Who the fuck is yaron shohat and why does he want my social security number

May 21st, 2009

I was trying to book a flight on jetblue.com yesterday, and I had a horrible experience. When you go to jetblue.com and search for a flight you are redirected to jetblueairways.com, initially I didn’t notice this. After I entered in my credit card information (with my Bank of America card) and hit submit, I was redirected to http://securesuite.com/bankofamerica , or a similar url. On this page I was asked for the last 6 digits of my social security number and my email address. I hesitated and looked up securesuite.com.

securesuite.com is apparently part of Visa’s “Verified by Visa” program. There were very few hits on google for the site, and most of them were people worried about phishing scams. I did a whois on securesuite.com and got these results.

   Registrant:
      cyota
      yaron shohat
      8200 Greensboro Drive Suite 1100
      Mclean, VA 22102

      Email: IAAG_DNS_Hostmaster@rsa.com

   Registrar Name....: REGISTER.COM, INC.
   Registrar Whois...: whois.register.com
   Registrar Homepage: www.register.com

   Domain Name: securesuite.net

      Created on..............: Fri, Aug 23, 2002
      Expires on..............: Sun, Aug 23, 2009
      Record last updated on..: Sun, Nov 09, 2008

   Administrative Contact:
      RSA, The Security Division of EMC
      IAAG DNS ADMIN
      8200 Greensboro Drive Suite 1100
      Mclean, Va 22102
      US
      Phone: +1.8665606153
      Email: IAAG_DNS_Admin@rsa.com

   Technical Contact:
      RSA, The Security Division of EMC
      IAAG DNS TECH
      8200 Greensboro Drive Suite 1100
      Mclean, Va 22102
      MS
      Phone: +1.8665606153
      Email: IAAG_DNS_Tech@rsa.com

   DNS Servers:

   pdns1.ultradns.net
   pdns5.ultradns.info
   pdns4.ultradns.org
   pdns6.ultradns.co.uk
   pdns2.ultradns.net
   pdns3.ultradns.org

Visit AboutUs.org for more information about securesuite.net

AboutUs: securesuite.net

Register your domain name at http://www.register.com

What the fuck. I don’t care if it is really sanctioned by Visa, and is a legitimate site, I won’t submit any information to such a poorly administered site. This is horrid, I don’t know who is responsible Visa, Bank of America, Jet Blue, a hacker who got into Jet Blue, or Jet Blue’s credit card processor, and frankly I don’t care.

At this point I went back to the previous page, and realized that I hadn’t been filing in my credit card information on jetblue.com, but jetblueairways.com. I opened a new browser and went to jetblue.com going through the same steps and I realized that searching for a flight on their home page redirects you to jetblueairways.com. Next I looked at the form on the last page from jetblueairways.com where I wrote in my credit card info, to see if it submitted to jetblueairways.com or securesuite.net,  apparently that page does submit to jetblueairways.com and the response gives an http redirect to securesuite.net.

I will call jetblue and my bank today to see what is going on.  Whatever the result, this was a horrible experience.  If this was legitimate, in some ways it is even more scary.  I had a hard time understanding what was happening, and I’m a programmer who deals with the web everyday, my parents are dead in the water.

Getting pdb to work with django on windows

May 5th, 2009

I was setting up django on Scott’s machine for django development.  In addition to the normal quirks
manage.py runserver
doesn’t work normally. You get no updates in the shell when you load a page, unlike on unix systems, where you see access logs. When you a save a file in your django project, it forces the webserver to reload, at which point you see all the previous logs.

This behaviour is annoying enough for access logs, but it makes pdb unusable, which in turn makes development much less fun. After digging through the django/manage.py/basehttp/wsgi/pdb/cmd.py source I stumbled onto the problem.

Django uses

sys.stdout.write("foo")

to write access logs and other information from the server to the shell.  Calling sys.stdout.flush(), will cause your shell to update with the most recent server output. When you save a file, it causes django to terminate the current server and start a new one. killing the current server causes stdout to flush. Making the server call flush in all the right places would require editting django code, or monkey patching, thankfully getting pdb to work under windows is much easier. use this function

import pdb
def set_trace():
    p = pdb.Pdb()
    p.use_rawinput = False
    p.set_trace(sys._getframe().f_back)
set_trace()

if you look at the code in cmd.py, when raw_input is True, sys.stdout.flush() isn’t called, otherwise it is.

Good luck, I hope this is helpful

making shell.el dirtrack mode really work

January 30th, 2009

I use shell.el on emacs.  After recently discovering pushd, popd, and wanting to write more cd aliases, I have grown tired of emacs’ dirtracking.  

 

So, I looked at the code for  

 shell-resync-dirs </pre>

This function uses


 

Citizen Aid Charity Event at Gallery Bar

December 11th, 2008

 

Citizen Aid event at Gallery Bar for Building With Books

Citizen Aid event at Gallery Bar for Building With Books

My girlfriend Jen cofounded a charity named Citizen Aid.  They are throwing an event tonight at Gallery Bar supporting Building With Books.  I will be there and I hope you can come to.  Here is the email announcement for it.

