a bug that basically threw me out of the competition. Your test cases are not independently run. At least not for python!

Python Memory Footprint

This is a cross listed blog post. I had posted this blog on my company’s blog and wanted to repost here as it is a topic that very few python developers understand. Python has a high memory footprint, understanding that is the key to writing very space efficient python programs.

Note there will be a follow up to this blog post to discuss memory footprint of data structures used by numpy. Numpy has its own set of data structures that can be more efficient depending on the use case. When it comes to scientific computation (matrices, numerical methods, …) and hence Machine Learning (NLP, AI, …) can be much more efficient.

LDAP Groups Conflict

Scratching my head on this for a while, didnt really affect much so never dug deep.

If you have duplicate entries in your /etc/groups or duplicates in general, in our case the same group in /etc/group that was also in ldap. So essentially getent group returns duplicates with different ids. The first entry will take precedence when running chown and other unix utils. Therefore you will get files with a different gid than you would expect.

Slack vs Hipchat

At our company we had used hipchat for a little over 2 years, back when it was charging for when you had more than 5 users. I had previously tried to get the founders to try slack (since it was all the buzz) and failed. Since nothing was broken, I decided that hipchat was good enough for the team.

Recently, around the beginning of this year, one of my co-founders had become very impressed with slack as a company and as a product. He gave it a whirl and got the team to decide to switch to slack. Personally I wanted to try out slack and with the recent outage they had and friends jumping ship, I was pumped to make the switch.

Blogging again

I used to have  a posterous blog (even before it was renamed spaces, and then shutdown post twitter acquisition). What made me post frequently is the ability to easily post by email. Since the shutdown I have posted a few short tidbits on coderwall but nothing substantial. I have been also posting on my company’s blog. I have been procrastinating setting up my own blog ever since then.

Finally I have gotten around to setting up a simple wordpress install with a few plugins to recreate my posterous setup. Namely using postie with an email mailbox that I can post to. I am considering using WordPress Jetpack … but hesitant to do so.