Background

Several months ago when I was working on FoursquareNotifier, I was made aware of a fairly significant issue with using SSL through cURL. API calls to Foursquare require SSL, which is perfectly fine and a good idea for many API-driven applications. However, all the common examples for how to make API calls to Foursquare (including the PHP classes recommended by Foursquare itself), included setting some innocent-looking, poorly-explained, and potentially dangerous settings. Namely, curl_setopt(CURLOPT_SSL_VERIFYPEER, false). This tells cURL to stop caring who answers its request, as long as they use SSL, breaking one of the basic cryptography assumptions that SSL is supposed to provide.

Read more of this post »

Sit down, you're rocking the boat

My office recently employed the services of an ergonomics consultant & physical therapist to evaluate our workstations. I signed up to make sure that I had all my heights correctly set, and heard some disappointing news.

Read more of this post »

I was in a talk at the Kansas City Developers Conference about unit testing patterns, and it something came up in the conversation that was new to me, so I figured I'd share. Unit testing frameworks are, at their core, large try/catch blocks. Errors or unmet assertions are converted into framework-specific exceptions, and then caught. The test runner then marks those exception-throwing tests as failed/skipped/etc...

Read more of this post »