 

Thursday, December 11th at Gallery Bar, 6:30pm – 10pm.

120 Orchard St. $20 cover. All proceeds go to benefit Building With Books.

There will be an Absinthe Open Bar, from 7-8p, courtesy of our sponsor, Versinthe.

Please join us, and forward this invite to co-workers & friends!

Benefit yourself and others this holiday season and join us for a night of =
live music, cocktails, and a silent auction to raise money for an amazing charity that’s dedicated to increasing education and literacy around the globe.

All proceeds will go to benefit Building With Books, an organization that runs 130 after-school programs for inner-city youth in the US and has built 287 schools in developing countries. 100% of the funds we raise from this event will go directly to building a new school in Nicaragua, which will be the 34th school that Building With Books has built in that country. In addition
to the silent art auction, there will be entertainment by DJ Aleks and sing
er Matt Lenny, plus specials on beer and well drinks. The $20 admission and
$25 minimum bids are tax deductible.

This event is being hosted by Citizen Aid. Citizen Aid is a volunteer event-planning organization that plans events/fundraisers, from conception to execution, for registered non-profits & NGOs. Founded in 2006 by college friends Jen Charlton, Nicole Keating and Abbie Somma, Citizen Aid has organize
d events that have helped to raise money and awareness to increase literacy
in Haiti, support humanitarian aid in Sudan and to stop the practice of human trafficking.

 

 


>More information can be found at:

 

http://citizenaid.org/

http://www.buildingwithbooks.org/default.aspx

http://www.myspace.com/mattlenny

http://www.myspace.com/thegirliloveband

http://www.versinthe.net/


Election for the next New York Tech Meetup Organizer

December 11th, 2008

The New York Tech Meetup is electing a new organizer, given that Scott Heiferman is stepping down.  I have a soft spot for the NYTM, it was about 2 years ago when I went to my first one and met Sanford.  For me it has been the focal point of the New York Tech community.  After the meeting moved to IAC I pretty much stopped going, you had to reserve ahead of time, the event often sold out, and once you got to IAC there was very little time to mingle in the new venue.

 

Rich Hecker dropped out tonight.  That’s too bad, he would have done a good job.  I could see him leading the event very much in the mold of Scott, short tempered, funny, although much more transparent.  He does a great job with his bootstrapper events, through which I met Scott Kaylie.

Sanford is running to be the next organizer, and I hope he wins.  I sent emails to a bunch of my friends in the tech community up here tonight about Sanford running, and I realized that Sanford had introduced me to most of those people.  Thats what he does, make connections.   He understands and is excited by tech, even tech that won’t necesarrily have an exit strategy but is just cool.

You can vote for the next organizer here.  

http://www.meetup.com/ny-tech/polls/162043/

Hopefully this post was coherent, I’m about ready for bed.

Macbook external monitor woes

December 9th, 2008

I turned in my MacBookPro yesterday to have its internal screen worked on (dead pixels and bruises).  Earlier I bought a MacBook so that I wouldn’t be without a computer while my pro was being worked on (it will be a gift for my parents when I get the pro back).

I knew the MacBook couldn’t drive my 30 inch Samsung at full 2560×1600 resolution, but figured it would be tolerable at 1920×1200.  When I plugged in the MB, no such luck, try as I might I could only get it to drive the 30 inch at 1200×800, I tried putting the MB to sleep and waking it, while it was close, I couldn’t get it to wake.  Nothing I could do would give me a higher resolution on the 30 inch.

After some searching I found this,  305 T plus manual , after reading it I figured out that the monitor has two and only two resolutions 2560×1600 and 1280×800.  So I will have to suffer until my MBP comes back.  Interestingly enough the Apple Cinema HD 30″ has no such restriction, it can drive 2560×1600, 2048×1280, 1920×1280, 1280×800 and 1024×640.

What an annoyance.

My server was hacked

December 3rd, 2008

Last wednesday, I checked my blog and it had been hacked.  wp-header had been edited and borked.   Nothing in the database had been touched.  It was a scary experience, but I got the server back up quickly.  I backed up the database and restored it.  Apparently there were some encoding issues, thus the weird characters everywhere.  I updated to the latest version of wordpress and everything seems to be fine.

I think it was just a driveby attack, nothing aimed at me personally.  I have been working on blogging more and getting links to my blog from other sites.  Oh well.  Time to restore the db properly I guess.

mozrepl is the most exciting firefox extension I have ever seen

November 22nd, 2008

mozrepl seems astonishingly powerful.

Although I’m not currently developing in js,  I think mozrepl will be a game changer,  having a real repl with access to every nook and cranny of firefox is an amazingly powerful tool ,  It makes firebug irrelevant for me.

