Disqus - Latest Comments for kumar303

Re: Nigel Babu

kumar303 — Thu, 04 Dec 2014 23:43:27 -0000

It's worth mentioning that this happened due to ALL of Mozilla meeting up at once, an event that hasn't happened (due to logistics) for about three years -- thus, the frequency of commits perhaps has not been this low for a long time. It's an ironic reminder of how many people are constantly and relentlessly improving Firefox.

Re: lloyd.io - Leaving Mozilla

kumar303 — Tue, 18 Feb 2014 16:21:29 -0000

Great to work with you, Lloyd

Re: José Padilla - Authentication with JSON Web Tokens

kumar303 — Thu, 23 Jan 2014 12:22:22 -0000

This is a deal breaker for me. Why allow someone to intercept a JWT and perform any request they want to? The concept behind JWT is that you sign a request with a shared secret key. The receiving end can verify the signature of *the entire request* before trusting the request. That would be a much better way to use JWTs IMHO. I know it is challenging when dealing with browser to server communication because you'd maybe have to put a shared secret on the browser-side code in order to sign every request to the API and that is less secure (the shared secret is the key to the kingdom).

I think JWTs (and other request signing strategies like Hawk) are better suited to server to server communication where you can keep the shared secret secure.

Re: My JSConf Diary

kumar303 — Fri, 31 May 2013 11:54:38 -0000

RE: speaking at conferences. Most exciting tech conferences these days get utterly overwhelmed by submissions so they have to make painful cuts. I'd suggest submitting to bigger conferences that have been around for a while and that may not look very interesting to attend. These generally have a higher capacity to accept talks. Also, embellish talk outlines as much as possible. When judges are presented with hard decisions, the more depth of info you give them the better, even if you won't end up talking about it all. At the end, it's somewhat of a lottery so keep trying! I've seen plenty of talks that were poorly done / boring and should have never been accepted; there are no hard and fast rules.

Re: How I manage my bugmail with gmail

kumar303 — Thu, 04 Oct 2012 13:53:56 -0000

Hi Margaret. This is great. I do it like this too. I seeded mine from Wil's filters (which are pretty much like yours) https://github.com/clouserw... This was a nice way to get started and Wil usually passes this to new team members / contributors to get them started too.

Re: Firefox OS Marketplace leaks in current form, shows shopping Gecko-style

kumar303 — Fri, 07 Sep 2012 16:03:25 -0000

html5 Facebook was only slow because iOS's WebUIView has the JIT removed and lacks many optimizations that Mobile Safari has. All major browser engines (including Gecko) have had a JIT for years now.

Re: Firefox OS Marketplace leaks in current form, shows shopping Gecko-style

kumar303 — Fri, 07 Sep 2012 15:59:40 -0000

because WebOS was not based on standard JavaScript APIs - everything was custom. Firefox OS uses existing HTML5 apis or creates new ones with a standards track. The difference is that the majority of existing browser based apps on the web will work in Firefox OS without changes. Firefox OS was open from day one. WebOS was not. Key difference.

Re: Mozilla Marketplace goes live, install web apps like native PC apps

kumar303 — Tue, 12 Jun 2012 18:43:08 -0000

that's exactly why the Mozilla Marketplace exists: we believe you should install (or buy) an app once then be able to run it on all of your HTML5 platforms. An app you buy from the marketplace isn't limited to Firefox, it works on any modern HTML5 environment including Chrome and IE9. You get a rich experience by running an app in our native bootstrap for Mac, Windows, and Linux. You also get a rich experience in Boot To Gecko (an upcoming mobile OS written in HTML5/JS). Web browser bookmarks can't do that and Chrome OS isn't trying to do that.

Re: Mozilla and PyPI

kumar303 — Fri, 23 Sep 2011 10:56:56 -0000

Using rpms is pretty common. The Services group at Mozilla who runs the Firefox Sync cluster deploy all Python packages with rpm. There is a lot of support for building rpms in distutils and some advanced support now in distribute I think.

Re: Mozilla and PyPI

kumar303 — Thu, 22 Sep 2011 17:11:48 -0000

I do like committing all packages to git because they are right there at your fingertips and can be tagged with your releases, etc. But running your own PyPI server w/ a download cache accomplishes the same thing, network wise. When you depend on version X you put it on your own isolated, controlled PyPI. When you upgrade the webheads, you only pull in newer packages not already in the cache. This is the same network time as pulling deltas from git. However, to Erik's point, it is especially nice to link to hashes in external git submodules when a package is not version-released often. To james' point, using specific version numbers in a requirements file would pin down dependencies in the same way.

