Skip to content

Pestering the nice people at LRUG

Once a year the London Ruby User Group does a session of 20/20 slides. That’s 20 slides, each lasting for 20 seconds and the slide progression is automatic.

Not satisfied with with those already pretty terrifying restrictions, the Boss at Homeflow and I decided to have a go at doing it as a duet.

The general gist of the talk was that both developers and managers want the same thing: a good system. They do, however, disagree about how best to go about this. The talk proposes using software as a service as an excuse for development to do that refactor they very much need to do while at the same time producing tangible value for management.

Here’s the video, to immortalise how tricky I find it to speak for exactly 20 seconds at a time.

Categories: Uncategorized.

Tags: ,

Here and there

The good people over at Rubysource seem content to put up with my ramblings. My first article has not long been out and I think I’ll be able to sneak one or two more past them before they rumble me as an illiterate.

So yeah, that was my cross-linking exercise. Hope you enjoyed it.

Categories: Uncategorized.

Tags: ,

Mass assignment isn’t register_globals

So, as I’m sure you know, Github got hacked. As it turns out, the hack utilized what could easily be seen as a  vulnerability in rails: mass assignment.

As the story broke, I couldn’t help but notice that some people were quick to claim that this is a register_globals level fuckup on the part of the Rails team.

The problem, and solution.

To be clear why this isn’t Rails fault but Github’s fault, let’s look at mass assignment.

Mass assignment works like this, typically:

class User < ActiveRecord::Base
end

class UsersController < ApplicationController
	def update
		User.find(params[:id]).update_attributes(params[:user])
	end
end

Here we’ve said, quite plainly, that we want to find a user and update his attributes with those that we find in params[:user].

Sure, this is convenient, but if we’ve got anything in that User model that we don’t want updated by any POST to our server then we’ll have a security problem. To sort this out we can either manually filter the parameters before you tell active record to update the record or we can use the very handy attr_accessible method on your model.

Why this is not register_globals.

To my mind, this is much more like an SQL injection than register_globals. An SQL injection occurs when you pass unfiltered parameters directly into your persistence layer without any checking, filtering or sanitation. The mass assignment problem is exactly the same.

You’ll notice the code above explicitly states that we’re going to use these unfiltered parameters to update the record – ActiveRecord is doing exactly what we’ve asked of it. Register globals, however, will fuck up our php application unless steps are taken to mitigate though safe variable initialization or ensuring it’s turned off in our php config.

It’s this distinction which places the error on github’s doorstep – if the model is sensitive then this technique isn’t a good choice. The calling of potentially unsafe methods, especially when the method is as clear and obvious as update_attributes, with whatever you get from a POST is absolutely the programmer’s error – not the framework.

Bugs happen and just because popular_website uses popular_framwork does not make every problem that site faces the fault of said framework.

Categories: Uncategorized.

Tags:

Utopia

So, if you’ve seen me at all recently then you’ll have heard me going on about Armoured Boombox, Boids and possibly Buddhists.  This blog post will explain and formalize the relationship between these seemingly unconnected things.

First thing’s first, we’re calling ourselves, ‘Armoured Boombox’.

White night is a annual one night Brighton arts festival held on the night the clocks go back each year – marking the end of British summer time. This year’s White Night theme is ‘utopia’.  Michael and I have been wanting to do something computer arty for a while and given that White Night is in Brighton and Buddhists are friendly we got the chance to put on an event in one of the rooms in the Buddhist center.

Those prone to stretching a metaphor would surely agree with me that ideas and opinions could be thought of as behaving as a flock. Each member of the flock is swayed by each other member of the flock. Average opinion, and therefore popular definitions of concepts and ideas, is defined and moves in much the same way a flock does. They follow the three rules of boids:

  1. separation: Each opinion is separate and so there will be a difference between each idea’s position when plotted on an axis.
  2. alignment: Each opinion affects each other, clusters of opinions attract.
  3. cohesion: The force of each opinion together causes opinions to tend towards an average point.

Our project will be attempting to explore, in light and sound, utopia through the metaphor of flock. Mining real time and collected Tweets we’ll look into how the world uses the word Utopia and what it might mean to us, the Brighton hipsters.

I’ve done something a little like this a while ago, with Tweet Chimes. Which, by the way, was a good two years before this guy got on radio 4.

Categories: Uncategorized.

Tags: , , , ,

Push it (real good).

You wouldn’t know it by looking at my blogs posts but I sometimes do actual work for my actual job over at Homeflow. I highly suggest you give us a bell if you like writing feel good code and dealing with some difficult problems.

So yes – we get a whole load of visitors looking at houses all over the country via one of the numerous websites we run. The nice thing property pages, from my point of view, is that each one comes with a latitude and a longitude – which means we can do maps. And, I ask you, who doesn’t love maps?

Using the lovely Pusher api, we rigged up push event in our already existing Page view Recording Systemwhich finds it’s way over to your browser as your visiting the new Homeflow Live page and plonks down a google maps marker.

Yeah, I got a mac. And yeah, I had to google how to do a print screen.

Categories: Uncategorized.

Tags: , ,

Swarm Your Data

I’ve been thinking lots recently, for not so secret project about boids. I’ll let you know more about that, dear reader, when it’s all confirmed.

So, all this boid thinking gave me a bit of an itch to do something boid-ey. It was fortunate, therefore, that I got to go up to MetaBroadcast HQ for a bit of a hack day. They’ve got a bunch of interesting data and they wanted to expose some frequency graphs. Kindly, they agreed to let me have a play about with boids, and the fine implementation from the people at coderholic.

After some frantic typing, some pretty decent pizza and a guided tour around the world of eclipse keyboard shortcuts I came up with this.

We replace the ‘move to the average point of the swarm’ function in the classic Boids simulation with  a simple ‘fly towards this point’ function. This causes all our boids (although by now they look a little bit more like fireflies) to rush to the point, rush out because they’re all too close to one another and then rush back in. By fiddling with the numbers and the targets, I think, we’re able to make a pretty cool way of showing frequency data.

The code is, as ever, on github.

Categories: Uncategorized.

Tags: ,

The World is Watching, on Twitter.

Another day, another thing on the Internet.

The lovely folk at  MetaBroadcast asked me to make something interesting with their Atlas API – so here I am, bogging about it.

As you may have guessed from my previous blog posts, I really like Twitter, data and making things which are of no real use to anyone. Unlike “I Hope I Don’t Fall In Love With You.”, this machine causes no aggravation – it just watches. Using the Atlas API it works out what’s currently on BBC One and then checks Twitter to see if anyone’s talking about what’s on TV. I did plan to release this a few days ago but the riots in London made working with twitter quite tricky (since almost every tweet was about the riot). Still, better late than never, I present to you: The World is Watching

CEEFAX: the twitter of 1987

Categories: Uncategorized.

Tags: , , ,

The London Riots Through the Eyes of Twitter.

So, I was doing some work involving the Twitter streaming api when the residents of London decided to set the place on fire. This is a recording of tweets about the riot flying across my screen in real time.

Thousands of people, all over the world, sharing their opinions as London burns. 2011 is mad.

Categories: Uncategorized.

Tags: ,

Generative Art, Part 2

As promised threatened, here’s part two.

I’m on the worlds worst wifi connection at the moment, so I’ve been terribly lazy with the linking. But Google is your friend – even if it isn’t mine.

A Framework for Measuring Creativity

On top of the contexts in which creativity is appreciated, scientifically or artistically, we must also consider what defines something a creative action and attempt to define a framework – a series of check lists – so we are able to test if something is truly creative.

Creativity is a multi-faceted and complex thing to attempt to define, so we must not confine ourselves to a definition only from the fields of computer science, a wide and broad range of different approaches must be considered with the hope that some common agreement can be found.

Continued…

Categories: Uncategorized.

Tags: ,

Generative Art, Part 1

Daniel, you can’t just go around claiming you like to make digital art without, firstly, giving it some real thought and secondly, publishing anything. You sound like a dick.

Well, yes – I know. I will eventually get around to putting more things on the Internet, but for now you’ll have to make do with Tweet Chimes and I Hope I Don’t Fall In Love With You. More is on it’s way – but I’m a terribly lazy man.

I did a wonderful course at University which originally got me interested in the whole it’s-not-really-art-but-look-at-this-thing-I-did-with-a-computer thing and it was called “generative creativity”. Part of this excursion into the humanities had me writing an essay about whether or not computers can be creative and, although I’m very much a programmer and very much not a writer I was pretty happy with it. So I thought I’d post it here, on my blog. Hopefully it’ll fill the time between the last picture of a cat and the next. Anyway, I’m going to post in a few parts and here is the first… Continued…

Categories: Uncategorized.

Tags: ,