Top 20 Hacker and Designer News 2014

Last year around this same date I started The Hacker and Designer News newsletter as a weekly curated recap of the what I thought were the best articles from Hacker News and Designer News on startups, entrepreneurship, hacks, programming, design, etc. I built and open sourced an aggregator to help me collect posts. I later built using that same aggregator to view the current top posts on both sites side-by-side.

Learned a couple of things from building a newsletter, missed a couple along the way, but definitely looking forward to ramp up subscribers throughout 2015. If you still haven’t, feel free to check out past issues and subscribe.

Check out below the Top 20 Hacker and Designer News for 2014.

The Hacker and Designer News

File Uploads + CORS + IE


Supporting Internet Explorer is always kind of a drag, but sometimes you just have to. Adding to the mixture file uploads via AJAX and CORS only make it that much more fun.

When dealing with AJAX file uploads I always seem to keep going back to jQuery File Upload. Making these file uploads work on IE require fallback to using an iframe, which is supposed to work automatically almost right of the box. I encountered some issues, maybe it was the slack of sleep, reading outdated Stack Overflow answers or simply not understanding the documentation that well.

If the origin domain is different than the file upload server domain, CORS comes into play and there are some known limitations and issues on IE 8 and IE 9. In Internet Explorer 8, the XDomainRequest object was introduced to allow safe AJAX cross-origin requests directly by ensuring that HTTP Responses can only be read by the current page if the data source indicates that the response is public. Responses indicate their willingness to allow cross domain access by including the Access-Control-Allow-Origin HTTP response header with value *, or the exact origin of the calling page.This blog post lists and describes the restrictions and reasoning behind them, but these two are the ones that bit me recently.

  • Only text/plain is supported for the request’s Content-Type header – This means that your API endpoint will have to be adjusted to be able to parse whatever data you send in the request. In my case I was returning a JSON response with an application/json content type, but after figuring this out I had to change the content type of that response to text/plain. On the client side that meant manually parsing the response data as JSON using  $.parseJSON.
  • Requests must be targeted to the same scheme as the hosting page – Once I thought I had everything working I was still getting hit by a couple of errors. Turns out I was generating a request from http to an https endpoint on different domain.
  • The target URL must be accessed using only the HTTP methods GET and POST

Now comes jQuery File Upload into play.

File Upload widget with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads and client-side image resizing. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads.

Cross-domain file uploads on IE 8 and 9 use the Iframe Transport plugin that requires a redirect back to the origin server to retrieve the upload results. The example implementation includes a result.html that works for this. The repository includes the jQuery XDomainRequest Transport plugin which is required to enable cross-domain AJAX requests in IE 8 and 9. Internet Explorer 10 and above supports CORS using XMLHTTPRequest.

The tricky part here for me was ;“requires a redirect back to the origin server”. I had the results.html file in place but nothing was happening. Taking a look at the sample server implementations I noticed that in order for this to work I had to redirect the response to the location of the results.html including the response JSON I would normally return as a response but as a query parameter. The results.html enables jQuery File Upload to access the results from the iframe.

Here are a couple of excerpts that might help understand.

Photo by John Trainor

Backup OpenPGP keys on paper


Recently I remember I was keeping a backup of my OpenPGP keys on an external hard drive that any day now could just cease to work. After my first attempts with PGP/GPG where I lost my private keys and could no longer revoke them, I wasn’t planning on loosing another one again.

After reading what others did to store their private PGP keys, I figured that the best way to store them was on paper. That’s where paperkey comes along. Paperkey is an OpenPGP key archiver by David Shaw, one of the main GPG developers.

What does paperkey do?

Due to metadata and redundancy, OpenPGP secret keys are significantly larger than just the “secret bits”. In fact, the secret key contains a complete copy of the public key. Since the public key generally doesn’t need to be escrowed (most people have many copies of it on various keyservers, web pages, etc), only extracting the secret parts can be a real advantage.

Paperkey extracts just those secret bytes and prints them. To reconstruct, you re-enter those bytes (whether by hand, OCR, QR code, or the like) and paperkey can use them to transform your existing public key into a secret key.

So to try it out, I installed it via homebrew.

brew install paperkey

Take the secret key in secret-key.gpg and generate a text file my-key-text-file.txt that contains the secret data:

paperkey --secret-key secret-key.gpg --output my-key-text-file.txt

I then printed the resulting text file and stored it somewhere safe.

To reconstruct secret-key.gpg, take the secret key data in my-key-text-file.txt and combine it with public-key.gpg:

paperkey --pubring public-key.gpg --secrets my-key-text-file.txt --output secret-key.gpg

I also stored a digital copy of my secret key on a new USB flash drive.

Bonus: You could also print a QR code of the paperkey output.

brew install qrencode
paperkey --secret-key secret-key.gpg --output-type raw | qrencode -o qr-paperkey.png

By the way, I’m in no way an #expert in PGP/GPG or security in general.

How do you backup your PGP keys?

My talk on JSON Web Tokens at DjangoCon US 2014

I had a great time at DjangoCon US 2014. Lots of first times.

  1. First time at DjangoCon
  2. First time speaking at DjangoCon
  3. First time speaking in front of “large” crowd.
  4. First time visiting the west coast
  5. First time visiting Portland

Special thanks to Blimp for enabling me to do this. Thanks to the DSF’s grant which made the trip financially possible. Thanks Froi and Sasha for coming along, all the support, and making the trip way more fun.

Last but not least thanks to my beautiful fiancée, Ana, for always supporting me and still loving me even though I missed her birthday for the first time because of this trip.

Here’s the video

You can find the slides on Speaker Deck.

We also got a few attendees to help us write down some notes during the event. Check them out.

There also a couple photos I took of the whole trip on Facebook.

Django REST framework Sprint at DjangoCon US 2014


This’ll be my first time attending and speaking at DjangoCon US. I’ll be talking about JSON Web Tokens, Django, and Django REST Framework.

I’ve been talking about working on a Sprint for Django REST Framework with Tom Christie on Twitter. Tom pointed out a list of decent candidates to work on if we get some people together. We’ll have a tagged list of obvious bug candidates before the sprint. He’s also planning on helping us out remotely those days.

It seems like a great idea to celebrate the successful Django REST framework 3 campaign on Kickstarter and with the timing of DjangoCon, “kickstart” the development of upcoming versions.

So, I’m recruiting anyone who’d be interested and available in working together. Everyone’s welcome to join in – if you use Django REST framework and would like to become more familiar with its internals while working together with other developers with various levels of expertise. Sprints will be held Friday and Saturday Sep 5-6.

If you’re interested please send me an email so we can start getting organized. If you know someone who might be interested please share this with them.


Issues have been tagged and include a brief description of how to progress the ticket for the sprint.