Jeremy Morgan

My Blog about Programming, Tech, SEO, Marketing and whatever else I come up with.

What Is Heartbleed?

On April 7th a security advisory was released titled “TLS heartbeat read overrun” (CVE-2014-0160) and it’s received a lot of attention in the IT community and the general public. Here’s a quick explanation of what Heartbleed is, and what it means for you.

Why are so many people talking about this?

"What is Heartbleed?" There are several reasons Heartbleed has received so much press. It’s a security exploit with a very wide reach, which means a lot of people are affected. It was also given a cool but somewhat scary name and a logo.

In other words it’s an exploit with marketing. This is a good thing because it gets the non technical public involved and that’s usually a great challenge.

According to the OpenSSL security advisory, Heartbleed is:

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Which doesn’t mean a lot to most people. Heartbleed is a bug with OpenSSL software, which is open source software used to secure communications on the internet. It allows an attacker to read chunks of memory on a web server they couldn’t otherwise read.

The Heartbeat Process

In short, here is how the heartbeat process works. A message is sent between the client (you) and a web server. It specifies the size and content of a message, and if the second server is functioning, it will return that same message back. This is done to make sure the connection is still present.

Here is an illustration of that process and how it theoretically operates:

"What is Heartbleed?"

In heartbeat process Server A prepares a message it expects to get in return and specifies the size of the message. If Server B does not respond, then the “heartbeat” is lost and it’s assumed the server is down. If it does respond it will send back the same message so Server A knows everything is ok.

Under an ideal situation Server B would send back the original message and nothing else.

The Heartbleed bug

Where the bug comes in is the size specification of the original message. If an attacker alters that size, they can send a message and receive back whatever size they asked for up to 65,536 bytes. This information is leaked from the Web Server’s memory, so it can contain RSA keys, usernames passwords or any other sensitive information.

Here’s a diagram of an attack:

"What is Heartbleed?"

It’s not exactly this simple, but similar. If the attacker finds encrypted information they can also find the keys, and a well executed attack can garner large amounts of information.

Who is Affected?

This affects any server using OpenSSL 1.0.1 and 1.0.2-beta. Since this exploit has been around for a couple years its unclear how many machines are truly affected. The safest bet is to change any password you can.

Here’s a list of passwords you should change right now.

Should I Panic?

No. This bug is being patched quickly and as long as you change your passwords you should be fine. Your personal computer is unlikely to be affected by this.


Do you like articles like this?

I’m constantly hacking on stuff and writing about happenings in the programmer world. You can subscribe to my feed here, or you can get the programmer newsletter 100% spam free!

How to Learn Computer Programming

So you want to be a computer programmer? Want to write software? Here is how you can get started with this awesome hobby / profession right away, for next to nothing. I first wrote this article back in 2008 and a lot has changed since then, so I decided to start it over completely.

Want to get started now? Head on over to Code School and use this coupon for a free two day pass!

Tips for getting started

"how to learn computer programming" If I were to narrow down the two things that will ultimately determine your success here it’s this:

1. Don’t get into it for the money. We all know that software jobs pay well. I’m not saying you shouldn’t try to get the best pay possible once you’ve built your skills but if this is the primary reason you want to get into it, don’t bother. There are two approaches to programming:

  1. I want to learn how to write software to build (blank) or solve (blank) and maybe someday be paid to do it.
  2. I want to make more money by becoming a software developer.

The first one is really the only way to go. Be honest with yourself about this. Being a developer takes intense commitment, beyond what you imagine going in. There are many skilled professions where you reach “mastery” and you remain employable for decades, even the rest of your life. Software is not one of them. Your base knowledge of development grows and lasts decades, but applicable skills have a much smaller shelf life and you must study and improve your craft on your own time. This takes dedication and passion that money simply won’t provide.

Those who get into it purely for money tend to get disgruntled, fail to keep up with trends or new technologies, and burn out eventually. They also have to constantly compete with those who are truly passionate.

