Extremely crtical Ruby on Rails bug threatens more than 200,000 sites. Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability in the Ruby on Rails framework that gives remote attackers the ability to execute malicious code on the underlying servers. The bug is present in Rails versions spanning the past six years and in default configurations gives hackers a simple and reliable way to pilfer database contents, run system commands, and cause websites to crash, according to Ben Murphy, one of the developers who has confirmed the vulnerability. As of last week, the framework was used by more than 240,000 websites, including Github, Hulu, and Basecamp, underscoring the seriousness of the threat.
"It is quite bad," Murphy told Ars. "An attack can send a request to any Ruby on Rails sever and then execute arbitrary commands. Even though it's complex, it's reliable, so it will work 100 percent of the time. " The bug stems from the way Rails handles formatted parameters. Advertising, public relations, blog promotion,business promotion, website promotion, social marketing, brand marketing. Remembering Aaron Swartz. Share Aaron Swartz at a Boston Wikipedia Meetup in 2009. By Sage Ross (Flickr: Boston Wiki Meetup), via Wikimedia Commons.
I had other plans for how to spend my Saturday. I had other plans for my next blog post here at The Nation. I remember him contacting me out of the blue—was it in 2005? How long was it before I learned instead that he actually was a ball of pure coruscation, the guy who had just about invented something called an “RSS feed” and a moral philosopher and public-intellectual-without-portfolio and tireless activist and makeshift Internet-era self-help guru and self-employed archivist and what his deeply inadequate New York Times obituary called “an unwavering crusader to make that information free of charge”—and, oh yes, how long was it after I heard from him that I learned that he was, what, 20 years old?
It would have been around then that I started sending him every chapter of Nixonland as soon as it was finished for his editorial input. Poor professor. Handling Growth with Postgres: 5 Tips From Instagram - Instagram Engineering. As we’ve scaled Instagram to an ever-growing number of active users, Postgres has continued to be our solid foundation and the canonical data storage for most of the data created by our users. While less than a year ago, we blogged about how we “stored a lot of data” at Instagram at 90 likes per second, we’re now pushing over 10,000 likes per second at peak–and our fundamental storage technology hasn’t changed.
Over the last two and a half years, we’ve picked up a few tips and tools about scaling Postgres that we wanted to share–things we wish we knew when we first launched Instagram. Some of these are Postgres-specific while others are present in other databases as well. For background on how we’ve horizontally partitioned Postgres, check out our Sharding and IDs at Instagram post. 1. If you find yourself frequently filtering your queries by a particular characteristic, and that characteristic is present in a minority of your rows, partial indexes may be a big win. 2. 4. 5. Applied Philosophy, a.k.a. "Hacking" Every system has two sets of rules: The rules as they are intended or commonly perceived, and the actual rules ("reality"). In most complex systems, the gap between these two sets of rules is huge. Sometimes we catch a glimpse of the truth, and discover the actual rules of a system. Once the actual rules are known, it may be possible to perform "miracles" -- things which violate the perceived rules.
Hacking is most commonly associated with computers, and people who break into or otherwise subvert computer systems are often called hackers. Although this terminology is occasionally disputed, I think it is essentially correct -- these hackers are discovering the actual rules of the computer systems (e.g. buffer overflows), and using them to circumvent the intended rules of the system (typically access controls). The same is true of the hackers who break DRM or other systems of control. Writing clever (or sometimes ugly) code is also described as hacking. Or at least that's how I see it. GRP Excited to add Sam Rosen to Its Ranks. How Did He Get the Role? Hustle. Here’s the Story.
I’m very excited to be finally be able to announce that this week we’ve added Sam Rosen to our ranks at GRP Partners in the role of entrepreneurs-in-residence – EIR. It’s the first EIR that we’ve had in the years that I’ve been with the firm and I hope will be the start of our investment in this program. And it’s the latest in a series of investments we’ve made in building out our practice as the LA technology market continues to grow robustly and attract entrepreneurs and investors. It made me realize that we’ve never properly introduced our associates: We’re excited to continue to grow our investment professional staff and will continue to do so over the course of 2013 & 2014 with our new fund.
So what is an EIR and why Sam? When I sit down to write every week I never really imagine what is going to end up resonating the most with people but it seems I’ve most often been defined by my post that I Invest in Lines, not Dots. Sam in the perfect example. I told him my strong biases. And … “Sam? Go talk to founders who failed at what you're doing. It bothers me when someone tells me about their startup and I ask how it relates to xyz company that did something similar in the past, and they have no idea xyz even existed. It's a negative signal common to first-timers. I realize there is tremendous value in having a fresh perspective. But in startups there are so many paths to failure. If you are going to be a successful heat seeking missile, it really helps to know what has happened in your space and related spaces.
