My Profile Photo

chris.heald.me


My personal blog. Software, devops, security, music, and general nerditry.


  1. Music Post: The Crappy Chrono Trigger Project

    Earlier this year, I started what I dubbed the Crappy Chrono Trigger Project. Essentially, in an attempt to stretch my musical chops, I wanted to cover a bunch of themes from the classic SNES RPG, Chrono Trigger. I didn’t end up getting terribly far in (as it turns out, they’re basically all the same A minor chord progression, and didn’t provide too terribly much variety) but I did get a few tracks down, and made some progress learning my tools in the process. …


  2. faster_pathname: Making Sprockets faster

    Late last year, I was working on replacing the Sprockets pipeline for our internal developers with a Guard-based solution, as a means of improving the speed of change/reload/test cycles we’re all so familiar with. Using Guard to do our asset rebuilds was substantially faster, but I found that when I used Sprockets to do asset lookups, things got a lot slower. This led to me digging around a bit and finding that Pathname is excrutiatingly slow, and Sprockets leans on it really heavily. …


  3. No, Rails' CookieStore isn't broken

    A post recently hit the Full Disclosure seclist titled “Move away from CookieStore if you care about your users and their security”. The post discusses a property of session cookies - notably, that hitting “logout” doesn’t prevent a cookie from being reused to regain that session later, since if someone manages to jack one of your users’ cookies, they can just replay that cookie again at any time and gain access to the users’ account. …


  4. jquery-migrate and XSS

    We were recently flagged by a security researcher for an active XSS hole in our site. After bisecting the origin of the hole to the introduction of jquery-migrate, I put together a minimal proof-of-concept for it and spoke to Dave Methvin on the jQuery team about it. He told me that this was not, in fact, a bug, but was working as intended. To that end, I’m publishing this to warn people about the danger of jquery-migrate’s divergent approach to this issue, so that you can be extra sure to sanitize your jQuery selectors. …


  5. Instrumenting Rails applications with ruby-prof

    I recently read a blog post talking about a performance tuning tool called tracer_bullet. …


  6. Seppuqu: Self-terminating Sidekiqs

    We’ve been having an issue with Sidekiq occassionally not shutting down properly during a deployment. This ends up causing issues, since it can mean that we get Sidekiq workers that end up running different code than what we expect that they’re running. …


  7. Making MongoMapper 9x faster.

    I’ve been doing some heavy work on MongoMapper lately. It all started with a StackOverflow question, which led to a Rails developer user asking me what I thought of Mongoid vs MongoMapper. I’ve been using MM for ages, and was happy enough to offer a favorable opinion of it. But, I wanted to back up my assertions. I wrote a benchmark. It…was disappointing. …


  8. Now Powered by Jekyll

    You might have noticed that my blog has undergone a bit of a change. I’m tired of messing with Wordpress, so I’ve converted it over to Jekyll. So far, it’s exactly what I want, primarily because I get to blog with Markdown rather than HTML now. Markdown seems to have become the defacto language of choice for many developers, since it easily allows for simple markup and inline code. Between Github and StackOverflow, I end up spending a lot of time writing in Markdown, so getting to use it for my blog is a very nice way to reduce mental friction. I’m hoping that it’ll get me blogging more, too. …


  9. How to sign your Ruby gems

    In light of the recent Rubygems security issues, I’ve been adding signatures to my own gems, and encouraging other gem authors to do the same by opening issues on various Github projects. Gem signing coupled with publication of a pubkey allows people to verify the authenticity of your published gems against your repository, so that they can be certain that the gems they are downloading from Rubygems (or where ever) are authentic and were actually released by you, the gem author (as opposed to, say, backdoored and uploaded to Rubygems by a malicious entity in the event of another security breach). …


  10. Profiling RSpec 2 Examples

    Tests can be slow. This is how to find out why they’re slow. …


  11. Don't use strip_tags.

    I ran into a rather surprising little problem earlier this week that I felt bore documenting. It turns out that the “simple” Rails strip_tags helper is massive overkill when you just want to strip markup out of a document. It offers a lot of functionality, but it comes at a pretty ugly performance cost. …


  12. Enabling brightness controls on an HP Envy 17 under Fedora 16

    I’ve recently set up Fedora 16 on my laptop, and all has been smooth, save for the brightness switches. The on-screen display would show up when I used the fn-F2/fn-F3 key combinations, but the brightness just wouldn’t change. Additionally, the brightness was stuck at the lowest level. …


  13. Comps - design vs reality comparisons in Chrome

    For a long time, I used the PixelPerfect Firefox add-on to compare rendered comps with my finished web work. This was a fast and effective way to make sure that I got the spacings, font sizes, and other such things done properly. …


  14. Rails Cookie Sessions and PHP

    I recently found myself needing to share session data from my Rails app with a PHP app on the same domain. We use cookie sessions for a number of reasons, and while they work great, the data stored in them is stored in Ruby’s native Marshal format, which is not trivial to reimplement in PHP. After trying to get the data unmarshaled for a bit, I had another idea - why not just change the storage format? …


  15. Restarting Resque workers (or anything, really) with Monit, Passenger-style.

    Easy way to trigger off a reload of a service managed by Monit without having to become root. In my case, I’ve got a monit service called resque-worker, and I can restart it by just touching tmp/resque-restart.txt. …


  16. MongoDB, count() and the big O

    MongoDB, as I’ve mentioned before, is not without its warts. I’ve run into another, and it’s a nasty one. It turns out that if you perform count() on a query cursor that includes any conditions, even if those conditions are indexed, the operation takes O(n) time to run. …


  17. Resque and Tests

    Resque is a bucket of awesome slathered in a delicious candy coating. It makes background job work really, really easy. I recently switched to it, and found that in the process of testing it, I was generating an awful lot of extra unfulfilled jobs in my queue, when the job was a side-effect of some other test (rather than what was being tested explicitly). …


  18. MongoDB: Warts and wobbles

    I’m a huge fan of MongoDB - after years in MySQL, Interbase, and Postgres SQL databases, it was quite a breath of fresh air to get to try a document database on for size. I’ve more or less adopted it as my default data store for web applications, due to a number of awesome features that many people have enumerated elsewhere. Rather than yet-another post about why MongoDB is great, I figured I’d talk about the things I don’t like in it, the places I’ve had difficulty with it, and the things I’d like to see improve. Knowing the sticky parts of a piece of technology is often as valuable - if not moreso - than knowing what it does really well. I absolutely still recommend it as a data store, but it’s not a magical panacea, and I want to take a realistic view of it. …


  19. Tarot for easier Rails configurations

    Once upon a time, I wrote a quick-and-dirty Rails plugin for site configuration. Since then, I’ve continued to use variants on this pattern, and it’s evolved to the point that it deserved a revisit. …


  20. Sexy CSS Scrollbars in Chrome

    It’s like it’s 1996 all over again, except with less suck. Webkit now supports styleable scrollbars, and you get to use all the Webkit CSS3 goodies, like gradients and rounded corners and the like. If you’re using Chrome or Safari, you might notice that I have the blog theme rocking super sexy grey scrollbars now, which really ties the whole theme together. It’s pretty easy, too. …