2. Learn from a text editor.

Whether it’s HTML or Assembler writing plain text is the only way to learn and understand what’s going on with the program. You must break out the development environment and start hacking away.

"how to learn computer programming" When you learn coding through an IDE (Integrated Development Environment) there are too many shortcuts and auto-completes that mask what’s really going on. You can build things quickly, but you don’t really know what’s happening with it.

Write it out by hand, watch it break, and fix it when it does. It’s worth the time.

I even recommend this for C#/ASP learning. While Visual Studio is arguably the best IDE ever created, it doesn’t help beginners. I learned C# with Notepad++ and csc.exe. Now that I have the experience I use Visual Studio every day, but as a beginner it would have hampered my learning.

Use a text editor first! Then learn the IDE. You’ll thank me later.

What do you want to build?

This is the first choice you must make when approaching development. You don’t have to stick with this choice forever but you have to start somewhere. Here are some of the categories of software development, and you should start with which ever one you’re most excited about:

  • Web Development
  • Desktop Development
  • Mobile Development
  • Server Development

These can be broken down even further, and there are always niche categories such as BIOS programming, data processing and other specializations. But these are the areas I’m going to tackle in this series.

Part 1: Web Development

"how to learn computer programming" Ok, time to make another decision! There are a few basic routes you can go. You’ll need to decide which stack you’ll be going for (at least at first)

  • Linux Stack
  • Microsoft Stack

There are advantages and disadvantages to both, which I will outline here.

Then you must decide which are of web development you want to focus on, at least at first.

  • Frontend Web Development - Pages, Design, GUIs, the stuff you see
  • Backend Web Development - Databases, APIs, behind the scenes stuff.

There’s no reason you can’t learn Frontend and Backend on Linux and Microsoft stacks, and in fact you should. But it will take a considerable amount of time to accomplish this so it’s best if you pick one area and focus on that first.

Backend (Server Side) Web Development

Linux Stack

"how to learn computer programming"

The Linux stack is a set of technologies generally used on the Linux operating system platform. Though these technologies will all run on Windows as well, they’re generally better supported on Linux hosting and have much better tooling and debugging in Linux environments.

Note:

You don’t need to run Linux on your development machine to write software for it, but it does help. Give it a try!

Advantages of using the Linux Stack

Everything is free - Other than paying for hosting (which you may not even have to do that) these tools are free. Many of the tools you use to develop on them will also be free. This is great when you’re just getting your feet wet in programming.

The Linux Developer Community- Linux is the OS of choice for many developers, and they are passionate about development and helping others. For those just starting out, you’ll find a ton of activity in this world and lots of help online.

It’s open source- Most of the projects you’ll find on Linux are open source, meaning you can dig into the code and really see how it works. You can make changes to it, fix problems and share source code freely on the internet. This philosophy has drastically changed programming and made software far better.

It’s Fun- Though I’m a Microsoft .Net developer for a living, I still use Linux all the time. I’m writing this in Arch Linux on my laptop. It’s because I’m a constant tinkerer at heart and I love to change and tweak everything. I also love to optimize my environment for peak results. You can squeeze a lot more performance out of your hardware with Linux.

Disadvantages of the Linux Stack

Many large companies use the Microsoft Stack - The Microsoft .Net Framework is a robust, mature, and stable platform for development. It also meshes well with other Microsoft products, so it’s used heavily in the business world. If you work for one of these companies or want to work for them, if they’re primarily Microsoft your Linux skills won’t be very helpful. But don’t give up yet, there are many large companies using Linux as well, or a mix of both.

Fragmentation - The downside of everyone doing their own thing is that it becomes fragmented. Certain technologies mesh well together, and some don’t. What might be a standard way of using a piece of software can be far different from others.

Abandoned Projects - There are many abandoned projects in this realm because people will group together to work on something and get bored, there will be some infighting, or there will be a lack of interest by the community. When this happens, the software is dead. If something is useful and good someone may pick it up or fork it but there are no guarantees. Remember these people are working for free!

