A personal overview of how smart contract formal verification works using Certora.
Using the Typescript compiler to catch missing Lambda permissions in a serverless CDK setup.
Thoughts on the need for secure operations and processes in the Ethereum space, including testing, deployment, administration, automation, and monitoring.
A survey of the different Ethereum smart contract upgrade patterns and strategies from a technical viewpoint, plus a set of good practices and recommendations for upgrades management and governance.
Faster development cycles by uploading code directly to lambdas and bypassing CloudFormation entirely in your AWS SAM serverless project.
The Gas Station Network, or GSN for short, is a decentralized solution for solving user onboarding to Ethereum applications. It allows you as an app developer to pay for your users' transactions...
In this post, we’ll go in depth into the CREATE2 opcode and its uses in counterfactual...
Deploying to production can be a stressful experience, especially if you don’t have a proper suite of tests to ensure that what you built will run smoothly.
This week started off with the finding of malicious code injected into a dependency of a popular open source npm package. The attacker found an inactive library, volunteered to help with the project, and published a compromised version.
Much has been discussed around proxy patterns and how to best achieve upgradeability in Ethereum smart contracts. The underlying idea is quite simple: instead of interacting with your smart contract directly...
With the first release of ZeppelinOS two months ago, the key issue we wanted to tackle was upgradeability: that is, the ability to modify the logic of a smart contract already deployed to the...
- | El Gato y la Caja | 🇦🇷
A people-friendly article on how bitcoin and blockchains work, written for a popular latin american science popularization blog.
As you are beginning with Ethereum development, and after going through some of the many excellent tutorial posts out there, you are faced with the challenge of building your first Ethereum-based app.
Today we witnessed a possible major attack on the Parity MultiSig contract. This follows a previous hack in July. Estimated losses may total over 500,000 ETH ($150 million USD), including over 300,000 ETH from the Web3 Foundation team.
Today, we witnessed the second largest hack, in terms of ETH stolen, in the history of the Ethereum network. As of 12:19 pm UTC, the attacker’s account had drained 153,037 ETH from three high-profile multi-signature...
Learn, engage and share
What did we do since new year?
Thoughts on the return of static typing to mainstream programming languages, and the goals of the Crystal language.
Manas Unified Principles and Practices (UPP) is an attempt to encode the good development practices we have gathered throughout 13 years of experience
October's hackathon theme at Manas was Facebook's GraphQL. In this post we share our impressions after a full day hands-on with this technology.
Simple steps to run your Crystal app on a Docker container
Recap of the presentations and discussions from the second Crystal language meetup in Buenos Aires on May 11th 2016.
We set up a Hackathon to built a one-day mobile app for iOS and Android, in order to test drive Facebook's React Native.
Recap of a training on InSTEDD platform tools to staff from the mobile VAM project in the World Food Programme
How to use Let's Encrypt Docker image to cron a process to renew certificates for hosts running behind an nginx reverse proxy.
Scripts for switching to and setting up a different database based on the current git branch in a Rails application.
We can all agree that logging is key in every setup: having useful logs from the components in your environment is your best tool in diagnosing issues and keeping track of the health of your applications. Of course, Docker-based deployments are no exception to this rule. In this post we will go through the options we have evaluated for configuring logging in Rails-based docker stacks, upon reaching an ELK stack. You are doing it wrong First of all, a piece of advice: regardless of the kind of so
Binding LAPACK from Crystal for implementing linear algebra routines
Implementation of a simple library for easily building reusable view components in Ruby on Rails.
Enhancing shapefiles with metadata extracted from the Geonames database, mixing simple Ruby and Python scripts along with PostgreSQL's PostGIS extension.
Facilitating the development of prototypes for ONE health by bringing together human and animal health experts with hackers in Epihack Tanzania 2014.
