Why I’m not using Fastmail

Prepare for a somewhat ranty post, but it doesn’t come from a bad place. I honestly want Fastmail to succeed. I’m eager to see more alternatives for email hosting, and clients (and there are scaringly few). I also acknowledge that … Continued

Stop showing me your homepage

I haven’t noticed it much before, but it’s becoming a pet peeve once I started paying attention to it. We LOVE homepages. Like eyes being the key to our souls, our homepage shows who we really are. What we stand … Continued

Coffee A/B Tasting – Results

This is the final post on this series. I started by covering the method for A/B testing coffee, as well as the motivation and approach. I later wrote about the first test session using Hario V60, comparing those beans by … Continued

Coffee A/B Tasting – aeropressoccino

On previous posts I covered the method for A/B testing coffee, as well as the motivation and approach. I later wrote about the first test session using Hario V60. The last post was comparing those beans by making Espresso. This … Continued

Coffee A/B Tasting – Creme de la Crema

On my previous post, I covered the first blind A/B tasting session using the “Gingerlime Tasting Technique” ™. You can read some more background about the motivation and method, as well as a full list of coffees I’m comparing on … Continued

Coffee A/B testing – first A/B taste

This is the second post in a series, exploring the “Gingerlime Tasting Technique” ™. You can read some background on the previous post, where I explain the motivation, testing method and how I started exploring A/B testing for coffee. Different … Continued

Coffee A/B testing

I do quite a bit of A/B testing and find it to be a great tool for experimenting and ultimately improving things. But what’s “Coffee A/B testing”? The idea came to me when I was visiting my wife’s family in … Continued

Cutting through red-tape with Stripe

It’s not all about the technology. Stripe does one thing that makes it light-years better than its competition: Time to market. Or in simpler terms, its activation process to allow you to receive actual payments. My wife and I run … Continued

Quick & Dirty SSL tunnelling for rails development

Just a quick&dirty guide on setting up SSL tunnelling in your development environment. This is written for Rails, but can be easily used for Django, Node, or any other web development. Why SSL in development? There’s no important reason to … Continued

Getting a bit creepy

I spend a lot of time working with monitoring solutions, and like to measure and track things. The information we collect from our apps tells us a lot about what’s going on. Who’s using it. How frequently they access it. … Continued

Measure *everything*

Just a quick link to my recent talk at Ruby User Group Berlin Slides are available on github

Matryoshka Fragment Caching in Rails

“Russian doll Caching” gained some popularity recently, I suspect in part due to its catchy (or cachie?) name and how easy it is to visualize the concept. Rails 4 should have this improved caching available by default. With Rails 3 … Continued

Django-Tastypie Authorization glitch

TL;DR If a request using django tastypie is not authorized, please make sure to raise Unauthorized() exception in your _detail authorization methods in Tastypie v0.9.12. The longer version On one of my previous posts I wrote at length about django-tastypie … Continued

Software? eugh!

I’ve had a strange conversation with my wife this morning. She told me that google reader is closing down. She’s using it much more than I do. So I said to her something like “I’m sure you can install some … Continued

Graphite Alerts with Monit

I love Graphite. It’s the most robust, flexible, kick-ass monitoring tool out there. But when I say monitoring, I’m actually not describing what graphite really does. In fact, it does almost anything but monitoring. It collects metrics via carbon, it … Continued

Rails IP Spoofing Vulnerabilities and Protection

I’ve recently bumped into an interesting post about a stackoverflow vulnerability discovered by Anthony Ferrara. I didn’t think too much about it. I’ve come across similar issues before, where the application relies on a piece of information that might be … Continued

I’m not pinterested in spam

Just a quick rant this time. I recently signed-up for pinterest. I wasn’t actually interested in signing-up, but wanted to see what their sign-up process looks like. If you’ve read one of my previous posts, you’d know I nearly always … Continued

Statsd and Carbon security

I’ve written about installing and using Graphite and it’s a really great tool for measuring lots of kinds of metrics. Most of the guides online don’t touch on the security aspects of this setup, and there was at least one … Continued

Rackspace ate my homework pt. II

For those who followed my previous post, I thought I should post a quick update. Something positive I was naturally quite surprised to be contacted rather quickly by Rackspace shortly after posting. This was a nice surprise, and the contact … Continued

Rackspace ate my homework

One of the greatest promises of cloud computing is resilliency. Store your data ‘in the cloud’ and access it from anywhere, enjoy high durability and speed. You know the marketing spiel already. A recent incident reminded me the importance of … Continued

More ActiveAdmin Customizations with CanCan

Coming from Django, I was a little surprised/disappointed that permissions aren’t very tightly integrated with the Rails ActiveAdmin as they are with the django admin. Luckily, my search for better authorization for ActiveAdmin has led me to this very informative … Continued

Simple Detection of Comment Spam in Rails

It’s always nice to be able to get some feedback, or for users to make a contact via a simple Contact form. However, it didn’t take too long before spammers started hitting those forms too. It was quite interesting to … Continued

Bootstrap cloud shoot-out part II

A recent comment by Martyn on my cloud performance shoot-out post prompted me to do another round of testing. As the bootstrap process I described on the last post evolved, it’s always a good idea to test it anyway, so … Continued

Webfaction fail. over.