Re: Mozilla and PyPI

kumar303 — Thu, 22 Sep 2011 13:40:19 -0000

A download cache and a custom PyPI server solves everything. At my old job we used our own PyPI server and configured that in pip with --index-url or something. It works great and there are many easy ways to host your own index: http://pypi.python.org/pypi...

Re: Mozilla and PyPI

kumar303 — Thu, 22 Sep 2011 13:15:05 -0000

Hey Alex, Mozilla is very involved in the Python ecosystem so it must seem strange that we don't use pip in production. I say this as one who was arguing to use pip for deployment. The problem with addons.mozilla.org and other sites is that they run on many webheads (about 26 currently). Running pip install on each webhead every time you want to deploy is, well, not webscale. This is what IT said. My response was: hey let's just set up a shared download cache and host our own PyPI repository! They said: then we'd have to set up / maintain a download cache and a PyPI server :( So, yeah, our current use case is fully supported by pip it just so happens that we're lazy and using git accomplished the same thing without the need for maintaining a more complex system. Now, don't even get me started about the network problems we have contacting github. Sigh. We ended up having to setup and maintain our own git mirror so there you have it. Six in one half dozen in the other.

Re: Large django sites at mozilla - Andy McKay (djangocon.eu) — Reinout van Rees' website

kumar303 — Mon, 06 Jun 2011 08:19:19 -0000

Awesome write-up! The tool that combines pep8 and pyflakes is check.py https://github.com/jbalogh/...

Re: Doug Hellmann: virtualenvwrapper.tmpenv 1.0

kumar303 — Sat, 16 Apr 2011 18:12:30 -0000

This is super nice!

Re: PyCon 2011: Supporting All Versions of Python All The Time With Tox - PyCon US Videos - 2009, 2010, 2011 - blip.tv

kumar303 — Tue, 15 Mar 2011 01:15:43 -0000

The slides get cut off towards the end but you can follow them here: http://farmdev.com/talks/tox/

Re: http://davedash.com/2010/11/19/pythonic-string-formatting-in-javascript/

kumar303 — Tue, 30 Nov 2010 14:48:45 -0000

in older IEs this would probably kill a site since regular expressions are dog slow but thankfully on AMO we don't have to care much!

Re: Why I don’t write my slides in HTML

kumar303 — Wed, 17 Nov 2010 14:54:05 -0000

Yeah s5 is pretty sweet. It handles a lot of resolution issues except it doesn't rescale images. I use it for all my talks and then publish the slides because even though it's a different experience, people can still get some info from reading slides. I get a lot of emails about how helpful my slides are from a talk about unicode in python. Because it is HTML it ranks high in search results.

Re: http://davedash.com/2010/10/30/siddhartha:-the-fifth-month/

kumar303 — Sat, 30 Oct 2010 13:13:42 -0000

dd! I'd recognize your house just by those sneakers

Re: So what is the job I am going to?

kumar303 — Fri, 29 Oct 2010 15:10:52 -0000

hey Chris, welcome! I am a newbie myself on the WebDev team. After also going through a few rounds of interviews recently I wanted to say you are spot on with how wrong this "intimidation" strategy is for conducting job interviews. I've even worked alongside people who conducted interviews like this, purposefully putting on a d-bag attitude just to see if the applicant could survive in what they thought would be a realistic interaction one might have with a future co-worker. No thanks! It struck me as well that despite being a building full of smart and successful engineers, everyone I talked to at Mozilla HQ was extremely humble and not afraid to admit their faults or weaknesses. I walked away thinking, that's a group of people that I can learn a lot from.

Re: How OpenID works

kumar303 — Fri, 19 Dec 2008 02:33:52 -0000

Is there any support for a non-redirecting workflow? Say, for an AJAX site where a sound might be playing in the background? (i.e. http://www.thesixtyone.com/) Sites like this already use a popover to let the user login and create an account.

Re: A nose plugin to run JUnit tests via Jython.

kumar303 — Mon, 13 Oct 2008 12:29:24 -0000

Not sure if you are interested in gaining "user share" from the Java community but I have a feeling you'd be hard pressed to pull Java users away from Test-NG unless they were already working mostly in Python. TestNG offers a lot of features that Nose doesn't have. The nice ones that come to mind: re-running just failing tests, fancy grouping that goes a little beyond nose's attr plugin, and better tests-in-parallel support. In fact, I'd love to see some of these features in Nose.

Re: I hate slashdot: Python 3000 is incompatible?!!!

kumar303 — Fri, 01 Feb 2008 15:19:05 -0000

what's slightly more alarming is the article that got slashdotted doesn't mention anything about the 2to3 migration script. I also just noticed that googling "python 2 to 3 migration script" gives you no useful information whatsoever. Not to mention, googling "python 2to3" gives you a confusing svn repository layout.