Archive for Web Development

Coinbase Bug Bounty Award

Coinbase is one of the best Bitcoin related sites/services. They’re certainly the easiest way to buy or sell Bitcoin if you have a U.S. bank account. When I saw their Bug Bounty program where they offer $1,000 USD worth of Bitcoin if you find a security vulnerability, it improved my trust in their security, but of course also made me want to look for security bugs…

Read the rest of this entry »

Add A Comment

How to unit test AJAX Requests with QUnit and Sinon.JS

We write QUnit tests for Close.io, a big Backbone.js app, to help avoid introducing bugs. Pretty quickly when testing front-end JavaScript code you’ll have to deal with how to test asynchronous callbacks and especially code related to AJAX/XHR requests and how their responses are handled. Here are some basic examples of how to use Sinon.JS to handle this.
Read the rest of this entry »

Comments (3)

How to allow direct file uploads from JavaScript to Amazon S3 signed by Python

On Close.io we originally implemented Filepicker.io to allow for file uploads while sending emails. While it was a quick way to get started with file uploading initially, after several minutes of downtime of their API and then an unannounced change in their JSON response format, I was reminded once again that you shouldn’t to rely on small startups for critical parts of your tech infrastructure.

There’s nothing wrong with filepicker.io if you want to use a lot of their features, but in our case we just needed to allow simple uploading of files to our own AWS S3 bucket. Here’s how:
Read the rest of this entry »

Comments (11)

Guest post on TechCrunch: Full-Stack Web Team

I had my first guest post on TechCrunch last week! Here’s an excerpt:

There is often confusion about the various roles of a web engineering team. I have had to explain, even to technical recruiters, the differences between these roles and that the lines that separate them are often fuzzy. I thought I’d share the framework I like to use to evaluate whether someone is a good fit for a startup’s technical team.

In a startup, you can’t afford to have people who are only able to do one thing. Someone could be adept at writing HTML/CSS, but if they don’t have a great eye for design or know JavaScript well, it’s just not worth having them on the core team. Similarly, somebody who knows a little bit of everything but isn’t advanced in anything will just drag the team down.

The size of the company or startup will determine how many different hats each engineer must wear. Many startups get off the ground with a single founder who does a little bit of everything until he or she can grow the team. It’s also possible to outsource some roles completely. Just as cloud-hosting providers such as Amazon Web Services have drastically reduced the need for hardware/network engineers in web startups, platforms like Heroku take it further and (for a price) can reduce sysadmin and DevOps work almost entirely in the beginning.

In pretty much every case, when a startup grows, people will inevitably start specializing. Even those rare gems, who in the early days can spend the first half of the day in Photoshop and the second half scaling a database, will eventually specialize at least somewhat. If you’re hiring well, you’ll always find someone who can outperform you in at least one area.

I’m a big fan of “full stack” people and think specializing too much, too early, is a bad sign for startups. At Elastic, each of our engineers has written CSS and done database/server management. It’s good when a problem arises for there to be more than one person capable of fixing it. That said, I’m spending the bulk of my day writing in JavaScript/Backbone.js because I enjoy it much more than a coworker who’d rather be in Python as much as possible. That’s healthy and it works.

You can read the rest over there.

Add A Comment

Stripe CTF 2.0 – Web Security

I did Stripe’s Capture the Flag 2.0 this year, “a security contest where you can try your hand at discovering and exploiting vulnerabilities in mock web applications”.

It was a lot of fun. Some of the levels were quite challenging and I had to figure out how to actually implement an exploit vulnerability that I’d only read about in passing before. Each level makes you both a) figure out what the vulnerability is, and b) actually exploit it. One thing that the Stripe guys did a nice job at was spreading out the challenges between PHP, browser JavaScript, node.js, Python, and Ruby, so that developers from any one language wouldn’t have an advantage.
Read the rest of this entry »

Add A Comment

Uploading static assets (CSS/JS) to S3 for CloudFront CDN

For a new Backbone.js + Flask project I’m using grunt + grunt-contrib, RequireJS’s r.js, Flask-Assets / webassets for static file (LESS/CSS, JS) compilation. But I needed a good way to get my nicely optimized static files onto a CDN and serving proper HTTP headers.

Using the excellent s3cmd tool, here’s what I came up with.

This example will break for browsers/proxies that don’t support gzip, but this is fine for my needs. Any other solution would either require a custom origin web server or writing different filenames in HTML depending on the request coming in. But since I want to use S3 as my origin this is the easiest/simplest solution.

Since all assets are “built” with a md5 version number hash in the file name, I want far futures headers to cache permanently.

Add A Comment

PhilFreo.com v3 (and past versions)

I setup my first personal webpage (philfreo.com) in 2004 when I was in high school. It’s had some server-side includes and a tiny amount of logic written in ASP. It looked like this:

I redesigned it once in 2006 during my Yahoo! internship, and it looked like this:

And there my website sat from 2006 until 2012. That’s forever in internet years!

So here we are in the summer of 2012 – time for a redesign! Nothing too fancy, just clean up the styles to be more modern and representative of the current web. It should tell people about the 2012 Phil Freo rather than the high school or college version of me. It should no longer focused on my freelance website design (where I once dominated SEO for terms like “gainesville web design” and “jacksonville web design”) and now more focused on my work with startups, modern full-stack web development, and my blog.

You’re probably looking at the new site now, but for archival purposes, here are some screenshots:

Homepage:

Blog article page:

Add A Comment

Wedding Website & Invitations

I launched my first new website in a very long time, and also designed some matching print work. This time the client was tougher than usual. But she was also cuter than usual so it was worth it…

Read the rest of this entry »

Add A Comment

New Job with Startup: Old School Industries

I just accepted a full-time position at a small startup in San Francisco as a lead Developer and Product Manager.  The company is called Old School Industries LLC and is a combination of two businesses: Quizlet and Collectors Weekly.

Read the rest of this entry »

Comments (6)

Technologies I’ve worked with in 2009

One benefit of doing freelance development work is that I get the opportunity to get involved in many different technologies and frameworks in a short amount of time.

Since the year is over… here’s a quick list of 15 technologies/frameworks that I got to learn in 2009 alone, during my last year in college.

Read the rest of this entry »

Add A Comment

« Previous entries Next Page » Next Page »