Gonçalo Valério

Month: July 2015

  • Integrating security tests into web applications

    Today I published a blog post about how to easily run and automate security tests while developing your websites and web applications using Zed Attack Proxy. The example uses Ruby on Rails framework but it is independent of any stack. I’m planning to write a follow up article on the same theme, so any feedback on this first part is welcome. You can check the blog post here (whitesmith.co/blog) and the sample code here (Github).

  • “Bloat”

    Last week I’ve read a great post entitled “Web Design: The First 100 Years“, it is a long one but definitely worth reading. I will just leave here a quote (3 short paragraphs) because it puts into words something that already crossed my mind multiple times.

    “A further symptom of our exponential hangover is bloat. As soon as a system shows signs of performance, developers will add enough abstraction to make it borderline unusable. Software forever remains at the limits of what people will put up with. Developers and designers together create overweight systems in hopes that the hardware will catch up in time and cover their mistakes.

    We complained for years that browsers couldn’t do layout and javascript consistently. As soon as that got fixed, we got busy writing libraries that reimplemented the browser within itself, only slower.

    It’s 2014, and consider one hot blogging site, Medium. On a late-model computer it takes me ten seconds for a Medium page (which is literally a formatted text file) to load and render. This experience was faster in the sixties.” Maciej Cegłowski

  • Disable Firefox’s pocket integration

    Firefox has been my browser of choice for quite some time now. However recent decisions made by Mozilla are increasing my desire to change soon. They added “ads” on the “new tab page”, changed the UI to just look like chrome, decided to include DRM directly into the browser (more on that), etc. The last one was to include Pocket, a proprietary service, directly into the open-source browser.

    While this service might be useful for many users, other people do not like/use it. This kind of functionality should be relegated to pluggable extensions, one of the features that in its early days gave notoriety to Firefox. So a browser that was supposed to be light, open-source and extensible is slowly starting to drift apart from its initial strengths. This post describes in a short way what seems to be happening.

    Somebody yesterday wrote a rant about it with some valid points and concerns. So here’s how I disabled pockets in my browser:

    1. Write “about:config” in the address bar.
    2. Click “I will be careful, I promise“.
    3. Search for “pocket“.
    4. Modify it like is shown in the picture bellow.
    5. Restart the browser.

    disable-pocket

    Small extra: if you, like me, don’t like the tab style that just looks like chrome, you can switch to the development theme by changing the line “browser.devedition.theme.enabled” to true. Want the dark theme? Change the line “devtools.theme” to “dark“.

    Now lets hope that Mozilla puts an end to this series of bad decisions in a near future.

    Note: In Firefox v40 the development theme is no longer available (or at least accessible), so to use it you will need an extension.