This post starts as a rant about webfaction, but somehow turns into a rave. I recently discovered (the hard way) that I can failover almost any site to a secondary host in a different data centre, all with a few … Continued

Fabric Installer for Graphite

fabric-graphite is a fabric script to install Graphite, Nginx, uwsgi and all dependencies on a debian-based host. Why? I was reading a few interesting posts about graphite. When I tried to install it however, I couldn’t find anything that really … Continued

bootstrap shooting at the clouds

One of my primary aims when building a resillient cloud architecture, is being able to spawn instances quickly. Many cloud providers give you tools to create images or snapshots of existing cloud instances and launch them. This is great, but … Continued

How much (cache) is too much?

One of the best rules of thumb I know is the 80/20 rule. I can’t think of a more practical rule in almost any situation. Combined with the law of diminishing returns, it pretty much sums up how the universe … Continued

A different kind of spider

It’s always nice to discover a new tool or service that does things differently. Even if just a little. I remember when someone first told me about hipmunk. Just when I thought all flight search websites are pretty much the … Continued

updating lighttpd on debian squeeze against the BEAST

If you’re updating your debian stable (squeeze) and using Lighttpd as your web server, you might come across a security notice on how to fix your lighttpd against the BEAST attack. There’s a mistake on this note however. Instead of

Keep your hands off my tastypie

Update Please note that since Tastypie v0.9.12 the authorization framework was rewritten. Lots of information on this post no longer applies. I’m hoping to write a follow-up post at some stage. Original Post I’ve been using tastypie, the very awesome … Continued

encryption is not the right solution

When talking about security, the first thing that usually comes to mind is encryption. Spies secretly coding (or de-coding) some secret message that should not be revealed to the enemy. Encryption is this mysterious thing that turns all text into … Continued

dynamic goal values in google analytics

Scoring a goal against google is never easy. Google analytics allows you to do some strange and wonderful things, but not without some teeth grinding. I was struggling with this for a little while, and it was a great source … Continued

unicode url double-encoding 404 redirect trick

I’ve come across a small nuisance that seemed to appear occasionally with unicode urls. Some websites seem to encode/escape/quote urls as soon as they see any symbol (particularly % sign). They appear to assume it needs to be encoded, and … Continued

django memory leaks, part II

On my previous post I talked about django memory management, the little-known maxrequests parameter in particular, and how it can help ‘pop’ some balloons, i.e. kill and restart some django processes in order to release some memory. On this post … Continued

django memory leaks, part I

A while ago I was working on optimizing memory use for some django instances. During that process, I managed to better understand memory management within django, and thought it would be nice to share some of those insights. This is … Continued

timthumb vulnerability

About a month ago I posted about tweaking timthumb to work with CDN. Timthumb is a great script, but great scripts also have bugs. A recently discovered one is a rather serious bug. It can allow attackers to inject arbitrary … Continued


Following from my previous post, I’ve come across another issue related to caching in wordpress: dynamic content. There’s a constant trade-off between caching and dynamic content. If you want your content to be truly dynamic, you can’t cache it properly. … Continued

thumbs up

[IMPORTANT: please check that you have the latest version of timthumb! older versions might have a serious security vulnerability. A little more about it here] I’ve been recently trying to optimize a wordpress based site. It was running fine, but … Continued

timing is everything

A quick-tip on the importance of timestamps and making sure your time zone is set correctly. I was recently playing around with fail2ban. It’s a really cool little tool that monitors your log files, matches certain patterns, and can act … Continued

passwordless password manager

[Also published on testuff.com] Most people I know tend to simply use the same password on ALL websites. Email, Paypal, Amazon, Ebay, Facebook, Twitter. This is obviously a very bad idea. Passwords are always a problem. Difficult to remember, hard … Continued


This saturday, 8th January 2011 I’m running a small geeky arts project at Madame Lillie’s gallry in Stoke Newington. SMILE – a temporary exhibition The smile project attempts to capture snapshots within the exhibition space. The audience takes an active … Continued

2nd edition of 1

I was really pleased when my good friend chris asked me to help him with his edition of 1 project. I guess it was exciting working on an arts project. I also liked his project because randomness is an interesting … Continued

Once upon a time

One-Time-Passwords always fascinated me. Long long time ago in a land far far away I suddenly had this idea. The idea was simple and in today’s terms pretty common, perhaps trivial. One-Time-Password without the need for an extra token. After … Continued

iphone running late

I recently noticed my iphone clock wasn’t accurate. I’m not exactly sure why. It was only a few minutes behind, but it still annoyed me. Why couldn’t my iphone sync its time with an internet time server?? I know it … Continued

iphone asterisk sync

On my last post I described how I get my asterisk box to know the caller name from a csv data file. The thing is, my address book keeps changing on my iphone. People change their phone numbers, I meet … Continued