Our Blog

Job opening: Web developer

By Jon Jensen
May 13, 2015

This position has been filled. See our active job listings here.

We are looking for another talented software developer to consult with our clients and develop their web applications in AngularJS, Node.js, Ruby on Rails, and other technologies. If you like to focus on solving business problems and can take responsibility for getting a job done well without intensive oversight, please read on!

What is in it for you?

• Flexible full-time work hours
• Health insurance benefit
• Paid holidays and vacation
• 401(k) retirement savings plan (U.S. employees)
• Annual bonus opportunity
• Ability to move without being tied to your job location

What you will be doing:

• Work from your home office, or from our offices in New York City and the Tennessee Tri-Cities area
• Consult with clients to determine their web application needs
• Build, test, release, and maintain web applications for our clients
• Work with open source tools and contribute back as opportunity arises
• Use your desktop platform of choice: Linux, Mac OS X, Windows
• Learn and put to use new technologies
• Direct much of your own work

What you will need:

• Professional experience building reliable server-side apps in Ruby on Rails, Node.js and Express, Django, CakePHP, etc.
• Good front-end web skills with …

Non-English Google Earth Layers on the Liquid Galaxy

By Josh Ausborne
May 12, 2015

The availability to activate layers within Google Earth is one of the things that makes Earth so powerful. In fact, there are many standard layers that are built into Earth, including weather, roads, place names, etc. There are also some additional layers that have some really interesting information, including one I noticed relatively recently called “Appalachian Mountaintop Removal” which is interesting to me now that I live in Tennessee.

As you can see, however, that while some of these available layers are interesting on a desktop, they’re not necessarily very visually appealing on a Liquid Galaxy. We have identified a standard set of layers to enable and disable within Earth so that things don’t appear too cluttered while running. Some things we’ve disabled by default are the weather and the roads, as well as many levels of place names and boundaries. For example, we have boundaries of countries and water bodies enabled, but don’t want lines drawn for states, provinces, counties, or other areas such as those.

To disable these layers, we modify the GECommonSettings.conf file on the machines that running Earth. This file has everything pretty well spelled out in a …

Raw Packet Manipulation with Scapy

By Kirk Harr
April 29, 2015

Installation

Scapy is a Python-based packet manipulation tool which has a number of useful features for those looking to perform raw TCP/IP requests and analysis. To get Scapy installed in your environment the best options are to either build from the distributed zip of the current version, or there are also some pre-built packages for Red Hat and Debian derived linux OS.

Using Scapy

When getting started with Scapy, it’s useful to start to understand how all the aspects of the connection get encapsulated into the Python syntax. Here is an example of creating a simple IP request:

Welcome to Scapy (2.2.0)
>>> a=IP(ttl=10)
>>> a
<IP  ttl=10 |>
>>> a.dst="10.1.0.1"
>>> a
<IP  ttl=10 dst=10.1.0.1 |>
>>> a.src
'10.1.0.2'
>>> a.ttl
10

In this case I created a single request which was point from one host on my network to the default gateway on the same network. Scapy will allow the capability to create any TCP/IP request in raw form. There are a huge number of possible options for Scapy that can be applied, as well as huge number of possible packet types defined. The documentation with these options and …

Protect Interchange Passwords with Bcrypt

By Mark Johnson
April 28, 2015

Interchange default configurations have not done a good job of keeping up with the best available password security for its user accounts. Typically, there are two account profiles associated with a standard Interchange installation: one for admin users (access table) where the password is stored using Perl’s crypt() command (bad); and one for customers (userdb) where the password isn’t encrypted at all (even worse). Other hashing algorithms have long been available (MD5, salted MD5, SHA1) but are not used by default and have for some time not been useful protection. Part of this is convenience (tools for retrieving passwords and ability to distribute links into user assets) and part is inertia. And no small part was the absence of a strong cryptographic option for password storage until the addition of Bcrypt to the account management module.

