In the last year we’ve had several serious and well publicised software vulnerabilities like heartbleed and shellshock that set the whole tech press chattering and even made the national news. But not all vulnerabilities are as well marketed. One particular bug has been around for years, has been publicly known for over 9 months, but is only recently getting attention due to a report by Foxglove Security and a corresponding Slashdot article. As Foxglove say, “no one gave it a fancy name, there were no press releases” but “this bug is unlikely to go away soon”.
The report by Foxglove is a fascinating read if you’re a Java programmer, but it is very long and deeply technical. My goal is to explain what’s happening in enough detail that everyone else can understand how this bug got there, and why it’s not simple to get rid of. I do assume you are at least a little bit technical. You are reading an article about a software vulnerability after all.
Continue reading The non-programmer’s explanation to the Java deserialisation bug
I have a fun little problem in my current project. Given a video of a person, detect whether the person is waving at the camera.
This is an early prototype that should work on modern versions of Chrome and Firefox.
Keith Cirkel recently wrote that we should stop using Grunt & Gulp for building frontend code and just use NPM scripts instead. This post is about my experience converting an existing app to use this pattern.
tl;dr: win. People should listen to Keith.
Continue reading On abandoning Gulp
I had a good google for this problem, and couldn’t find a solution, so I though I’d put my own here.
I’m running Jasmine tests through Karma. One of the components I’m testing logs error messages to the console, which is the desired behaviour in production but makes testing hard because methods fail silently.
This code snippet causes any calls to console.error(message) to throw an exception, ensuring that any tests that trigger errors will fail.
Continue reading How to make Karma / Jasmine tests fail on console errors
Daphne the Wondercat: monarch, fluffball, evil genius.
Daphne often takes to social media to rant about the inadequate service provided by her staff (tech journalist Kate Bevan). This activity is cathartic, and highly recommended for any household pet. Unfortunately, Daphne’s catflap was until recently mute, and couldn’t tell the world about its thoughts and feelings.
This was a pity, because Daphne’s catflap actually has a lot to tell the world. You see, the catflap *loves* daphne. Each time daphne passes through, its universe lights up with joy. Every time Daphne’s whisker brushes against it, a tremor of excitement passes through its little plastic body.
In this project, we gave the catflap a voice.
Continue reading Daphne’s tweeting catflap
This article is the second in a series in which I implement the same app in several different graphical programming environments. Coming up this round: ActionScript.
Continue reading Graphics Programming Environment Shootout Episode 2: ActionScript
This is the first in a series about graphical programming in which I implement the same app in several different graphical programming environments. In this episode, Processing.
Continue reading Graphics Programming Environment Shootout Episode 1: Processing
In which I harness the power of public expectation to motivate myself to write more software posts, by loudly committing to write a series of three.
A graphics programming environment is a language or library suitable for drawing pretty patterns. In this series I’m interested in raster drawing environments, in which you can directly manipulate pixels rather than using higher level constructs like HTML or SVG. I intend to implement the same app in several different environments and compare the results.
Continue reading Bernie’s Big Web Graphics Programming Environment Shootout
I have a project to show y’all. I’ve been working on it in my spare time for the last half year, and while its not yet complete enough to be considered a product, the underlying technology is solid.
OGRE is a platform neutral technology for taking a data set on a server and creating real-time replicated slaves on clients. It’s fast. Very fast. It’s also highly extensible so it’s likely that OGRE can be adapted to fit your project, not vice versa.
Continue reading Introducing OGRE