The Latest

Polymer Binding Cheat Sheet

You shouldn’t have to read so many words in Polymer’s docs to figure out how to get the binding you want. Time is precious. There’s code to review. Your hair is turning gray. Use my cheat sheet instead!

More…

Let’s Encrypt

I proudly installed my first GoDaddy cert back in 2014. A regular cert is only valid for a single specific site, in my case, spencerponte.com. It is not valid for subdomains like this blog. For that you would need a wildcard cert, which covers all subdomains as well. Unfortunately GoDaddy was charging more than four times the price of a regular cert to get a wildcard, so that was out of the question. Another option, buying two different certs also seemed expensive and annoying.

And so for the last couple years this blog has done without HTTPS. I’ve been learning a lot about Let’s Encrypt though, and decided to give it a shot. Let’s Encrypt is a new, free, open certificate authority that takes a different approach to validation.

More…

Detecting Proxy-Based Phishing

I recently learned about a new sophisticated type of phishing scheme. Traditionally, a scammer looking to steal information from someone has to go through the effort of building a fake website to spoof the target site. These spoof sites aren’t usually very good copies, so a victim can spot that something is amiss and leave. The new trend, however, is to load the target site through a proxy server. The victim is, for the most part, interacting with the real target site, with a couple catches.

  • The scammer can monitor whatever is submitted through forms on the site.
  • The scammer can modify any content as they see fit.

Wow, scary right? A scammer could be hijacking your user’s info and you may never even be aware that the proxy exists.

More…

Automating MySQL Backups with Bash

I’ve been putting more effort lately on disaster-planning, and a big part of that is having backups. Linode automatically backs up my entire system, but I noticed something troubling in their documentation:

This method is very reliable, but can fail to properly back up the data files for database services like MySQL. If the snapshot occurs during a transaction, the database’s files may be backed up in an unclean state.

Yikes! So while my system and files may be backed up, my databases- which mean everything to the various WordPress sites I host- could potentially be unrecoverable. That is no solution at all.

Following their advice, I decided to write a script I could use to automate this. mysqldump is the obvious tool for this job, and the output can be compressed with gzip to conserve space. The resulting bash script could then be added as a cron job to automate it.

More…

Debouncing Scroll Events with Request Animation Frame

I was working on an update to Redactor, the text editor used in Beam, that would allow the toolbar to stay visible even when scrolling on long pages. Correctly positioning the toolbar would require using a callback that would need to fire every time the browser was scrolled or resized. Which works, but there’s a problem.

More…