Tutorial

The Naming Game

A while ago my friends and I were brainstorming names for our then as-yet-untitled-form-side-project #1. We had a few considerations in mind that, in light of recent discussions around naming, could be fun to share. So I’ll share them. We wanted our name 1) to be simple, 2) possible to register as a .com or .io domain, 3) have a positive association, and 4) to explain the service had something to do with forms.
Read more

A Quick Guide to Collecting Sci Fi

Over the years of avidly collecting my niche (New Age science fiction from the 60s and 70s), I’ve picked up a few germs of knowledge about book collecting, preservation, and general enthusiasm. It is an addicting hobby, and like any pursuit, something you can improve at with just a tiny bit of perfectly normal, not-clinical, garden-variety obsession. Buy your Bible Before anything else, buy the excellent Science Fiction and Fantasy Authors: A Bibliography of First Printings of their Fiction edited by L.
Read more

Adding a Loading Icon in Nuxt

Today I’m going to discuss implementing a loading icon like you see in a lot of SPAs within the context of a Nuxt project I’m working on - Form Cast, a simple form backend-as-a-service. The Icon My project at the moment is pretty spartanly designed, with a plain white background. For my loading icon, I wanted something with a flash of both activity and color. After surfing around, I decided on this (it’s technically a typing activity icon, but who cares).
Read more

Junior Developer Koans

“Generate a react app without scaffolding” instructed the Master. The student could not. The old man told the young: “Python has seen 3 versions in my day”. The young man responded: “Node has 12.” “Teacher”, the student inquired, “What’s the best Javascript MVC?” The teacher replied. “It’s not JQuery.” A Junior Developer wanted the best Javascript framework for his side project, so he evaluated every option before deciding. He starved to death.
Read more

Writing a Book with Unix

Introduction Last year I published my first book with a publisher, Hands on Bug Hunting For Penetration Testers. Going in, I was determined to set up a workflow that would allow me to: 1) Keep a backup of the book. 2) Allow me to easily track my writing progress. 3) Work on the book offline. 4) Keep my own copy of the book. What set of tools could possibly control the versioning, backup, access control, and portability of plain text?
Read more

Automated Scanning with Arachni

Scanners have a tricky reputation. Their point-and-click simplicity and utility as automated reconnassiance tools means they get love from script kiddies and professionals alike. They also have compelling use cases for flushing out certain vulnerabilities, like XSS, where there may be too many input vectors or payload varities to feasibly go through the application by hand. The problem is a lot of the most popular scanners, like Burp Suite and Websecurify, rely on a GUI for their targeting information and follow a similar pattern:
Read more

Five Tips for Junior Developers-To-Be

Landing your first “Software Developer” or “Web Developer” position is a big get. More than a designer-who-programs or a writer-who-markups, taking on a role where your principal responsibility is coding is a big step in any technology career. You could be thinking about a career transition or graduating a bootcamp or computer science program - this article has five tips, some less earth-shattering than others, that nevertheless will help you on your search.
Read more

Building a Python 3.6 Seed App with Docker, Tox, and Pylint

Seed apps are great. They can be the test-bed for new devops features, mini onboarding exercises, or just “batteries-included” starter kits for greenfield applications. Especially in the web application (and Python) world, almost everything comes with extra considerations - testing, linting, containerization - wouldn’t it be great if we could make a Python seed that came with all of that baked in? What a beautiful, productive world that would be (skip straight to the github repo to go there now).
Read more

Pentest Proving Grounds

One of the most helpful tools in learning the fundamentals of penetration testing is the ability to test your analysis against deliberately-vulnerable applications - sites and/or apps with consciously introduced flaws, catalogued for easy reference. Beyond a great introductory exercise, testing against deliberately vulnerable apps can also be a great way to calibrate new scanners or automated reconnaisance methods. And in addition to the actual vulnerable endpoints within the applications themselves, many of them also feature their own guided tutorials explaining how to detect - and often mitigate - the vulnerabilities they contain.
Read more

A Brief Illustration of Functional Programming

Functional Programming is a powerful programming paradigm that tries to reduce bugs and make it easier to reason about an application by avoiding state changes and the mutation of global values, generally. In software coded using functional programming patterns, all functions can be understood by the arguments passed to them as parameters. There is no reliance on the instance variables of the class (like in Object-Oriented Programming (OOP) patterns) or some other state-dependent variable modified through assignment in runtime by the source code (like in Imperative Programming).
Read more