Lack of Documentation - This is something that seems to be improving by the day. But there are some projects that lack good documentation and it’s a struggle to get things working. Again, these people are doing this for free and you didn’t pay anything so you can’t really expect support. You can help, however by sharing everything you learn about it.

Sometimes things just don’t work - You’ll find software packages that don’t work or they are missing key features. Since there is no commercial backing, there may be less motivation to fix it. If you’re an edge case and you have a special need there may not be enough demand for anyone to care. This is an opportunity for you when you become a better developer, as you can pitch in to fix things or add features.

This includes too many platforms to list them all, but it’s mostly

  • PHP
  • Python
  • Ruby

These are the predominant web languages on the net, and they are all awesome in their own way. All of these languages are relatively easy to learn and have great resources for doing so. They also offer great frameworks when you’re ready to build large scale applications.


Where to learn PHP:

"How to Learn PHP"



Where to learn Python:

"How to Learn Python"



Where to learn Ruby:

"How to Learn Ruby"




These are just a few of the languages in use, but the most common. Pick one you feel comfortable with and find something to build with it! The more you build, the more you’ll learn along the way and run into problems which will help you learn even more.

Microsoft Stack

"how to learn computer programming"

The Microsoft Stack is an organized ecosystem revolving around Microsoft products. But that’s not such a bad thing as I’ll explain. It is a true ecosystem in that everything is designed to work together, and for the most part it does. It consists of:

  • The .Net Framework
  • C#
  • VB.Net
  • TypeScript
  • ASP.Net (combination of these technologies

Note: While ASP.Net is now incorporating other languages, such as all the languages above (PHP, Python, Ruby) for the most part right now the majority of Microsoft web development still revolves around the technologies and languages listed above.

Advantages of the Microsoft Stack

It’s backed by a large, successful company - We all know who Microsoft is, and whether you love them or hate them they’re pretty successful. That means they have a lot of resources and talent to throw at this stuff. In recent years there has been a huge push to get more developers in this realm and the improvements are astounding.

It’s an ecosystem - many developers argue whether this is a good thing or not, but this environment is very interconnected and everything is designed to play well together. There are set standards and best practices, and an established way of doing things that you don’t find with a more fragmented environment.

Big business loves it - Backing from Microsoft, solid standards, and reliable structure attract big business to the .Net ecosystem. Many companies like the fact that you can rely on this technology and help is a phone call away. They also like the fact that Microsoft’s reputation is liable when releasing a product so in most cases it tests things very thoroughly before they’re released into the wild.

It’s very solid - There are faster and more scaleable platforms in the Linux world for the price, and development itself can be faster but .Net applications are rock solid when built correctly. Things like strong typing, excellent debugging and profiling tools, picky compilers, and a vast knowledgebase contribute to quality software that people can rely on. You can build just as solid software on Linux, but .Net development pushes you to build great code by default. You have to try harder to build sloppy software on this platform.

The Tools - The tools are ridiculously good for .Net development. The Visual Studio IDE is unmatched in my opinion for a development environment. Debugging and profiling tools help you squeeze every bit of performance and security. And hobbyists can get express versions of these tools for free.

Disdvantages of the Microsoft Stack

It’s backed by a large, successful company - There are disadvantages to an ecosystem being built around a company and some of those do surface here. Often times projects that don’t get adopted enough to generate numbers die a quick death. Some things are done in the company’s best interest and not every programmer agrees. Some think Microsoft is evil and it’s not as popular with the younger, hipper programming crowds.

It can be expensive - Running a Microsoft shop has a lot of advantages, but it doesn’t come cheap. This can dissuade a lot of smaller companies and startups from using it. But this disadvantage is being rectified with a little known program: students can get software free through Dream Spark and startups can use BizSpark to get software for free.

Web Hosting is not as common - You can’t throw a rock without it hitting a Linux based web host, but good ASP hosts are much harder to find. If they do host ASP it’s either more expensive or outdated and neglected. I’ve been hosting with Arvixe .Net Web Hosting for over a year without any of those problems. But they are a diamond in the rough.

