How We Broke the Internet with 12 Characters

Ok well, maybe saying we broke the internet is a bit heavy handed. But now that you are reading…

The other day we ran into POODLE. This POODLE is not to be confused with one of our four legged friends - a Poodle. No, I am refering to this POODLE - Padding Oracle On Downgraded Legacy Encryption.

Here’s the quick on POODLE: An old security protocol, still widely used on the internet, was discovered to have a nasty security vulnerability. This is another recent OpenSSL vulnerability (see Heartbleed). Basically, no one should be using SSLv3 because it is considered legacy. Lots of parts, pieces and tools still do - including ours.

Why an API Developer Should Care About Big Data Technologies

As developers we have to be careful not to be so narrowly focused on our immediate responsibility that we lose sight of the bigger picture. In pursuit of serving up the almighty contract, care must be taken to not overlook design decisions that are almost certainly going to have negative performance implications. One such implication revolves around fetching and presenting data from a database.

This problem seems rather cut and dry - its been done for decades after all. The consumer sends a request, the API fetches the data from the database and sends it to the consumer. Simple? Agreed, until sub-300 millisecond service level agreements come into play and the database(s) has many millions of artifacts stored in it. Now we have design considerations that are no longer trivial.

First Post

I have begun to rework my blog. So I found this nodejs project that generates static files for a blog. Checkout Hexo.

Thanks go to hustcer and his hexo air theme. His minimal design suites me.

More to come…

Hiring Problems

The great double-edged sword at a startup is the fact that I must wear multiple hats. The hardest hat for me to wear is by far the ‘people’ hat. This is the hat that manages people, leads people, instructs people and empowers people.

Computers are easy. They only do exactly what some person somewhere instructs them to do. They execute the instructions I give them. I use the instructions someone else to gave me so I can get at the guts of the machine. Outside of mechanical failure, when things go wrong, the machine is still executing the instructions someone gave it.

People though - they are different all together.

Handling a Compressed Response in Node.js

So I ran across this problem when trying to consume a RESTful service. I couldn’t figure out why I was seeing nice response bodies in Advanced REST client but in the Node debugger, a bunch of noise. Eventually I saw this in the response header:

‘content-encoding’: ‘gzip’

That’s when it dawned on me what was happening. This response header was telling me that the server was sending back compressed data. So I spent some time chasing down how to gunzip in Node. Interestingly, my requests never asked for compressed http. A brief overview of http compression can be found here.