I was prototyping using TMDb for film search in One to Watch to solve the problem of Freebase’s API going away. While doing this I noticed that the memory usage of the app was going up significantly every time I opened a film’s details view.
Using the Allocations tool in Instruments, I could see that the memory was increasing in a staircase like manner. Looking at the memory listing shown in Instruments, it was clear that this stepping was caused by decoded PNG images, used to display the cover art. Each time the details view was shown, another 3MB PNG image appeared in Instruments.
One to Watch, my app to help you remember films you want to watch, uses Freebase when it’s searching for films. Freebase is an amazing database, built on community data. Google bought Freebase a few years ago, and made Freebase into the basis of Knowledge Graph. Up until now, this hasn’t been a problem; Google kept the old Freebase API up and running, albeit at new URLs.
However, by chance when updating some URL handling code in One to Watch, I was checking the Freebase API and noticed:
Moonpig, an online greetings card company suffered a security vulnerability. While the vulnerability was serious, far worse was the company’s deliberately misleading statement in response to the disclosure:
We are aware of claims re customer data and can confirm that all password and payment information is and has always been safe.
— Moonpig (@MoonpigUK) January 6, 2015
Indeed this tiny subset of information was “safe”. What was leaked was all other personal information held by Moonpig about every customer. Much worse than a password or a credit card that can be easily changed. That the company issues a statement like this indicates how little they care about their customers.
Slate is a window management tool for OS X. It differs from most because it’s designed to offer customisation over sensible defaults. In short, to use a hackneyed phrase: a programmer’s window manager.
There are two ways to configure Slate: a declarative way and using Javascript. I use JS, and recently uploaded my configuration to Github. I think Slate’s an awesome tool, so I wanted to go through how I use it.
I’d love to use Docker and, particularly, Fig. The deployment of even this site would be much simpler if I could update individual containers rather than having a somewhat complex set of services running together on a single host.
As of now, however, I’m starting to lose trust in Docker’s security team.
In October, Docker, Inc. announced that version 1.3 of the docker tool would verify container images downloaded from the central docker image repository: