Joe Merante's Blog

(This was written and first published elsewhere in June 2020) Below are some resources that have been useful as I've been exploring the relationship between privacy by design and engineering.

(This was written and first published elsewhere in June 2020) The example below comes from a May 2020 workshop on using CodeQL. To set up CodeQL, you import code into a database to run queries against using the CodeQL language. The results of queries can be viewed inside Visual Studio Code. More resources here . The snippet below checks for potentially unsafe input to $ in jQuery plugins. In the older version of Bootstrap examined in the workshop, an xss vulnerability existed because the library didn't check whether actual DOM elements were being passed to $ , creating an xss sink. For example, when .text() is called in code like $(options.textSrcSelector).text() , an unsafe string passed to $ could be executed by jQuery. The workshop repo suggests one better way to refactor the code. The from/where/select syntax is a little SQL-y, you import javascript to get the autocomplete goodies in VS Code, use classes and predicates to organize and reuse code. Note that = is equalit

(This was written and first published elsewhere in June 2020) A few years ago I got really into d3.js while working on some front end-heavy projects, and still love to see the awesome work shared by its community. (Observable notebooks are 😻)

(This was written and first published elsewhere in June 2020) This concept comes from a book I really enjoyed reading last year, Secure by Design . The authors suggest using a "read-once object" to represent sensitive values to avoid unintentional use or data leakage.

(Update 3/20/2024: If it ain't broke, do the classic developer thing and rebuild it! I've taken the site described below offline, and moved its posts here.) Until recently, I had no reason to build anything elaborate with a serverless architecture. Yet it's everywhere now! There's  Amplify , Netflify , JAM , SAM , lambdas , workers and more to learn about.

While updating a pdf recently, I noticed some metadata I wanted to change and a few annotations that were hidden from view but still in the file. However, the "Get Info" pane in Preview on OS X doesn't provide a metadata editor, nor does its Export function, so it seemed like a good opportunity to learn a bit more about the PDF standard and Python packages for getting the job done. Adobe Acrobat or other GUI's would've been much faster, but I'll likely need to do this programmatically again at some point like those of you who might've found this post by looking on your favorite privacy-preserving search engine for "change pdf metadata in python". So here we go. Before starting, I hopped into a new folder and created a git repository with a first commit of my original pdf in case anything went wrong. Then I ran conda create --name pdf --python=3.8.1 and conda activate pdf to set up an Anaconda virtual Environment named pdf to keep my work is