At worst, it will help you avoid mistakes and stay on the right side of crazy. At best, you will uncover secrets that can help you get traction faster. The best way to map your space is to go talk to the founders of xyz company. It's an outlet for them for pent up information and in some cases latent emotions. Thank you David Horowitz for reminding me last night of this great tactic. Shipping vs. Learning - Mark Starkman.
For as long as I can remember, I’ve spent the majority of my spare time to learning new technologies and shipping stuff with what I’ve learned. I love learning new stuff and I’ve always done it under the pretense that I will use my new found knowledge where I work. For the most part that has been a problem for me since my jobs haven’t always lined up with what I wanted to learn. For example, when I was a SQL Server DBA/Developer, I was learning more about web development, specifically Ruby on Rails. Eventually, I did get a job where I was developing in Ruby on Rails. However, at the time of learning, I wasn’t shipping anything with the knowledge, personally or professionally.
To some degree, what I learned went stale and I had to re-learn some of the basics when I started using it for my job. Lately, I’ve begun to change that. Another example of shipping for me is when I created my first Ruby Gem, CanBe. Becoming A Boss. I was watching this Charlie Rose interview with Lena Dunham and I was struck by this line: it’s really intense to be thrust into a managerial position before my time I have seen this a lot in my business and its always your talent for making things that puts you in this spot. And one of the big challenges is that the "managerial position" (as Lena calls it) is often in conflict with the talent for making things that got your there in the first place.
I am not saying that folks who are talented at making things aren't talented at managing people. I have come to believe that most people can be talented at managing people if they want to be. When we had our USV CEO summit last fall, we kicked it off by asking each founder/CEO to open with the one thing they had learned the hard way during the year. One of my favorite stories is about an entrepreneur I visited in his office away from the office. Many artists stick to making and hire a manager to focus on their business. Every day I learn something new... and stupid. Hey kids, did you know that JavaScript doesn't have integers? That's right! All JavaScript numbers (either primitive numbers, or the Number object, and don't even get me started on how stupid it is that there is even a distinction between the two) are actually double floats!
Now, in any Lisp-derived language, you don't expect to have immediate-integers with the full bit-width of the native word size, since a few bits need to be consumed by runtime tagging. If the language implementor is really clever, you can get away with losing only 2 bits, but mostly people are less clever than that, and you lose 5-8 bits, so it's reasonable to expect that MAXINT on a modern computer is at least 2^56, 2^59 being more reasonable. Anyway, the happy-fun-time result of the fact that JavaScript dodged the MAXINT problem by making all numbers be floats means that while there is not technically a MAXINT, you can't actually do meaningful integer arithmetic on anything bigger than 2^53!
7 Tips For Networking Inside a Large Company - Smit Patel's Blog. In September, I was pumped to accept an internship offer from HubSpot. It was a dream because I was huge fan of the founders Dharmesh Shah and Brian Halligan. My goals were to add value, learn a ton and build lasting relationships. With over 400 employees, I needed to figure out a way to meet as many people as humanly possible in my part time working there. This is how I hacked the process: Start early: Don’t wait until your first day at the company to get to know your co-workers. Think scale: Whether its business/startups/marketing, you always need to think about scale/distribution. Instead of networking, I would say that I built relationships at my company. There are several benefits of building relationships inside your company.
Any thoughts or questions? Follow @thesmitpatel. Jared Spool – Build a Winning UX Strategy from the Kano Model. Podcast: Play in new window | Download (Duration: 29:21 — 15.3MB) [ Transcript Available ] The ultimate goal for user experience is that users enjoy using your product or service. Many companies use satisfaction as a metric for measuring their success. But satisfaction is really just the lack of frustration. You should be focused on what you can do to delight your users. In his virtual seminar, Jared presents the Kano Model. The audience asked a bunch of great questions during the live seminar. Is consistency in design a bad thing? Recorded: November, 2012 [ Subscribe to our podcast via ←This link will launch the iTunes application.] [ Subscribe with other podcast applications.] Full Transcript. Adam Churchill: Welcome, everyone, to another edition of the SpoolCast. Jared Spool: Well, thank you. Adam: For those that weren’t with us that day, can you give us an overview of the seminar?
