Jason Cosper

Gentleman of fortune. Man of action.

443s & Heartbleed

We are building the most important technologies for the global economy on shockingly underfunded infrastructure. We are truly living through Code in the Age of Cholera.

Dan Kaminsky’s thoughts on Heartbleed — and the lessons we can learn from this whole crazy-ass scramble — are fantastic and worth your time. Especially if you give even half a shit about open source software & security.

March Badness

Despite not following NCAA basketball, I was lured into participating in a work bracket with the promise of prizes. So I did the lazy thing and took the President’s bracket and tweaked it with Nate Silver’s predictions.

At first, I my picks were on fire. I was tied for first with a coworker who I know spent way more time on his picks. I was all:

marnie-dance

But then the Sweet Sixteen happened this weekend. Which knocked my winner (Arizona) out and only one of my picks advanced to the Final Four. Now I’m like:

fucked-bracket

It’s disappointing after getting off to such a strong start, but I actually understand why people get into it now. And, I’m actually looking forward to next year. So that’s something, right?

Charlie India Oscar

4764054739_6fbf59c9e7_bUntil a recent episode of 99% Invisible, I had no idea that You Are Listening To had a numbers station child site. But it does. And it’s pretty amazing.

I’ll go ahead and spare you from my amateur synopsis of numbers stations. Instead, load up You are listening to Numbers Stations in a new tab and spend a little quality time with the Wikipedia page in another one. Once you’ve worked through that, there’s also the resources over at The Conet Project.

Sorry in advance if this manages to make you into a crazy person.

Photo credit: Sutro Tower by Jamison Wieser

Hexeosis

hexeosis

I am basically in love with every animated gif that gets posted over on hexeosis. If you’ve never seen any of his work, go dig through the archives. You won’t be sorry.

Sexy Beasts

New Business Card

While I was in Austin last week, work graced me with a new set of business cards. And they’ve got my new(ish) title! Don’t they look fucking handsome?

I’m sure that everyone I hand them to will silently curse me for their non-standard size, but maybe that’ll become less of an issue once they notice the lightly embossed WP Engine logo.

Or maybe not. But hey, whatever. New cards!

WordPress Coleman

I’ve spent a lot of time since WordCamp San Francisco thinking about Matt’s expressed desire for faster, Chrome-like automatic patching in his State of the Word. Mainly, I got caught up in the “how” of it. Like how could they balance development on the trunk alongside rapid-fire, stable core releases?

Then I read about the move to develop.svn.wordpress.org & Grunt for WordPress core development this morning and realized that it’s only a matter of time before WordPress has its own Canary build.

For the uninitiated, Chrome Canary is a version of Google’s Chrome browser that has the most cutting edge stuff crammed into it. The stuff that’s not quite ready for the general public, but still needs testing. Firefox is doing something similar thing with Aurora.

But WordPress can’t just go and call their cutting edge test branch Canary, can they? So, after combining the list of jazz greats in the version history along with my middling knowledge of the genre, I propose the early-adopter build be named after an innovator who was notorious for shaking things up: Ornette Coleman.

Think about it. WordPress Coleman has a pretty nice ring to it, right?

Anyway, now that I’ve given the project a name, I’ll just be hanging around waiting for an auto-updating build. Don’t worry though, I can be patient…

Addendum: As my buddy Mike Schroder pointed out in IRC, you could totally do something like this right now with the Beta Tester plugin and the bleeding edge nightly builds. But I’m thinking about something that’s a little less likely to break things as trunk development progresses.

Vagrant, Casked

While following the directions on how to set up 10up’s wonderful dev environment for WordPress, I noticed that Vagrant was using a .pkg installer.

Now there’s nothing wrong with installing software that way. Hell, doing things via a graphical installer is easier for most end users. But Vagrant isn’t really something that was made for “end users”. It’s a command line utility to create and manage development environments.

So I did a quick check to see if I could install Vagrant via my favorite package manager, Homebrew. And while there’s nothing in the vanilla install of Homebrew, I stumbled onto an independently maintained add-on called brew-cask that allows you to install Mac applications on your computer via the command line.

Using it is as easy as loading up your terminal and typing:

brew tap phinze/homebrew-cask && brew install brew-cask

Then, to get Vagrant installed, just run this command:

brew cask install vagrant

Hell, you can even install VirtualBox if you’d like:

brew cask install virtualbox

Pretty nice, right?

Oh, and if you’ve been holding out on using Vagrant in your dev environment, consider giving it a try. It’s way more flexible than MAMP and nowhere near as quirky.

Instant Scanner

Have you guys heard about Instant Server? It’s pretty rad. Basically, you push a button, wait a few seconds and they give you 35 minutes of usage on an SSH-able server. Once the 35 minutes is up, you can either pay to keep it running or they trash the server instance.

Anyhow, after trying to figure out some of the fun things I could do with it, I’ve come up something that security minded WordPress folks might find useful.

There’s this command line security scanner called WPScan that performs a bunch of non-intrusive checks against WordPress installs. Folks with Linux based systems can install and run it easily. It’s also a fairly trivial install for folks who’ve set up Homebrew on their Macs. But if you don’t want to mess with installing Xcode on your MacBook or you have a (gag) Windows machine, try this out…

  1. Spin up an Instant Server instance.
  2. Log in via SSH.
  3. Run the following command:
    sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git make && git clone https://github.com/wpscanteam/wpscan.git && cd wpscan && sudo gem install bundler && bundle install --without test development
  4. After that finishes running, you should have roughly 30 minutes left on the server.
  5. Run this command:
    ruby wpscan.rb --url example.com --enumerate
    (Make sure to replace example.com with your own domain.)
  6. Sit back and let WPScan tell you about any security issues you might need to address.

If you stay on top of core, plugin & theme updates, you shouldn’t really see anything surprising. But it’s always better to know your threats and limit your exposure, right?

99U dug up this fantastic interview with James Murphy (of LCD Soundsystem) that covers feeling like a failure in your late 20’s and how to deal with it. It’s something I really wish I’d heard when I was floundering hard a few years ago.

Fork This DMCA Takedown

Over the past few months, I’ve had to help several clients file DMCA takedown notices. Yeah, I think the DMCA stinks. But it’s also the most expedient option for squashing content scrapers and self-titled “curators” who don’t spend a lot of time worrying about things like attribution.

Anyhow, because of this, I keep finding myself in need of a well-crafted — but still fairly generic — DMCA takedown notice template. Which normally means I have to do a quick Google search for one. And then I have to spend a bunch of time doing boring, time-consuming find & replace work.

So the last time this came up, I swiped a publicly available example notice and made some edits. And, naturally, I turned it into a Gist so folks could fork it and use it for themselves.

Hope someone out there finds it useful!

« Older posts

© 2014 Jason Cosper

Theme by Anders NorenUp ↑