Programming

(About) 425 days ago (at the time of this writing) I started scraping Hacker News via its shiny new API. And then I promptly forgot about it. That is, until I noticed my cronjob had been throwing errors constantly for a few weeks:

Instead of fixing anything, I just commented out the cronjob. But now I feel somewhat obligated to do at least a rudimentary analysis of this data. In keeping with my extreme negligence/laziness throughout this project, I hacked together a few bash commands to do just that.

At the risk of spoiling a somewhat-well-known XSS game, I want to share an XSS vector I had never thought of before it forced me to. The premise of this level was, essentially, that you couldn’t use any letters whatsoever in the attack vector, and you had to call alert(1).

So, without further ado, here it is:

What a mess, right?! What the hell are we doing here? Let’s take it piece-by-piece.

I recently hacked together a little 300-line bash script to manage my dotfiles called dot-man . Basically, it will let you manage your dotfiles in a git repository, and you can run it every so often to keep your local / remote dotfiles up to date.

Install is as simple as:

Let me know what you think! You can find me on Twitter @ccneill .

Recently, while looking at a JavaScript function intended to generate a cryptographically-secure random IV to be used in AES-GCM, I noticed something interesting which I immediately suspected was not unique to this project. Sure enough, Matt, my awesome colleague, sent me a link to a how-to article describing the process of generating random values in Node.js that included the exact same quirk.

Here is their example (with minor edits so as not to call out the author of that how-to post too explicitly):

I’m happy to announce the latest version of a project that the Security Engineering team at Rackspace has been working on: DefectDojo ! DefectDojo is an open source defect tracking system that was created by our team to keep up with security engagements, but it can be useful for tracking any type of application testing. It supports functionality like Finding templates, PDF report generation, metrics graphs, charts, and some self-service tools for doing port scans, for example.

Earlier today I wanted to explore using Growl / GNTP to listen for notifications from a remote server. I checked out the Growl developer bindings page, found the Python implementation , and started working on a simple app to send me notifications about various things.

I was planning on running this on my server so I could also interface with Twilio and accept callbacks, without having to expose a webserver on my local machine to the internet. To do this, I was going to accept remote notifications in Growl using a password. I realized pretty quickly this was a worse idea.

My last Nuggets post, “50 Linux Resources for Developers ” was pretty well-received, so I figured I’d try to do the same thing I did there for Node.js . Hopefully something here gives you some inspiration to make the next great Javascript app. It’s not meant to be an all-inclusive guide to learning Node, but more of a look at my journey with Node and some things I’ve found useful which you might find useful as well.

I try to always bookmark interesting things I find as I bumble around the internet. I’ve collected thousands of bookmarks over the years, and I want to share some of the cool stuff I’ve found. I call these Nuggets .

Today, I want to bring you a list of links that might help you on your path to understanding and appreciating Linux. I don’t consider myself some wizened Linux guru, but I have spent many, many hours looking for guides and tools to make my life easier while using it.

The other day I re-discovered this post by Joel Spolsky on Hacker News, entitled " Victory Lap for Ask Patents ." I saw it when he originally posted it a while back, but it didn’t resonate with me at the time.

But re-reading it today, I realized how great an opportunity we, as software developers, have to force patent reform by actively contributing to this project. Ask Patents , if you haven’t heard of it, is a StackExchange site where you can ask questions about patents, or, in my case, respond to requests for prior art that invalidate an overly-broad patent. In my case, I focus on software patents.

You might want to grab a cup of coffee #

My last article about the importance of getting started on your programming education is my most-read article on Medium so far. Like anything in my life, my writing is an experiment. When I see as many people getting excited about programming as I have because of this, it excites me too, and tells me I’ve hit a nerve.