It’s harder - You can grab a quick book on PHP and slap together a website in a couple days. That’s great for your personal blog or a recipe site. In ASP there is a lot more to learn and it’s lot more finicky. Not only is there a lot of aggregate things to learn, but the environment is much more strict, so you need to learn it well. Also you have to incorporate a lot more Computer Science related thinking to what you’re building. This isn’t exactly a bad thing but it can be daunting for beginners.

So you still want to do it? Keep reading!

How to learn ASP.Net

"How to Learn ASP.Net"

ASP.Net is the combination of Microsoft languages and technologies related to the web. Funny enough, the website ASP.Net is a fantastic resource for learning the ropes. But here are a few other places you can go to learn more.

C# is the predominant language for .Net backend programming and I highly recommend learning it. VB.Net is easier to learn but it’s just not as well suited for scaling and object oriented programming as C# is. F# is Microsoft’s functional language that’s still in it’s beginning stages, but can be a great solution in some cases. TypeScript is Microsoft’s language for scaleable enterprise JavaScript.


Where to learn C#:


Where to learn F#:


Where to learn TypeScript:


Where to learn VB.Net (If you must)



If you want to get started with Microsoft stack development for cheap, check out Visual Studio and get an express edition for free. You can also sign up to Windows Azure and get 10 free websites.

Frontend (Client Side) Web Development

"How to Learn HTML 5"

Anyone who says frontend development isn’t real programming hasn’t done it in a while. These days JavaScript and HTML5 are more robust and complex than ever, providing solid functionality to what used to be plain web pages. In fact, frontend development is the fastest growing arena and probably the best place to go in the future.

Here’s what you’ll need to know:


Where to Learn HTML 5


Where to Learn CSS 3


Where to Learn JavaScript


This just scratches the surface of what comprises frontend development. There are being strides made every day, and many frameworks are being developed to make frontend development for Web and mobile devices more powerful than ever.


General Programming and Development

For general programming and development knowledge, the following sites are great for getting a nice foundation in software development.


Summary

I hope this has given you enough information for getting started in computer programming. I’ve been doing it since I was a teenager, and I get paid to do it now and it still seems like I’m just having fun. It’s a very rewarding and challenging field to get into.

You might be asking: why on earth are you doing this and creating competition for yourself? I’ve been asked that several times about this blog in general and the answer is simple: there aren’t enough of us. Developer jobs are increasing faster than than amount of people who can fill them. I see this as an opportunity for people to better their lives, especially in developing countries so if someone is interested in being a developer, I’m more than happy to help them out.

Let me know what you think in the comments, or contact me.


Do you like articles like this?

I’m constantly hacking on stuff and writing about happenings in the programmer world. You can subscribe to my feed here, or you can get the programmer newsletter 100% spam free!

Getting Started With AngularJS

Lately I’ve been playing around a little with AngularJS, and I’m pretty impressed. It’s amazing how many time saving features and structure this framework brings to your applications. I decided to build an app to calculate AdSense earnings, and I’ll demonstrate it here.

Just How Fast Are GitHub Pages?

Recently GitHub rolled out some improvements to GitHub Pages, their free static page hosting service. As this is a static site I’ve recently had a lot of interest in static hosts and seeing which ones might be the best. I decided to do a comparison and see how some major services, including GitHub pages serve up static content. I was a bit surprised.

Taking a Look at Year End Analytics

So I have started to pull down some of my stats from 2013. While most people are somewhat secretive with their analytics, I can show mine and share some of what I’ve learned over the last year, and what I did right, as well as what I did wrong.

Hazardous Attitudes in Software Development

With software projects it’s rare that a failure points to a single cause or person. Usually it’s a culmination of many smaller mistakes. With technology and formal project management best practices are usually well documented and available. One thing that isn’t talked about as much is attitude. The attitude of persons in your group or your group as a whole is one of the biggest factors of your success.