Sometimes when we are making backups on our files, and specially if you are a Node.js developer, you'll suffer whilst copying your repositories to another place for making a backup. (Provided you don't have git for all your repositories)
rsync -av --exclude 'node_modules' source destination
And you are set. You could also exclude some other things like adding adding gitignore rules
rsync -av --filter=":- .gitignore" source destination
In my InfoSec class, we were asked to show a preliminary attempt at google hacking.
We were tasked to try to get some indices of google hacking performed, to show us the importance of monitoring our site's search engine exposure and possible file requests permissions. Examples included:
While it certainly is something that sounds fun, for me this is more of a gimmick, nevertheless it made me think for a second. Besides the famous search for "add password" or "aws keys" or looking for .pem files, we could ideally search for files that contain connection strings. So an idea sprang to mind. Which files usually have database configs, which might be uploaded to a repository.
For those who aren't well versed on the internals of WordPress, when you install a WordPress site, you generate a wp-config.php file which determines your Salts, Keys and connection strings to a DB. The possible impact of having this exploited is minimal if you have good security practices, If you have your localhost db configured to only accept connections from yourself, knock yourself out and publish your somewhat secret wp-config. But even then, having the Salts and API keys to your github is almost as bad as having your files stored as plain text.
Well, it seems it is pretty common to have your wp-config on github. You would expect someone to do the sensible thing and declare this as secret files like this:
Nevertheless I found some things like this:
All of this, in public repositories.
Also there is plenty of commits which mention "deleted wp-config", which also have the commit history for that file for the repository, so even though you are deleting sensitive info, it still exists in previous versions. That is really important to consider. while deleting your wp-config. Or at the very least, renew your hashes.
Et tu, readers? What other files should people be aware to .gitignore that aren't commonly mentioned?
 From Wikipedia: "Using a single salt also means that every user who inputs the same password will have the same hash. This makes it easier to attack multiple users by cracking only one hash." While it isn't storing your passwords in plaintext, de-hashing your password becomes easy. Also see: https://codex.wordpress.org/Editing_wp-config.php#Security_Keys
As tradition follows, we usually get screenings of interesting movies in class, today we got a screening of Moon Machines  a documentary by the science channel about the Apollo Guidance system and their corresponding code.This documentary was about the testimonies of people in MIT and the general creation of the whole Apollo mission.
What is interesting is that some years ago, I saw a GitHub repository of the commentated Apollo code, It is wonderful to see such a marvelous display of engineering be on a repository in the internet. I invite you to also read the issues on the repository.
I'll add some excerpts here that I found interesting, but what is more interesting yet, is that there is a compiler in the internet for this code, you can head over to the VirtualAGC GitHub and compile your own Apollo 11 and simulate a lunar landing. If you want to spare yourself the hassle of learning everything about Apollo's computer, check out this YouTube video which does everything the astronauts did to get to the moon.
What is most impressive for me is the way this guys thought about software in a very specific fault-proof way. Today we have compilers which foolproof our ability to do faulty code. Is it real that we are inside the time that software quality is at its all time low? I don't have the answer for that question, but what I can say is that this code is árt, even though we aren't able to read it easily (more because it is just subroutines directly) we can see that for this guys to do something never done before, with this precision, takes a huge amount of determination, perseverance, and intelligence.
It is incredible that they really thought of everything, even then when compilers only compiled, you had no way of detecting beforehand runtime errors, or have static analysis.
# LOAD VERBS IF ALARM CONDITION IS DETECTED DURING EXECUTE,
# CHECK FAIL LIGHT IS TURNED ON AND ENDOFJOB. IF ALARM CONDITION IS
# DETECTED DURING ENTER OF DATA, CHECK FAIL IS TURNED ON AND IT RECYCLES
# TO EXECUTE OF ORIGINAL LOAD VERB. RECYCLE CAUSED BY 1) DECIMAL MACHINE
# CADR 2) MIXTURE OF OCTAL/DECIMAL DATA 3) OCTAL DATA INTO DECIMAL
# ONLY NOUN 4) DEC DATA INTO OCT ONLY NOUN 5) DATA TOO LARGE FOR SCALE
# 6) FEWER THAN 3 DATA WORDS LOADED FOR HRS, MIN, SEC NOUN.8 (2)-(6) ALARM
# AND RECYCLE OCCUR AT FINAL ENTER OF SET. (1) ALARM AND RECYCLE OCCUR AT
# ENTER OF CADR.
“Moon Machines: The Navigation Computer” produced by the Science Channel. This video was seen during class on Tuesday, January 9 
Along the year I've been working on several web platforms where repetitive tasks are usually the norm. From batch optimizing a thousand images, to changing from this obscure format to csv or json. What if you need to critically update a file in your client's and you aren't fancy enough to use some kind of continuous integration tool I'll give you some tips and tricks to be productive.
