14 Oct 2014
I came across Blue Mail when I was looking for better-than-the-default email clients for my Android device. Pretty interface, handled my IMAP settings well, nifty turn-any-message-into-a-reminder functionality.
No support for aliases or identities was a bummer – the address I want my messages coming from does not exactly match the hostname of my mail server. But when I emailed the support folks about it, I got a quick reply about it coming soon.
Fast forward a few weeks when I was noodling around and wondering what sort of network traffic my phone was doing when I did routine tasks. I ran a tcpdump on my home router to capture some traffic and loaded it up into Wireshark to investigate.
Most of the traffic looked familiar: IMAP and SMTP to my mail servers, HTTP to some web hosts I browsed. But there was a connection to port 10101 on an address that resolved to an AWS host. The payload was garbled – probably TLS. What was it?
This handy StackExchange page gave me the info I needed to find out.
brew install android-sdk and
android update sdk --no-ui --filter 'platform-tools' later, I could fire up
adb shell and grep for
2775 (hex of 10101 base 10) in
/proc/*/net/tcp6 to find the culprit. Another StackExchange page helped me map the UID to the process name. Which was
com.trtf.blue – Blue Mail.
I asked Blue Mail support why the client was connected to this host/port and they said “Blue Mail uses AWS currently for its proxy / push services, which are secured and encrypted.” Then I asked them if I could disable by changing the “Push or Fetch” setting to “Fetch” in my account settings.
This is where things went off the rails a bit. Instead of saying “Yes” or “No, we need to do this for Blue Mail’s awesome features like storing reminders,” I got some enthusiastic but evasive responses about how a client-only solution can’t do things like send scheduled emails when my device is turned off and that “Blue Mail is a modern Email service that will feature dozens of such capabilities”.
I appreciate that the (anonymous) developers of this app have big plans for their service (and that they claim not to store my emails on their servers) but the combination of their evasive responses, no available information about who is actually developing the app (the domain is registered via Domains By Proxy), and an unknown amount of my info flowing to places I don’t control means no more Blue Mail for me.
01 Oct 2014
As you can see by looking at the date on my most recent blog post before this one, it’s been a while. After eight years at Ning and then fifteen months taking a break, I’m excited to be jumping back into freelancing and consulting.
I’ll be focusing on helping clients with software engineering, distributed systems, and engineering culture problems. And perhaps writing something interesting here more than once every four years.
29 Sep 2010
At work, we added a language filter to Ning Pro last month. It lets Network Creators have naughty words (for the Network Creator’s definition of “naughty”) replaced with * characters.
A straightforward way to do this in PHP is to pass an array of words to look for and their replacements to a function like str_replace() or str_ireplace(). Or, similarly, use a regular expression that gloms the search terms together (and potentially checks word boundaries.) There are assorted WordPress plugins that work like this.
The problem with this approach is that it’s really slow. Especially if you have a lot of words you’re looking for. The amount of time it takes to do the search and replace grows in proportion to the number of words you’re looking for. This is particularly unfortunate because usually, none of the words are ever found!
For our language filter, we took a different approach. We’ve packaged it up into a PHP extension called Boxwood and releasing it today as open source. (Find it on github: http://github.com/ning/boxwood.)
With Boxwood, you can have your list of search terms be as long as you like – the search and replace algorithm doesn’t get slower with more words on the list of words to look for. It works by building a trie of all the search terms and then scans your subject text just once, walking down elements of the trie and comparing them to characters in your text. It supports US-ASCII and UTF-8, case-sensitive or insensitive matching, and has some English-centric word boundary checking logic.
Take it for a drive and let us know what you think!
04 May 2010
I just posted on the Ning code blog about the PHP microbenchmarking framework we released:
I'm pleased to announce the release of ub, a PHP microbenchmarking framework. You can download it from http://github.com/ning/ub.
The goal is to make it as easy as possible to compare the runtime of alternative approaches to the same problem, such as different regular expressions, or different methods for string or array manipulation.
The source distribution contains a README with some documentation and a bunch of sample benchmarks.
For normal use, it is rare that two similar, but different approaches produce appreciable differences in runtime. (Inefficient regexes and bloated call stacks aside.) The payoff from this kind of benchmarking is really on operations that happen hundreds or thousands of times in a request, or are happening on hundreds or thousands of servers. At that point, shaving off small amounts of runtime performance can really make a difference.
I am looking forward to beef up the set of included benchmarks -- contributions are welcome!
16 Sep 2008
I presented my Static and Dynamic Analysis at Ning talk today at the 2008 Zend/PHP Conference. The conference is much bigger this year than last, very exciting to see all the different things people are doing.
The slides from my talk are available at http://www.sklar.com/files/static-dynamic-analysis-zendcon-2008.pdf .
03 Jun 2008
Here are some links that are related to the Editor/IDE panel I’m on today at the 2008 DC PHP Conference:
11 Apr 2008
Chris often cites this xkcd cartoon in security talks, since it’s a) funny and b) a good example of SQL Injection.
I was curious to see what sorts of shenanigans one can get away with in a legal name. I’m still waiting to hear back from the NYC agency that issues birth certificates but here’s what the US Social Security Agency told me:
The maximum number of characters to be shown on the Social Security number (SSN) card for the first and middle name is 26; the maximum number of characters for the last name is 26. Full names will not be reduced to initials unless the combination of first and middle names exceeds 26 characters. The only acceptable characters are alphas, hyphens, and apostrophes. The SSN card will be printed as entered into the enumeration system, but the SSN record will not display the hyphens/apostrophes.
So with hyphens and apostrophes you might be able to get away with a little syntax error mischief, I suppose.
Turns out the SSA has really detailed public documentation of all their procedures.
28 Mar 2008
I had never heard of Haskell Curry before I read the preface to SICP just now, but it occurs to me that his distinction of having each of his names (first and last) turned into a term used in the discipline he studied (Haskell the programming language and Curry the operation) is sort of like how Glenn Seaborg, working at LBL, could have a letter addressed to him using element names (seaborgium / lawrencium berkelium / californium / americium.)
Who else can you think of that falls into this admittedly fuzzy-edged bucket?
14 Nov 2007
How many different ways (in PHP) are there to concatenate the string values in two variables and put the result in a third variable?
Here are a few to start:
$alice = $bob . $charlie;
$alice = "$bob$charlie";
$alice = sprintf('%s%s', $bob, $charlie);
ob_start(); echo $bob, $charlie; $alice = ob_get_clean();
$alice = implode('', array($bob,$charlie));
I would say something like “Of course, this entire exercise is just for fun and in practice is totally useless,” but whenever I start out thinking that something actually productive eventually emerges. So perhaps this is totally useless, perhaps not!
08 Nov 2007
The slides from my “API Design in PHP” talk at the 2007 DC PHP Conference are up at http://www.sklar.com/files/dcphp-2007-api-design.pdf. Enjoy!