The challenge we face in protecting passwords is that hardware continues to advance at a rapid rate, and with more computational power and storage capacity, brute-force attacks become increasingly effective and widely available. Jeff Jarmoc’s Enough with the Salts provides some excellent discussion and background on the subject. To counter …

RailsConf 2015 for the non-Attendee

By Steph Skardal
April 28, 2015

This blog post is really for myself. Because I had the unique experience of bringing a baby to a conference, I made an extra effort to talk to other attendees about what sessions shouldn’t be missed. Here are the top takeaways from the conference that I recommend (in no particular order):

• Watch DHH’s Keynote
• … and Aaron Patterson Keynote
• Watch Kent Beck’s Keynote
• Amelia Bedelia Learns to Code, by Kylie Stradley, was a popular talk from day 1. Video link forthcoming.
• Watch Shipping Ruby Apps with Docker by Bryan Helmkamp. This video was strongly recommended before jumping into Docker, which was a trendy topic in dev-ops talks.
• Watch Justin Searls’ talk Sometimes a Controller is Just a Controller.
• Watch Sandi Metz’s talk Nothing is Something.
• Read this book by Don Norman if you care about UX. Joe Mastey recommended it in his talk, Bringing UX to Your Code.
• Yehuda Katz & Tom Dale’s talk, How Rust Helped us Write Better Ruby was standing room only. Video link forthcoming. Also check out their fireside chat on Ember.js.
• Riding Rails for 10 Years by John Duff gives a great history of the evolution of Rails in the Shopify codebase.

Right now, the videos are all unedited from …

How to Bring a Baby to a Tech Conference

By Steph Skardal
April 27, 2015

Last week, I brought my 4 month old to RailsConf. In a game-day decision, rather than drag a two year old and husband along on the ~5 hour drive and send the dogs to boarding, we decided it would ultimately be easier on everyone (except maybe me) if I attended the conference with the baby, especially since a good amount of the conference would be live-streamed.

Daily morning photos at the conference.

While I was there, I was asked often how it was bringing a baby to a conference, so I decided to write a blog post. As with all parenting advice, the circumstances are a strong factor in how the experience turned out. RailsConf is a casual three-day multi-track tech conference with many breaks and social events—​it’s as much about socialization as it is about technical know-how. This is not my first baby and not my first time at RailsConf, so I had some idea of what I might be getting into. Minus a few minor squeaks, baby Skardal was sleeping or sitting happily throughout the conference.

Here’s what I [qualitatively] perceived to be the reaction of others attending the conference to baby Skardal:

In list form:

• Didn’t Notice: Probably about 50% didn’t notice I had a baby, especially …

RailsConf 2015—​Atlanta: Day Three

By Steph Skardal
April 23, 2015

Today, RailsConf concluded here in Atlanta. The day started with the reveal of this year’s Ruby Heroes, followed by a Rails Core panel. Watch the video here.

On Trailblazer

One interesting talk I attended was See You on The Trail by Nick Sutterer, sponsored by Engine Yard, a talk where he introduced Trailblazer. Trailblazer is an abstraction layer on top of Rails that introduces a few additional layers that build on the MVC convention. I appreciated several of the arguments he made during the talk:

• MVC is a simple level of abstraction that allows developers to get up and running efficiently. The problem is that everything goes into those three buckets, and as the application gets more complex, the simplified structure of MVC doesn’t answer on how to organize logic like authorization and validation.
• Nick made the argument that DHH is wrong when says that microservices are the answer to troublesome monolithic apps. Nick’s answer is a more structured, organized OO application.
• Rails devs often say “Rails is simple”, but Nick made the argument that Rails is easy (subjective) but not simple (objective). While Rails follows convention with the idea that transitioning between developers …

RailsConf 2015—​Atlanta: Day Two

By Steph Skardal
April 22, 2015

It’s day 2 of RailsConf 2015 in Atlanta! I made it through day 1!

The day started with Aaron Patterson’s keynote (watch it here). He covered features he’s been working on including auto parallel testing, cache compiled views, integration test performance, and “soup to nuts“ performance. Aaron is always good at starting his talk with self-deprecation and humor followed by sharing his extensive performance work supported by lots of numbers.

On Hiring

One talk I attended today was “Why We’re Bad At Hiring (And How To Fix It)” by @kerrizor of Living Social (slides here, video here). I was originally planning on attending a different talk, but a fellow conference attendee suggested this one. A few gems (not Ruby gems) from this talk were:

• Imagine your company as a small terrarium. If you are a very small team, hiring one person can drastically affect the environment, while hiring one person will be less influential for larger companies. I liked this analogy.
• Stay away from monocultures (e.g. the banana monoculture) and avoid hiring employees just like you.
• Understand how your hiring process may bias you to reject specific candidates. For example, requiring a GitHub account may bias …