Opinion Security

We don’t need better authentication

I saw a tweet today concerning authentication. Monaco, at White House cybersecurity summit at Stanford, calls for replacing passwords with more secure technologies. — Paul Krill (@pjkrill) February 13, 2015 When reading that the first thing that came to my mind was “with what?”  When will that one be hacked and then replaced by something else,Continue Reading “We don’t need better authentication”


Net Neutrality is about money and power, not openess

For all the talk of getting money out of politics we don’t really seem to understand what draws it there in the first place.  Why does money funnel into politics?  Because in politics there is influence and power.  Influence and power gives you control.  It helps you get what you want.  And those in powerContinue Reading “Net Neutrality is about money and power, not openess”


What being a foster parent is really like

I wrote this many months ago but never published it.  It’s a bit of a rant and I apologize for that.  To be honest I don’t really know why I’m publishing it.  Maybe it’s cathartic (the emotional definition, not the medical definition).  These are some things that I’ve wanted to say for a long while.Continue Reading “What being a foster parent is really like”

Magento Performance PHP

4 charts that are guaranteed to make you a better performance detective

I was giving the Magento Performance and Optimization for System Administrator’s course today and I said something that is either borderline brilliant, stupid, or common knowledge.  What I said was something along the lines of “finding performance problems is about finding a) correlations, or b) deviations“.  In other words, a big part of determining aContinue Reading “4 charts that are guaranteed to make you a better performance detective”

Opinion Wordpress

Migrated the blog… to WordPress

… to WordPress? Yep.  I had written my blog from scratch, partially because I wanted to use it as a testing ground for various ideas and such.  However, part of the problem of maintaining your own blog software is maintaining your own blog software.  I think that I’ve pretty much milked the code for allContinue Reading “Migrated the blog… to WordPress”


I hate config files

I hate config files. There, I said it. Made a change to your configuration? Database? Temp location? Gotta redeploy your application. Even if you have an awesome deployment mechanism it just seems somehow wrong to have to redeploy your app to make a configuration change. From a security standpoint, I don’t particularly like having passwords and such being stored in a source repository. Or making it part of your build process. Or manually editing files in production.


Objections to dynamic typing

I am about to head out to Magento Imagine to speak on queuing and scalability. So what is today’s blog post about? Dynamic typing; which has absolutely nothing to do with scalability.
Every once in a while I inject my opinions into places where they are not welcome. I have heard from people in the staticly-typed realm of how amateur dynamic typing is. Some people are interested in understanding how to use dynamic typing, others, not so much. So what I would like to do is talk about some of the arguements made against dynamic typing. Clearly PHP will be my reference point, but many of my points will be salient across many dynamically typed languages.
The biggest misconception about PHP is that it is a strictly dynamicly typed language. In other words that cannot have typed variables. Where you are using the OOP mechanisms in PHP, you have the opportunity to strictly type your variables.class Test {}
class ExecuteTest
public function exec(Test $test)
$et = new ExecuteTest();
$et->exec(new Test());
What happens when this code gets compiled?Catchable fatal error: Argument 1 passed to ExecuteTest::exec() must be an instance of Test, instance of Test2 given, called in test.php on line 17 and defined in test.php on line 9
Fatal error. This is because the type of object passed in was incorrect. So data types do exist in PHP and many other languages. The only downside is that you need to actually run the code on your web server or in a unit test to compile it. Some would (and have argued extensively) that this is a significant drawback. There’s truth to that, but on a very limited scope. Is it a drawback? Yes. Is it signficant? Not by a long shot. Whether it’s PHP, Java, C, Perl, Ruby, VB, C#, JavaScript, etc. etc, if you deploy code that you haven’t tested then you deserve every error and every sleepless night you get. It’s called being responsible for your code. And don’t think that having your code pre-compiled is much better. I have a lot of compiled applications running on my computer. Cakewalk SONAR, Firefox, Apache, PHP (the binaries), MySQL, Tweetdeck, Java, etc., etc. And you know what? Shit still happens with compiled code! Sometimes even type-related errors! Compiling your code ahead of time as you do with C, Java, and the like does not protect you from type-based errors. Can you catch some fat-fingered errors? Sure. Are you safe? No.
For example, take this Java codeSystem.out.print(
Running it provides an output of2147483647
What about this code?System.out.print(
Integer.MAX_VALUE + 1


How to NOT sell an upgrade, @CakewalkInc

So, I work in software and so I know that sometimes a software vendor is not able to do things in as streamlined a manner as possible. However, Cakewalk has taken the cake (no pun intended) when it comes to doing whatever they can to piss off their customers. I have been using (and upgrading) Cakewalk software for almost 10 years. When their new X1 was announced I was all kinds of giddy. When it was released I was even more so… until I tried to upgrade.