Among the client certificates present in an HSPD-12 smart card, you may find a Windows Smart Card Login certificate used for authentication, which has several particularities, one of them being storing the Subject Alternative Name (this is, the Windows logon and domain of the card’s owner) in an ASN1-encoded UTF8 string in a Microsoft extension (OID 184.108.40.206.4.1.3220.127.116.11). What does this mean? This means that if you attempt to extract the subject alternative name from the certificate using Ruby
Rails provides several handy options for specifying how to deal with associated models upon deletion, for example: class Blog has_many :posts, :dependent => :destroy end The destroy value for the dependent option will call the destroy method for every post in the blog when the blog itself is destroyed. Other options are delete or nullify, but the one we are interested in is restrict. By specifying a relation as dependent restrict, Rails will prevent us from destroying a particular object if
I was looking for an easy way to force every request in a functional test in Rails to use a set of parameters by default, regardless of being specified explicitly. This is, every time I write: it "should get index" do get :index end Rails should actually do: it "should get index" do get :index, :foo => 'value' end Lacking any option in the testing framework, I opted for simply monkeypatching the process method in ActionController::TestCase::Behaviour. This method is invoked whenever meth
Pacific Endeavor is a humanitarian communication workshop, organized by the US Pacific Command, which brings together military representatives from all SE Asia, NGOs and industry leaders. Its main goal is to improve the multi-national communications in HA/DR situations, based on the premise that communication is the foundation to a successful response. This workshop if part of the MCIP, Multinational Communications Interoperability Program: MCIP establishes a process that identifies and document
For those of you not familiar with it, Nuntium is an open-source tool we developed together with InSTEDD for easily building applications that rely on SMS for communication. Even though several other kinds of channels are supported, such as email or twitter, text messaging has been one of its most important features. A common scenario that we face is how to easily test the flow of text messages in a development or manual testing environment. While using a local gateway is a possibility, most li
After a long time, I have finally finished my thesis to get the MSc in Computer Science degree, from FCEN UBA. It has been almost a year since I started working in the thesis in the context of Manas Research, and before that I had been working on it for over another year within the computer science department. The text of the thesis, called A branch and cut algorithm for the Partitioned Coloring Problem, can be downloaded in English here. The slides (in Spanish) that I'll be using tomorrow to pr
One of our Rails applications has to consume an RSS. Nothing fancy here, we simply wanted to extract some fields from each item and store them in the PostgreSQL DB (app was hosted on heroku). Simply slicing the string seemed to work at first: summary = entry.summary[0...255] But soon we started obtaining PGError (incomplete multibyte character) when trying to persist our records in the DB. It seemed that the summary we were obtaining had a multibyte char in that position, and slicing the stri
One of the web applications we develop has support for multiple languages, and we got the request to have also the route names translated. As such, a user visiting the site in english and navigating to the stores page should be redirected to example.com/stores, whereas a spanish customer should see example.com/comercios in the URL bar. The main challenge we faced was how to update every ActionLink invocation to reflect the current user's language. This would require a huge amount of refactoring
The Gettext C# Utilities GNU project, containing convenient classes, templates, scripts and tools for easily implementing gettext i18n support for C# and ASP NET applications, has been polished up and version 1.0 is ready for download. I've written walkthroughs in the wiki pages detailing how to add gettext support for a simple console project, using a database as a resource storage instead of po files, and adding supoort to an ASP NET MVC application. I'll try to add a few more examples and do
How to use integer linear programming to solve the NP-complete graph coloring problem. Written in the context of my master's thesis.
As an intermezzo in the blog posts regarding my thesis, I'd like to point out an unexpected (or at least, unexpected for me) behaviour in Python's way of constructing default arguments. Suppose we have the following python class MyClass, with an initializer with a default list parameter: class MyClass: def __init__(self, list=): self.list = list What happens if we initialize two different instances of this class, and modify one of them by adding an item to its underlying list?
Before going into how to solve the partitioned graph coloring problem using integer linear programming (which is the goal of my thesis), I thought it would be a good idea to actually explain what is the partitioned graph coloring problem (or PCP from now on). Graphs and partitions First of all, graphs. Formally, a graph is defined as two sets: a set of nodes which compose the graph, and a set of edges between pairs of nodes. For example, the definition for the so-called diamond graph is the fo
Despite being able to simply provide a link to wikipedia's already excellent article on Linear Programming, I wanted to provide a short introduction in order to present what I am doing exactly on my thesis in a future article. Linear Programming is best described as a technique, in which we want to maximize or minimize an objective function subject to a set of constraints. It is called linear because both the objective function and the constraints are linear inequalities on the variables. And
Continuing with the tradition started by Beta two years ago here in Manas, I am now dedicating all my efforts to finish my thesis in order to obtain my MSc degree in Computer Science at FCEN-UBA. Having started it a few months ago, Manas generously started sponsoring my work in May, so I can deal with the last steps in the project and give it the finishing touch it deserves. This work gives Manas Research division a very different direction than the one Beta gave it. Whereas his work was in the
On the previous post I wrote a few lines on the basic usage of the accepts_nested_attributes_for method in rails models. I strongly recommend reading that post before this one if you haven’t. Although there is a standard way for deleting items, there is few information on how to deal with them on the model or the controllers without messing with the unprocessed parameters. I’ll try to go over some of the different ways for deleting (or rejecting) children. Do not create at all Before actually de
It’s been a while since the last time I wrote something here. I realize I’ve promised several posts which never got written, such as some experiments with bizarre random number generators, the architecture of the silverlight DynamicDeepZoom app we hacked toghether with Martin for Codecamp 09, and the full code for the silverlight PagingListBox (which I’m sure it must have been implemented in some toolkit out there by now). However, since I’ve been working with Ruby on Rails during the last month
Rails makes it easy to build HTML forms associated to a certain model. Simply using the form_for instruction on the view, writing a simple update method in the controller and setting validation logic on the model, makes standard CRUD operations incredibly easy to code. Since version 2.3, Rails also provides a convenient way of dealing with multi-model forms, specifically parent-children relations. Ryan has an excellent blog post on the subject, I strongly recommend taking a look at it before goi
In order to prevent the dreadful copy-paste habits in unit tests (remember, tests are also code, so all the good practices you use when writing code should also apply to tests) a common pattern to test similar behaviour when slightly changing the input is to extract the test itself into a separate method. The scenario Suppose we want to test the behaviour of a class in charge of setting a user’s position based on supplied lat/long values. <span style="color: #0000ff">interface</span> IUserLoca
In the last post I blogged about using gettext to internationalize strings in C#. However, using the Messages.T("Hello world") syntax in ASP.NET can be a little cumbersome. Luckily, ASP.NET controls can work as a solution for this issue. Adding a simple control which we will name just “t” (and place it in namespace “t” as well) that handles translation of strings contained within can prevent the need of the code syntax in an ASP.NET. Therefore, we can write <span style="color: #0000ff"><</span
We are in the process of dealing with the internationalization and localization of one of our open source web applications, which is fully developed using C# and ASP.NET MVC. Although ASP.NET already provides easy support for i18n via the usage of resx resource files, these are not very user friendly for translators. A resx file is actually just an XML, but there are not many open source tools oriented for translators to easily handle them. Therefore we decided to try GNU gettext. Gettext uses .
For those of you who attended to the talk (thanks a lot for attending, by the way), you may find in Codeplex project DynamicDeepZoom all the source code we used for the example we presented, as well as the presentation (in Spanish). And for those of you who didn't attend, we are uploading it anyway. Para los que asistieron a la charla (muchas gracias por su asistencia!), subimos al proyecto DynamicDeepZoom de Codeplex todo el código que utilizamos, al igual que el powerpoint. Y para los que no a
On September 26th, Martin Verzilli and I will be making a presentation at Microsoft CodeCamp event on Silverlight DeepZoom technology. The presentation will focus on exploiting a much underused feature of the deep zoom control, which is the ability to inject images generated at run time; these images being provided by a WCF server, which draws them using dynamic content rendered with WPF. Hopefully, more on this on a blog post soon! El 26 de Septiembre, junto a Martin Verzilli vamos a estar dand
One of the issues that arose during the integration process was how to maintain user identity when integrating between different systems. During the exercise, data was moved around anonymously, without having more than a display name describing an item's author; but for real world behaviour this is unacceptable. Therefore one of the many points (I cannot emphasize enough the word many here) that were left for work after the exercise was researching on a way to seamlessly allow users to use the d