I never wanted to do any serious coding in the firebug repl,  not when I used vim as my everyday editor, not now when I use emacs as my everyday editor.   The problem with the firebug repl is multiline functions, it was utterly frustrating to write them the multi-line editor pane, from my memory had no easy way to e   .   Then once you did write a useful bit of code in firebug, you had to copy and paste that back into your text editor, almost completely defeating the purpose of writing it in the first place.  Not so with emacs, which gets repl interaction so right (vim never really tried).  Firefox is a great start for a tool,  it has saved me much time during debugging,  but it alway seemed innacessible to me.
On top of a clunky ui, firebug also only played in the web js playground.  You couldn’t fiddle with firebug itself via firebug.  try this in firebug

>>> console.log.toSource()
"(function anonymous() {return window.console.notifyFirebug(arguments, "log", "firebugAppendConsole");})"
>>> window.console.notifyFirebug.toSource()
"(function (objs, methodName, eventId) {var element = this.getFirebugElement();var event = document.createEvent("Events");event.initEvent(eventId, true, false);this.userObjects = [];for (var i = 0; i < objs.length; i++) {this.userObjects.push(objs[i]);}var length = this.userObjects.length;element.setAttribute("methodName", methodName);element.dispatchEvent(event);var result;if (element.getAttribute("retValueType") == "array") {result = [];}if (!result && this.userObjects.length == length + 1) {return this.userObjects[length];}for (var i = length; i < this.userObjects.length && result; i++) {result.push(this.userObjects[i]);}return result;})"

See those anonymous functions, it feels like you are oh so close to being able to change firebug's behaviour, but you can't really touch that code You can't access the variables because they are in closures.  This is actually much less opaque in 1.2.1 then it was in 1.0 or 1.1 (I can't remember which version I used to run.
MozRepl doesn't seem to suffer from those problems. You seem to be able to change anything in the browser, including the url, including which tab you have currently selected.   This opens up a whole new realm of possibilities for what you can do with your browser.

As a side note, on the moz-repl  wiki, for emacs integration it is recommend that you point your browser to  chrome://mozlab/content/mozrepl/javascript.el to get the javascript elisp file necesary for emacs integration.  The problem is, that with FF 3.0 at least, accessing that url gives a blank page.  to get to javascript.el you need to download the xpi file (firefox's extension format) and unzip it (xpis are compressed and packaged similar to apple dmgs).  Once you do that, you will be able to find javascript.el and other files.

EDIT

to get to javascript.el and moz.el

first unzip mozrepl.xpi

then unzip chrome/mozrepl.jar

there you will find the two emacs files

Matt says that you can also download the files here

http://github.com/bard/mozrepl/tree/master/chrome%2Fcontent

Open Sourcing chartWidget

November 19th, 2008

In 2007 I wrote a javascript charting package named chartWidget. I intended to pursue business oportunities with it, that didn’t work out (another post).

Take a look at the site.  You can view the javascript source, but it is obfuscated, I modified the YUI Compressor to munge global variables somewhat safely.
Anyway, I think I wrote some pretty cool code.  I’m not currently doing anything with it, and many friends have recommended that I open source it.  So I am thinking about it

I have questions

1. Which license to choose?  I’m leaning towards GPL, because it is still a bit hard to let go.   Which license puts me in the best position should someone want to use it (for me to possibly receive consulting fees)?
2.Should I include my whole subversion repository, about 700 revisions, I’m worried to do this, because it quite likely includes passwords ( I know bad practice)?  On the plus side including the whole repository could show thought patterns, to help other people debug the code
3.Will anyone care?  I guess I can find out by doing it.

4. My code is idiomatic to say the least, in some places wrong, and in many more places just hard to understand.  How much will this matter for me,  if someone looks at the code will they consider me an idiot?

5.What questions am I not asking that I should be?

python debug mode in emacs

November 17th, 2008

I was walking through some SQLAlchemy code last week and I used pdb, the python debugger for the first time.  It was a truly astonishing experience.  I have seen debuggers before, primarily in javascript and java , and they were helpful, and relatively easy to get started with, but there were annoyances there that I couldn’t easily correct.  Not so with pdb.

First with pdb, you seem to have all of the power of python available at your fingertips.

Second, pdb is all text, no need to use a mouse.

Third, pdb integrates with emacs very well.

Even with ropemacs, emacs is somewhat lacking for python integration, I’m getting more used to it, but it feels clunky (emacs freezes if you try to execute long running code and your not already running a shell).  pdb integration rocks though,  buffers for the appropriate files open as you step into functions, showing you  line number with a caret on the left hand side of the screen.

Next up (abbrev-mode) abbreviations for pdb-mode.  when stepping through the debugger, it is annoying to press “s RETURN”,  I think I will make an an abbreviaton tying “s” to “s RETURN” , just for pdb mode.