A client comes by, dumps you a folder of 10 GB of pictures in 4000x4000 and each one of them weights 30MB in JPEG format. The client needs all this images tomorrow in the webpage, watermarked and with specific names. As you mop tears from the floor, you read this guide and discover PhotoBulk for Windows and Mac.
Photobulk lets you resize, watermark, optimize and rename images in bulk, or in batches. This was one of the main tools that have saved me hours and hours, so I widely recommend it. I know some of this things could be done via console, or via a photoshop action. But this is way faster.
2. Regex and Sublime Text
Regex is so powerful to create fast changes in massive data, that i've saved countless hours of conversions or friend's tasks that it is worth learning. I never understood the power of regex, until I used it in a text editor. Really amazing.
3. Coda or KomodoIDE
After uploading the pallette of colors to the website, the customer needs in a hurry to edit the website, because he added his CC number to a username field. Clearly this is trouble. Better than that, he also managed to hard code it somehow to the php code. In this client's alternative world, continous integration doesn't exist. Imagine going to a world where you have to fire up Filezilla, download the file for the code. Edit it, and then upload it. Also firing up your mySQL db manager, or console, searching the concrete entry, and changing it.
After sometime doing this, for urgent tasks in places without versioning *shudders* I've used Coda, from panic. (for macOS) or Komodo IDE (for Windows). Both this programs, allow to set up a direct FTP link and mySQL connection to a DB, where you double click the site, and you get an instant connection to the server. So you manage to control the leak of customer's data to 10 minutes because you were fast.
4. Alfred or Spotlight.
One of the tools that have saved me the most time are Alfred and Spotlight (maybe Cortana, but it is still not there). Want to open a file quickly? Cmd + Space -> file.xls . Want to do a conversion? Cmd + Space -> 100 USD to CAD or 10 lt to gal Want to do math? Cmd + Space -> (13239*(1232+24)*2) + 123 % 2
Alfred is even more awesome, you can program scripts to run or searches given certain keywords. You just get everything instantly.
Now, after working 3+ years in the same computer, with multiple clients, I despise getting it in order. So I decided that I'd get Hazel (or File Juggler for windows). Where you can create rules on your folders, based on how you want them organized.
But, hey, this is pretty basic.
I know this is fairly basic, but there is people who manually does this actions, because they don't want to bother themselves with this kind of automation. Or they don't have the time to automate them themselves. So if this saves some time, I'd like for it to be useful as it was to me.
What are your 100 hour time savers?
I found this quote interesting, it was made by reddit user /u/Bytewave, he is a Senior Engineer in a well positioned Telco in Canada. He posts his stories and experiences to reddit.
I often found a hell of a lot of Passive-Agressive CCing and I find that his opinion is relevant.
“Passive-aggressive CCing (where you copy ‘important people’ who do not need to be involved in an issue to throw weight around) is one of the surest giveaways that someone is not a reliable professional and should not be trusted with anything critical. Sometimes you may get a little more attention to your issue because of it, but you’ll never be respected if you work that way. It’s not limited to IT either, it’s pretty widespread unprofessional behavior. Asking for another tech’s opinion if you think you got wrong answers is fine, but the moment you’re obviously playing the hierarchy – people remember that. Of course it’s different if it’s obvious that an issue needs to be handled by management, but if you believe that’s the case, make it the subject of what you’re writing, not a CC.” – /u/Bytewave
Being my dream to work for one of the Big 4, since an early age I stated to learn the skill-set I'd need in order to be interviewed in Microsoft. This blog intends to be a little recap of the things you can do to make your possibility of entering a Big 4, far greater.
Early in October, Microsoft came to my campus for recruiting. We had a very cool coding contest, and did good enough to get another interview. They also came bearing cool swag to give out to potential Microsoft recruits. (Recruiters, this makes the difference, between being another job experience or out-standing).
My team and I did well enough and we got invited to our First-Round interviews by phone.
The first round of interviews is a HR filter for applicants, for this I recommend practicing brain teasers and going through basics and methodology of standard software engineer practices such as testing and design. But the most important thing in this stage is communication. You have to prove that you can communicate well enough in a stressful job where communication in teams is essential.
Next are the technical interviews, to be honest, the technical interviews are very difficult if you have never faced problems you can't solve. They provide tough, challenging questions that brings your best form.
Basic preparation for getting your foot in the door.
In order to pass the college recruiting step, you really need to have worked in cool projects or have an internship. Some friends haven’t , but they’ve got really nice competitive programming titles. Make sure you’ve got something to be proud about, something that shows that you have a real passion for software engineering as a whole, It can be anything from a job, to a contribution to a modern framework.
High school stage.
If you are in high school for some weird reason and you are reading this, you should try enrolling into competitive programming, It will help you a lot to get you on track to be one of the best software software developers out there. It presents you with a background in algorithmic computing and in solving difficult problems while being in a time constrained environment.
Get into your local IOI (International Olympiad in Informatics) group, or seek TopCoder contests and Felix Halim’s book on Competitive programming to get started.
In the college stage, first of all, I'd recommend to pay attention to your classes, this is the most important think I can think of, understanding of things presented in class, is often the best way to comprehensively understand algorithms and complexities.
Furthermore, Make sure not only that you "get" the things seen in class, but you have to fully understand and explore them. For example, I got a class on Hamiltonian Cycles, and I didn’t fully get what the TA was talking about until I got to code it for myself.
Secondly, I'd recommend joining an internship beforehand, or getting deep into algorithmic programming competitions (Just as in high school) so that you have the best chances of understanding C/C++. See if your school has a local ACM ICPC chapter. Don’t worry, don’t get to overwhelmed, at first you won’t understand Dynamic Programming questions with minimum spanning trees, but its important to persist through them. The most important thing here is to grasp why each algorithm is better or worse in certain situations.
In order to prepare to the interview, if you haven't done any competitive programming, you have to at least implement 3 times each type of important algorithm, (Linked Lists, BFS, DFS, etc) so that you are able to get a grasp of how they work.
The single 3 resources I found fundamental to my interview were:
- Competitive Programming (6th edition) Gayle McDowell but be CAREFUL, don't skip the introduction and the message Gayle has for everyone. It is important, fundamental, and an often missed part of the book. Where she introduces what recruiters and companies are looking for in an software developer.
- Gayle McDowell’s Videos on Vimeo, available for purchase. I used to be super nervous in technical interviews, but once I saw Gayle videos where she explained how the recruiting process went along, where she demonstrated some mock interviews with random people, I understood clearly what was expected of me to know and explain.
- Interview cake Interview cake is a resource that presents different types of common interview problems, in an easy interactive way,. This is the easiest resource for you to follow along with receptive feedback, where you can correct your train of thought, and follow the common interview process.
- Mock interviews with your friends. At first they may seem futile or silly, but once you are on the spot, trying to explain things, your mind shifts into a different reality.
After all this things, remember to enjoy the experience and understand that every interview you do helps you grow as a professional.
If you want to read more things about me or contact me, you can visit my page sadacaraveo.com
When you work in the software industry, indubitably you will find the (now very famous)BOFH, and Clients from Hell material, where a technical person complains about a client. Whether they asked for an impossible thing or software that doesn’t even make sense, the common mood (or at least what I get from them) is that the client is somewhat stupid, or short sighted. I don't want to discuss whether the clients are on the right or not, but I want to talk about the way technical people address non technical people.
Often when non-technical clients address technical contractors, a breach in communication arises: the customer has something in mind, where they know what they expect from the system, or has an idea of what they need. Sometimes it won''t even make sense. But it is part of the job to understand what the client needs, and propose a solution to the problem that the client is trying to fix. And not to berate them for being technically unsavvy.
But what I think most people that is new to the IT and tech world seem to fail to understand is that something that a technical guy understands very easily, a non-technical person may not be even be aware of it existing. While I don't personally think it is a good thing to be non-technical-savyy in this world where technology predominates, one of the beautiful things of technology nowadays is that it is simple, simple for people to understand.
If I hire an engineer to build me a swing, I don't want the engineer lecturing me on the strength of the rope, of the dynamic forces that act on the swing, or how the tension of the swing is equal to the weight of the person that rides, plus the angle at witch gravity pulls them. I just tell him that I want a swing in my backyard, I don't care whether it is aluminum plated rope or carbon fiber, I just want the swing for $x amount of money.
Naturally, I would expect some questions from him:
–How many people will the swing hold?
–Three, no more than that
–How heavy can they be?