This past week at Camp Roberts has been incredible. All of the groups present did an amazing work, and we got to test InSTEDD's GeoChat in a completely different scenario and integrate it with most of the other applications present to come up with a full cross-systems solution for distasters related scenarios. First challenge was the actual deployment of GeoChat. Since we were looking forward to develop several mashups on the fly, we took with us a separate version of the server so we could twea
This week Star Tides, in partnership with the Naval Postgraduate School, will be organizing a Concept-based Experimentation (CBE) in Camp Roberts (CA). The objective is to to analyze the state of the art of current social and information related applications in the context of humanitarian emergency scenarios. Invited to the event are Development Seed, Sahana, Google and InSTEDD, among others. As we at Manas have been working side by side with InSTEDD on the development of GeoChat and Riff, I got
I've started digging deeper into jQuery in the last weeks, and this plugin is the first result of it. It is a simple plugin that converts an HTML select into a bar with all the successive options, allows clicking on any of them to select it, and slides a background to cover that option and all of the previous ones. It's main use is allowing the selection of cumulative options. In the example above, turning on more options for notification in a web application, being the first way of communicatio
Many times we put all of our effort in developing an elegant solution to a certain problem we have, thus leaving testing to a second place, without too much consideration for it. Regardless of being using TDD or just creating unit tests for the already-written code, keeping tests as clean as the code should also be a major goal. Why do we bother coding “elegantly” in the first place? We don’t we just write the first chunk of code we come up with, as long as it works, but rather take great care i
I stumbled upon an excellent article by Martin Fowler in which he describes the difference between stubs and mocks, and afterwards the difference between classic and mockist TDD. Be warned, the article is a few years old, but still a highly recommendable reading. Test Objects In every unit test we usually focus the testing on a single object (SUT or System Under Test). This object, however, usually requires some collaborator objects (secondary objects) to performs its operations, and the correct
Some time ago I found a quotation by Buckminster Fuller: When I'm working on a problem, I never think about beauty. I think only how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong. Although Fuller had many titles – architect, author, designer, futurist, inventor, visionary - none of them was a programmer. Yet I believe this quote is an excellent representation of our work. The initial approach when coding must always be to pursue functional
After over a year of development, Neyun is finally out for public use. The site is currently in beta, and an invite (or beta request approved) is required to use it. Neyun is a rich web application that we have been developing along with Ary, Martin and Juan. It handles many web 2.0 services, such as Facebook, Digg, YouTube and even GMail, by importing, tagging and indexing your data. Its main attractive is the possibility of viewing all of your data in a single place, and allow easy navigation
One of the key components of any Silverlight (or WPF) application is XAML, as it serves as the definition for every visual element. Being a markup language intended to replace a bunch of UI-creating-code (remember WinForms?), it can quickly get out of control if not properly organized. After doing some research on the web and asking a few questions, I came up with a few guidelines which I’ll detail in this post. Static Resources Static resources are vital in order to avoid unnecessary code XAML
How a simple algorithm for generating a random output can be biased may be a very difficult analysis, and unless every step is carefully analyzed, randomness can be easily lost. In this post I'll go through some basics of probabilities, using an ideal coin-toss-generator, and create a completely useless integer generator just for the sake of this post. Note: Before you read the whole post, let me tell you that there is nothing on real techniques for random integer generation. The idea is to stu
(Since this post is about a Silverlight Tutorial Video published in Spanish for Microsoft Latin America and Universo Bit, I will write it in Spanish as well.) El diciembre pasado tuve la oportunidad de grabar un video introductorio de Silverlight para la iniciativa “Crecimiento Laboral” de Microsoft Lationamerica y Universo Bit. El video tiene una duracion de media hora, y muestra desde distintos sitios hechos en esta plataforma hasta como desarrollar desde cero un lector de feeds sencillo. Tecn
In my last post, I blogged about non-first normal form, SimpleDb in particular, and the problems that arose in the query language when dealing with multiple attributes, such as "a != b" not being the same as "not a = b". The SimpleDb team has now released a comfortable SQL like query language to be used for selecting data, in addition to the old language. What is most interesting about this language is how the multi-valued attributes issue is resolved, a problem that SQL (luckily) does not have
