| |
| Current Topic: Technology |
|
AWS signature version 1 is insecure |
|
|
|---|
| Topic: Technology |
6:47 am EST, Dec 23, 2008 |
The important bit first: If you are making Query (aka REST) requests to Amazon SimpleDB, to Amazon Elastic Compute Cloud (EC2), or to Amazon Simple Queue Service (SQS) over HTTP, and there is any way for an attacker to provide you with data which you use to construct your request, switch to HTTPS or start using AWS signature version 2 now.
Perhaps this is why Amazon broke version 1 in the Perl lib a few days ago. AWS signature version 1 is insecure |
|
Moose - A postmodern object system for Perl 5 - search.cpan.org |
|
|
|---|
| Topic: Technology |
2:25 am EST, Dec 23, 2008 |
Moose makes Perl5 objects not suck. It makes Perl fun again. Look below. For one thing, I do not have to do a new() or Perl's silly hacked object shenanigans. Moose does that for me. If I want code to run at instantiation, I can make a BUILD() sub, but instead of doing that I can define properties of the object that save me from writing code. For instance, look at $sdb. I initialize it to a default in the declaration, so I don't have to bind the variable in new(). $separator and $replace are required arguments (in a hash) and so they are declares as such. Moose will do the complaining for me if we don't get them. I'm not usually an advocate of meta-code, but in this case the payoff is instant. Moose is great. Ex: package Amazon::SimpleDB::Simple; use Moose;
use Carp;
use Amazon::SimpleDB::Client; has 'sdb' => (
isa => 'Amazon::SimpleDB::Client',
is => 'rw',
lazy => 1,
default => sub {
my $self = shift;
Amazon::SimpleDB::Client->new($self->AWS_ACCESS_KEY_ID,
$self->AWS_SECRET_ACCESS_KEY);
}
); has 'max' => (isa => 'Int', is => 'rw', default => 100); has [qw/AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY domain/] =>
(isa => 'Str', is => 'ro', required => 1);
has 'separator' => (isa => 'Str', is => 'rw', required => 1); has 'replace' => (isa => 'Int', is => 'rw', required => 1); sub put_attributes
{
my ($self, $item_name, @pairs) = @_; my $response =
$self->sdb->putAttributes(
{
DomainName => $self->domain,
ItemName => $item_name,
Attribute => pairs_to_attributes(\@pairs, 1),
}
);
} Moose - A postmodern object system for Perl 5 - search.cpan.org |
|
|
|---|
| Topic: Technology |
2:21 am EST, Dec 23, 2008 |
The course of people's lives in the US now seems to be determined less by credentials and more by performance than it was 25 years ago. Where you go to college still matters, but not like it used to. What happened?
After Credentials |
|
Snowy day in New York - Joel on Software |
|
|
|---|
| Topic: Technology |
4:17 pm EST, Dec 20, 2008 |
The best way to fix CSS problems with IE6 is to generate random mutations on the style sheet until it looks fixed
So true. Snowy day in New York - Joel on Software |
|
I added SimpleDB's SELECT to the SimpleDB Perl CLI |
|
|
|---|
| Topic: Technology |
4:31 am EST, Dec 20, 2008 |
I got bored, so I added this: http://rjurneyopen.s3.amazonaws.com/simpledb.patch to this: http://code.google.com/p/amazon-simpledb-cli/ Now you can do something like this: $ ./simpledb select "select * from SimpleDBTest WHERE id>'0' ORDER BY id DESC" And if you have data in that domain suitable to the query, you get something like this: Item: base_id=1 Name: id, Value: 7, Name: song, Value: Super Deluxe Fly Crew, Name: station, Value: WKRP, I think this is actually my first contribution to a FOSS project. Go me. I added SimpleDB's SELECT to the SimpleDB Perl CLI |
|
An Open Letter to the Atlanta Business Chronicle |
|
|
|---|
| Topic: Technology |
11:41 pm EST, Dec 19, 2008 |
New Economy Pitches to Old Economy I read a blog post yesterday on the Atlanta Business Chronicle website regarding the open session of Startup Gauntlet, entitled “Startup Gauntlet: Helping build tomorrow's entrepreneurs.” The post covered a special public session of Startup Gauntlet, which was unique in that it was judged by members of the TAG Top 40 judging panel, was open to the public, and the winner moved on to a spot in the TAG Top 40. There was a powerful story at that meeting, and the post missed it completely. The post may be summarized as saying that the entrepreneurs were unprepared for the market, unprepared for investment, and that most of their businesses have little chance for success, but with the help of the feedback from the panel they might stand a chance. I would suggest that the real story in that meeting was the gap between the investment community as represented by the panel, and internet companies in this state. That is to say, the ‘New Economy’ was pitching to the ‘Old Economy,’ and the old economy doesn’t get it. Independent of the merits of the internet businesses presenting, the panel indicated repeatedly, from the questions it asked, that they had little understanding of the internet as it pertains to business. Again and again, questions from the panel showed a complete lack of knowledge of existing revenue models on the internet responsible for billions of dollars of transactions driving profits for pillars of the new economy like Amazon, Google and eBay. It was therefore difficult for many members of the panel to understand the value proposition of products which enhance those revenues, or exist on top of those business models. Many of the questions posed were valid criticisms of the business models of companies like Amazon, had they been posed nearly 15 years ago before hundreds of billions of dollars of revenue had proven them. Internet companies are not exempt from demonstrating the value of their products, but these questions highlighted the key challenge for tech startups in the state of Georgia, and indeed throughout the southeast: how do you teach those that control venture investment from the ‘Old Economy’ how the ‘New Economy’ works if they lack a basic understanding of the development of the internet as it pertains to business over the last 15 years? The gap is wide, and yet it must be bridged if we are to grow the Georgia technology economy. Good coverage of that event would have seen that divide, and would have reported it, rather than simply voicing the opinion of the ‘Old Economy.’ Adequate coverage of the technology industry of this state requires some knowledge of technology, and of business. I would ask that you devote the resources to covering these events that are required to make adequate coverage possible. Thank you for your time, Russell Jurney An Open Letter to the Atlanta Business Chronicle |
|
#0×20 - Runnin’ a startup ain’t cheap. | Startup Comix |
|
|
|---|
| Topic: Technology |
10:36 pm EST, Dec 19, 2008 |
Not to uhh... take credit for this brilliant comic or anything but uhh... this was my suggestion for a comic last week :D #0×20 - Runnin’ a startup ain’t cheap. | Startup Comix |
|
|
|---|
| Topic: Technology |
9:14 pm EST, Dec 18, 2008 |
What is ErlSDB? ErlSDB is an Erlang library to access Amazon's SimpleDB web service. It uses REST APIs to access SimpleDB service and is built on top OTP.
What is SimpleDB? SimpleDB is Amazon's web service that provides persistence service for storing or querying a collection of key/value pairs. A collection of key/value pair is called an item, which is similar to row in relational database. However, unlike relation database you can store varying number of key/values. These items are in turn stored in domains which provide a naming scope.
I need to learn Erlang. erlsdb - Google Code |
|
Aegisub: If programming languages were religions... |
|
|
|---|
| Topic: Technology |
8:20 pm EST, Dec 18, 2008 |
"If programming languages were religions"
(Inspired by "If programming languages were cars") C would be Judaism - it's old and restrictive, but most of the world is familiar with its laws and respects them. The catch is, you can't convert into it - you're either into it from the start, or you will think that it's insanity. Also, when things go wrong, many people are willing to blame the problems of the world on it.
Another gold star. Two in a week. Now I know why Java guys annoy me in the same way as fundies... Aegisub: If programming languages were religions... |
|