–No more than 200kg
–Are you expecting that the swing will give a full turn around the pole where its attached?
And then he builds me a swing with the requirements I asked for and It is done. How is it different in software development? Well, to my view it isn’t that different. The main problem is that the client doesn’t know what variables may intervene in the process (dynamic forces in the swing anybody?) what kind of software they will need, how that technology works etc. I might even adventure that sometimes it is part of the job to be creative and design a solution. (I dont think you need a swing, you may need a centrifuge).
Some stories also mention that the client asks for impossible things. ( I want the swing to hold 100 tons, while on a tree branch ), but it is also part of the job to tell the client: If you want this kind of swing it'll cost you $xxxx, but you may want to use a nuclear powered swing made with carbon fiber for that.
Trying to understand what a client wants, and needs is essential to software development, and I can'tt seem to shake off the feeling that most of these Clients from Hell complaints arise from technical people not offering a solution, but focusing on the part where the client wants something and not understanding the motivations and needs of your client.
Berating non-technical people is a huge problem we have today, there seems to be a stigma in the minds of technical people that people that refuse to see the easiness of technology today is proof that their client is stupid, furthermore it widens the gap between technical and non-technical people and creates fear of being considered stupid, and creates trouble for our industry, where we should be open to people with great ideas and open minds.
By berating the customer we widen the gap between being professionals and being “code-monkeys”, we have to be an integral solution to a problem that the client has, we are being paid to design solutions, and not to mock people because they don’t understand how technology works.
P.S. While I believe some people berate clients, there is some true assholes out there that deserve to be scolded by being assholes to their technical people or by not paying them.
With all the new technologies emerging for cloud migration, there is a wide acceptance that cloud services are the cheapest, and best way to manage some kinds of infrastructures. Nevertheless, on the decision on wether we should migrate into cloud must still be analysed in other ways.
That's why the current Milk-as-a-Service analogy is great, as it illustrates the downfalls of moving to cloud, and the exact situation on wether you need a migration or not.
CEO: I got this proposal from SuperCloudHosting for moving our entire IT infrastructure over to them, it seems good since from what I see and what they say its cheaper and saves us the hassle of an entire department's worth of resources.
IT Consultant: But is it really the best fit for the company, its true they possibly can provide all that service to you and probably cheaper but is it good for the company?
CEO: I don’t have a really good grasp on the technology they are offering but it seemed pretty thorough and they explained the cost effectiveness as a by product of economies of scale, the exact quote was something like "IT is like electricity, why buy your own generator when you can just use the powergrid?"
IT Consultant: I wouldn’t exactly use that as a good way of explaining cloud computing solutions. A better example would be to imagine IT services as milk and IT infrastructure as a cow.
CEO: Milk, cows?
IT Consultant: You use milk every day in your tea or coffee but where do you get it. You can get a whole cow and just use that to get your milk but its far cheaper and more convenient to go buy milk from a store for that. Now if you have a large family, say a wife and five kids then it’s still cheaper to get your milk from the store even if it’s a bit more than just for yourself.
But if you are talking about a whole village then owning your own cow or herd of cows suddenly seems better than buying store bought milk, the cost may still be lower for store bought milk but you have to ensure a large supply of milk consistently over relying on a store or external supplier who may suddenly shutdown or decide that they want to sell bread or something.
CEO: I see… so how does that apply to the cloud and our company?
IT Consultant: Right now you are the village, you can afford to keep your own cows or buy the store bought milk but remember you have no control on the store milk beyond buying it. Their cows could die, they could decide to water down the milk to save costs, increase price, etc and you could do nothing or little about it except trying to yell at the store to bring your milk. And leaving that store to a new one who can supply the same quantity is sometimes lengthy or impossible.
With your own cows you have your own people milking them, caring for them and you know exactly what you have and the fate of your milk is entirely in your hands. My job is to analyze and recommend whether its safer to rely on your own herd of cows or rely on the store always being able to get you milk even though the store is cheaper.
CEO: I see, so outsourcing our IT infrastructure is cheaper but has considerable risks than keeping it in house since it hands our business continuity fate to an outsider beyond our direct control? Kind of like putting all your eggs into a basket you don't even own since you want to save on buying your own basket?
IT Consultant: Exactly.
It is specially interesting to consider that the scale of your operations is something to take into consideration when evaluating cloud services.
I want to give props tu /u/the_walking_tech from reddit for coining the term MaaS.
- LikeWhen is migrating to cloud not the best choice?
- ShareShare When is migrating to cloud not the best choice?