Jared: Yeah. Adam: Very good. Jared: Yeah. Adam: In the File menu? Jared: In the File menu. Adam: “Print.” Yes, learn basic programming. A few people have asked me whether I think programming is a necessary skill for entrepreneurs (or anyone) to have in the future. When I was 14 years old, taking guitar lessons from Tom Pecora, he gave me that this-is-important-so-listen-well look, and told me something that stuck with me for life: “You need to learn to sing.
Because if you don’t, you’re always going to be at the mercy of some asshole singer.” His point of view was from a rock guitarist in the Chicago music scene, trying to put together a band, and all that. But ever since then I’ve applied that point to other areas. When I first started CD Baby, I didn’t know any programming, only basic HTML, and quickly had to cry for someone to help me. Later, when I needed a new computer, my friend Tony Benjamin taught me how to build my own from parts. In the independent musician scene, the DIY ethic is strong, by necessity. So... back to programming: If you heard someone say, “I have this idea for a song. And so comes my advice: Building a Bitcoin (or Folding@Home) mining rig (part1) (These machines were built in the summer of 2011) When I last wrote about Bitcoin, building a mining rig was a very good idea. Today, not so much (depending on how cheaply you can build, whether you have unused hardware you can put to use and how expensive your electricity bill is).
However the method for building monstrous powerful parallel-computing beasts hasn't changed, so it's well worth a blog post. Bitcoins are a distributed, peer-to-peer digital crypto currency. Money, but not as we know it. The machines require a special sort of computational power to process Bitcoin transactions. Think of it this way: When building a computer for gaming, a powerful graphics card is almost always preferable in place of a powerful CPU since the bulk of the workload for graphic-intensive games comes from having to render complex graphics to the display, hundreds of times per second in order to generate a smooth 3D image for a player.
Therefore these machines are built with two design goals in mind: The Technical Lead - The Dob. I’ve spent the better part of the past three years learning on the fly and thinking about how to be an effective technical lead at an early stage startup. Whether the role is called a VP Engineering, a CTO, an Engineering Lead, or something else, its aim remains the same: to build both product and team. Responsibilities can include defining and executing on product, recruiting a talented engineering team, building a strong technical brand, evangelizing the company’s platform, creating a fun and intelligent engineering culture and environment, forecasting for the company’s technical needs in the future, and establishing metrics and criteria for ensuring the the company’s technology is delivering and progressing according to business needs. While all of these things, and many more, are very important, I believe that there are really three overarching themes that the technical lead of a business needs to be thinking about all the time above all else: The technical vision of the company.
Always. Be. Shipping. A lesson from Jacopo da Pontormo, circa 1545. In 1545, an artist named Jacopo da Pontormo was chosen to create a fresco for the church of San Lorenzo in Florence by Duke Cosimo I de'Medici. He cloistered himself in his chapel, closing it off with partitions and curtains so nobody could witness the creation of his masterpiece or steal his ideas. Robert Greene describes Jacopo's story in his classic work 48 Laws of Power: He would outdo Michaelangelo himself. When some young men broke into the chapel out of curiousity, Jacopo sealed it off even further. Jacopo filled the chapel's ceiling with biblical scenes -- the Creation, Adam and Eve, Noah's ark, on and on. One's fear of failure, judgment, or just mistrust of others will often be the very thing that buries a project. A Lesson in Gradual Engagement. Ignore details early on by Jason Fried of 37signals. Figure Out Who’s On Your Team « John’s Blog. Demystifying Mentoring - Amy Gallo - Best Practices.
Does Luck Matter More Than Skill? Experience is everything. 2012. Hard Lessons Learned. | Ben Milne. The path to mastery. Dan McKinley :: Whom the Gods Would Destroy, They First Give Real-time Analytics. Small Experiments, Often. The Rise of the Angels (and the Entrepreneurs) 14 Ways to Contribute to Open Source without Being a Programming Genius or a Rock Star.
It's Like That Because It Has Always Been Like That. How to Give a Great Presentation: Timeless Advice from a Legendary Adman, 1981. Justin - Developer CEO vs Sales Guy CEO. Angel Investing Mistakes. The Mobile Industry Matured In 2012 - And Grew Like Crazy. Autodesk's Partnership With Organovo Will Lead to Printable Organs — But Not Soon | Wired Design. The VC Push to Raise More Money. How to convince anyone. 3 sites pour réaliser une présentation en ligne. Une plainte collective déposée contre Instagram en Californie. Convertir des fichiers HTML en texte. The big picture: What I see for 2013 and beyond.