Normalization is one of the key concepts involved when designing a good relational database model. There is quite a lot of theory behind this relatively simple concept as you can see from the wikipedia article. To make a long story short, you have to evaluate the dependencies between different attributes (for instance, all attributes in a table depend on the primary key, but there can be many more dependencies among the attributes). These dependencies will result in a grade of normalization of
Last night I was a victim of the AVG8 bug that marked User32.dll as a trojan (just a false positive). What annoys me the most is not the bug per se, but the fact that AVG Heal option simply deleted the file without any warning or simply backuping it (just a "may lead to system inestability"), and that WXP just let him do it. Damn, it's a system file! Anyway, I've just found a blog with a good solution for those who keep a WXP CD next to their PC "just in case": When AVG have performed the same
The command pattern is a behavioural pattern that encapsulates a request made to a certain object inside a Command object. Each type of command knows how to Execute() itself, as well as its target instances. <%- blog_image "2008/10/image-thumb.png", full_image: "2008/10/image.png" %> In the example above, taken from the Gang of Four's Design Patterns, a PasteCommand would be associated to the Paste menu item. When the item is clicked, the command is executed, and, having a reference to the Docu
An interesting feature of Silverlight is how the interaction between visuals and logic (this is, between designers and developers) is handled. It uses a so-called Parts and States Model, which is ensured by a contract specified with attributes in the control class. Jesse Liberty has made an excellent short post on this subject, which I strongly recommend. And provided a link to a series of posts by Karen Corby which go much deeper into creating a custom control with its own contract. The last bl
For those of you not familiar with a treemap, it is simply a bunch of boxes somehow arranged inside a bigger box; each of them also contains its own set of smaller boxes, and so on. Each box has an associated weight that determines its size. It is a powerful tool to visualize your information, yet it can soon become overcomplicated, not to say absolutely chaotic. The first problem when you want to design a treemap is how to layout the boxes within the available region. Luckily this is an alread
A common scenario in the development of GUI applications is the presence of different events fired by the engine as the visual tree is constructed and rendered. And Silverlight, of course, is no exception. While WPF provides Initialized and Loaded events for all framework elements, Silverlight has only the latter. There is also a LayoutUpdated method, but (as we will see in a few moments) is not very useful. To check the order of the events fired by Silverlight when rendering the visual tree, I
A useful feature for most data-bound items presenting controls is the ability to page their data, by showing only the first n elements and requesting the rest on demand as the users scrolls down the view. This is specially useful when downloading each item is costly, and waiting until the whole collection is obtained to show the user the result demands too much patience from him. So I decided to implement this on Silverlight, as a way of continuing my old post on data binding, which ended with a
WPF introduced a new concept for managing properties which is dependency properties. Dependency properties can act as standard properties, but also offer a lot more functionality, such as data binding, assignment through resources, setters in styles, and a lot more. They also allow for easy extensibility since they can be declared in different classes than the types they affect, and can be set directly from XAML. Silverlight, of course, has inherited this, yet it has a subtle difference. In orde
Since Silverlight 2 Beta 2 introduced the WebClient class, I decided to refactor an application we had by replacing all references to HttpWebRequest with the new client. Its methods seemed much more simple and clear, and I didn't even need to write a wrapper helper class to make calls to the server. But, as it happens with every refactor, I ran across a few problems. The first thing I noticed was the fact that I the only method provided by the WebClient to send a stream of data in a POST to the
For almost any developer who has worked in GUIs the concept of data binding should be at least familiar. If you have an Article and want to show its code and price, you just place two textboxes bound to those properties and place some invisible magical control who ensures that the controls and the data objects are kept synchronized. As long as you didn't push it too far, it worked just fine, and allowed you to forget about some tedious GUI programming. Silverlight, of course, has its own flavor
Silverlight 2 Beta 2 has introduced a number of fixes, additions and changes to the previous Beta 1 version. As I said in a previous post, I believe the improved error handling and detailed exceptions are among the best improvements, and also the less commented. There have also been several improvements in Expression Blend, most of them regarding the Visual State Manager (which I'll describe in a few moments), but Scott Guthrie has already described them flawlessly. As for a detailed list of cha
One of the current most interesting technologies around is Microsoft Silverlight, whose intention is to provide a programmer and designer friendly way to develop web UIs. It is basically a subset of Windows Presentation Foundation, although it has a few minor differences that you will surely note along the way. If you aren't familiar to WPF either (as I was when I started trying Silverlight), it is a whole new paradigm that intends to replace WinForms. It defines each control through two files: