Posts

A New Serverless Look

Until recently, I had no reason to build anything elaborate with a serverless architecture. Yet it's everywhere now! There's  Amplify , Netflify , JAM , SAM , lambdas , workers and more to learn about. A few weeks ago on another stuck-inside pandemic Saturday, it felt like a good time to experiment with  Gatsby . The documentation is great, and there are plenty of articles and great community resources available. I wanted to find a theme or examples of pulling in Markdown files which I'd populate the files with notes, code snippets, and other handy references I've collected related to infosec recently. Then over time maybe dig through years of scattered snippets of knowledge that I find myself reaching for, like "that link to a presentation about the history of browser privacy standards that I know I saved somewhere!!!" among other greatest hits. The Quick Start in the official docs provided an easy cli installation and familiar directory structure.

Changing PDF Metadata with Python

While updating a pdf recently, I noticed some metadata I wanted to change and a few annotations that were hidden from view but still in the file. However, the "Get Info" pane in Preview on OS X doesn't provide a metadata editor, nor does its Export function, so it seemed like a good opportunity to learn a bit more about the PDF standard and Python packages for getting the job done. Adobe Acrobat or other GUI's would've been much faster, but I'll likely need to do this programmatically again at some point like those of you who might've found this post by looking on your favorite privacy-preserving search engine for "change pdf metadata in python". So here we go. Before starting, I hopped into a new folder and created a git repository with a first commit of my original pdf in case anything went wrong. Then I ran conda create --name pdf --python=3.8.1 and conda activate pdf to set up an Anaconda virtual Environment named pdf to keep my work is

Private Enough

I recently attended a discussion of The Smart Enough City , which got me thinking about what "private enough" online services might mean to people. Privacy is an admittedly slippery concept and your idea of privacy may differ dramatically from mine. Privacy as "contextual integrity"  is one concept that helps address the definitional inconsistencies by focusing on information transfer . However, the scholarly literature which I have great respect for won't be particularly useful in explaining what I'm working on to my relatives at Thanksgiving dinner. A look at some everyday online activities will demonstrate how the battle to make the Internet private enough is coming from many directions. The first elephant in the room is online advertising, which is something I'm not entirely opposed to. It's just the undisclosed third party data sharing without anything that feels like meaningful opt out that’s too invasive. My views lean towards those a

Thinking About BIPA and Machine Learning

One article that really caught my attention recently discussed the use of Creative Commons-licensed images from Flickr as part of the MegaFace dataset for training facial recognition algorithms. Despite its aggressive (but not untrue) title, it highlights the many sides of the questions we the people and we the companies building products with these technologies face confront. Focusing on the licensing, Flickr truly expanded the available commons of openly-licensed images by allowing its community to choose Creative Commons (CC) licenses. Interestingly, the latest version of the most permissive CC license expressly does not license "publicity, privacy, and/or other similar personality rights", yet the licensor agrees not to assert such rights to the extent necessary to support the rest of the license. However, previous versions of this or other CC licenses probably apply to many photos in the data set, and not all of the other licenses contain this language. For the Cre

Looking Ahead

January almost passed without an inaugural post for the year, and clearly the months quickly turn into years! Here's to sticking with New Year's resolutions and polishing up many drafts waiting to see the light of screens 🥂 To start gaining momentum again, below are a few topics and technologies I'd like to spend more time with in the coming year.

Verifying Doubles with ActionMailer in Rails 4

Verifying doubles came out in RSpec 3, and it’s something that always sounded like such a brilliant yet obvious idea - make sure methods you stub actually exist. One friend in particular really stressed how many times this could have saved his tests from false positives. Sure, I thought, but usually I’d just modify something in the real code or modify the expectation to make sure it broke/worked in predictable ways, and move on. Then along came the perfect scenario while working on a little side project. Below is the original spec and the corresponding controller method it's testing. (Things aren't especially DRY and a bunch of expectations are crammed into a single test to make things more explicit for this post.) # spec it 'sends the admin a message about a new order' do   controller.stub(:params).and_return(fake_full_params)   expect(AdminMailer).to receive(:order_confirmation).with(fake_email_params).and_return(Mail::Message.new)   allow

Recent Presentation: Understanding JavaScript in the Browser

I recently gave a short presentation to mostly non-Web developers, on what goes into the soup of the browser platform. I began by covering the many parties involved in standards - the W3C, WhatWG, TC39 committee, and others. Then, I introduced some of the other characters, like each browser vendor's rendering engine and JavaScript engine. It's a lot to keep track of, even just to keep a loose eye on things, not to mention the day-to-day effort (and fun discovery) of the many libraries and frameworks available to solve a problem. tldr - there are a lot of cooks in the Web kitchen. I tried to highlight the great community tools like caniuse.com or csstriggers.com, and later demonstrated a few features of the developer tools, and the idea of the browser as the app platform and the IDE. (the JavaScript profiler, logging and analyzing xhr requests, the timeline, ol' trusty console) I also showed the final example from a great talk, What the heck is the event loop anyway? Fin