Weak Diffie-Hellman

It came to light back in May that an exploit was possible whereby an attacker could force a server to downgrade its encryption to “export-grade”. I remember something about it at the time, but I don’t remember thinking it was a big deal.

Boy was I wrong.

The problem is that many servers use the same Diffie-Hellman groups for key exchange. An attacker with a large amount of computing power could pre-compute most of the bits needed to break the most common DH groups, and then use a man-in-the-middle to force a connection into a 512-bit export-grade mode… and then break it.

See Weak Diffie-Hellman and the Logjam Attack for details.

(And of course, removing export-grade DH from my servers has caused me to break many things…)


Individuals and interactions over processes and tools
and we have mandatory processes and tools to control how those individuals (we prefer the term ‘resources’) interact

Working software over comprehensive documentation
as long as that software is comprehensively documented

Customer collaboration over contract negotiation
within the boundaries of strict contracts, of course, and subject to rigorous change control

Responding to change over following a plan
provided a detailed plan is in place to respond to the change, and it is followed precisely

From: http://www.halfarsedagilemanifesto.org/

Converting to Mac?

Jonathan Dowland, a Debian user for over 10 years, has converted to a Mac. Why? Functionality. He finds the operating system easier to use.

And I’m not terribly surprised. I did the same 7 or 8 years ago.

I ran GNU/Linux as my primary desktop at home for a bunch of years. I went through Gentoo and Ubuntu. I ran a business on it using GnuCash, a program I love and still use today (on OS X!). But over time, the list of tools I needed that were only available on proprietary systems like Windows and OS X grew larger. In a fit of whimsy, I had my employer buy me a Macbook Pro. And I haven’t looked back.

No that’s a lie. I look back regularly. I love the idea of free software. I have a photo of Richard Stallman hanging on the wall by the office door reminding me every morning as I walk in to hack something and do some good. I have the Fixer’s Manifesto beside it reminding me that if I can’t fix it, I don’t own it. Like OS X. And the Macbook Pro hardware.

But damn if it isn’t really nice hardware. And a very functional operating system.

Today, my primary “work” computer is an iMac. My primary “home” computer is a Mac mini. My primary laptop is a Macbook Pro.

But I’m trying.

Is TDD dead?

Spoiler alert: Hell no.

If you haven’t noticed, there’s been a pretty major nerd-spat playing out in certain corners of the internet. On the one side, Rails creator David Heinemeier Hansson believes that TDD is a waste of time and energy, and encourages poorly designed software. On the other side, many people of consequence disagree. Some respectfully (Kent Beck and Martin Fowler). Others not so much (Rob C. Martin).

Find DHH’s incindiary post here. Note his use of clever rhetoric like, “This is not better.” Also note that most of his arguments rest on his point that module isolation is a Bad Thing – a point that runs contrary to most modern software development (and a fair bit of not-so-modern stuff too). See also: Object Oriented Analysis and Design, Object Oriented Programming, SOLID principles, and pretty much everything else that isn’t high-school grade code.

Find a 5-part debate between DHH, Kent Beck, and Martin Fowler here. Enjoy 3 hours of Beck and Fowler politely patting DHH’s head as he repeats over and over what I summarize as: “TDD is bad because I don’t like it!” and “TDD is bad because it produces code that I think is bad!”

Rob C. Martin weighs in several times, but my favorite is here. His conclusion uses the word “professional”. That particular word struck a chord with enough folks that he had to clarify and almost retract what he had said. Too bad.


For the record, when possible, Small Army Of Nerds Corp. practices professional TDD. And though I find the word a little goofy, I fall squarely in the “mockist” camp. Unit tests test units – little to nothing else.

A visual guide to the SOLID principles

An excellent set of images to help you remember the SOLID principles.

At this point, naturally, I removed my pants and the guy started screaming at me about police and indecent exposure. Confused, I said, “look, I’m just trying to pay you — I’ll hand you my pants and you go rummaging around in my pockets until you find my wallet, which you’ll take out and go looking through for cash.


Our new home!

Thanks to Merlin Mann and Back to Work for getting me hooked on Squarespace. “Just hit a few buttons and you’ve got a website.”

I expect the site to grow a little beyond the stock templates once I get someone in with an eye for design. Until then, no more “programmer art”. I promise.