Skip to main content

Benjamin Oakes

Photo of Ben Oakes

Hi, I'm Ben Oakes and this is my geek blog. Currently, I'm a Ruby/JavaScript Developer at Liaison. Previously, I was a Developer at Continuity and Hedgeye, a Research Assistant in the Early Social Cognition Lab at Yale University and a student at the University of Iowa. I also organize TechCorridor.io, ICRuby, OpenHack Iowa City, and previously organized NewHaven.rb. I have an amazing wife named Danielle Oakes.

Blog

What is the Liskov Substitution Principle?

by Ben

Functions that use pointers or references to base classes must be able to use objects of derived classes without knowing it.

Source: What is the Liskov Substitution Principle?

How to win at Tetris (and code)

by Ben

Problems in our code are less like “debt” & more like the clutter of unfilled lines that accumulate in Tetris, slowly but surely reducing our maneuvering room.

Source: How to win at Tetris (and code)

Tetris as a metaphor for technical debt.

Kiba, a lightweight Ruby ETL framework

by Ben

Writing reliable, concise, well-tested & maintainable data-processing code is tricky.  Kiba lets you define & run such high-quality ETL (Extract-Transform-Load) jobs.

Source: Kiba

Related: square/ETL

Google announces the first practical technique for generating a SHA-1 collision

by Ben

This is big news.

We hope that our practical attack against SHA-1 will finally convince the industry that it is urgent to move to safer alternatives such as SHA-256.

Source: Announcing the first SHA1 collision – Google Online Security Blog

The technology community still uses SHA-1 for many things.  One of the most concerning implications of this team’s technique is that it implies attacks against Git, which uses SHA-1 for every commit.  Imagine if you had a tag (a SHA-1 sum) that referred to two different sets of changes: a benign changeset on your machine and a malicious changeset on GitHub.  Then you deploy that tag and the malicious code runs instead of the code you expected.

As far as I know, such an attack on Git hasn’t been demonstrated yet, but in theory, I think you could replace a SHA-1 commit as I described.  I bet someone will demonstrate that someday.  (Think of padding files with bogus comments until you get the checksum you want.)  It would be difficult (though not impossible) to switch Git to SHA-256, but I don’t know of any efforts to do that — though Git 2.11 is starting to acknowledge that abbreviated SHA-1 checksums do collide in practice.

Will such an attack happen today or tomorrow?  Probably not; it takes a huge amount of resources right now.  However, computation is cheaper than ever; I bet attackers will start to use services like Travis CI for computations like this, like I’ve heard is starting to be done with Bitcoin mining in pull requests on open source projects.

The best mitigation I’m currently aware of is cryptographically signing your commits, and this may be a catalyst for that to become standard practice.

JWT: JSON Web Tokens

by Ben

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

Source: JWT.IO

If you think good architecture is expensive, try bad architecture

by Ben

Source: Daniel Bryant on Twitter

Black Bean, Tofu, Spinach Miracle

by Ben

Ingredients:

1 package wild rice
3 tablespoons olive oil
1 onion, diced
Spices, to taste
Garlic powder
Basil
Sage
Oregano
Thyme
Tumeric
Black pepper
Parsley
Ginger
Coriander
1 pound extra firm tofu, drained and cubed
1 package mushrooms
1 (16 ounce) can black beans, drained
1 package spinach or kale

Directions:

Cook rice according to package directions.
Heat oil in frying pan or wok over medium heat. Add onion and spices.
Add tofu and sauté.
Add mushrooms and black beans once tofu begins to brown.
Add kale or spinach.
Combine rice with the tofu mixture and simmer briefly.

Also good in spinach flavored wraps.

10 simple ways to use less oil

by Ben

This entry comes by popular request. A lot of people have been asking what they can do to use less oil, and reduce demand for the sticky stuff ruining beaches everywhere. Here’s my top ten, feel free to add to it in comments:1. Carpool, cycle or use public transport to go to work.2. Choose, when possible, products packaged …

Source: 10 simple ways to use less oil | Greenpeace International

Wood waste alcohol converted to jet fuel, used in Alaska Airlines test flight

by Ben

Airlines are slowly experimenting with alternative fuel mixtures to reduce greenhouse gases.

Source: Wood waste alcohol converted to jet fuel, used in Alaska Airlines test flight | Ars Technica

Face This Prospect: The End of Electric Car Incentives

by Ben

Plug-in vehicle sales un the US hit an all-time record of 159,000 units in 2016. That’s encouraging, but we are still in early days with EVs representing less than 1 percent of the new car market. It’s hard to know if the upward trend will continue, especially considering the many unpredictable factors, most notably gas prices. But what unfortunately seems very likely in the coming years is a systematic attempt to reverse incentives and other legislation that supports cleaner transportation.

Source: Face This Prospect: The End of Electric Car Incentives