hoodwink.d enhanced


Zed Goes Off About Mongrel #

by why in cult

Hey, alright. Lots of good stuff in this interview with Zed Shaw, the trainer of the Mongrel web server. We don’t get to hear much from him, because he really is incredibly productive. But it’s good to hear about his design choices behind Mongrel.

In the EastMedia/VeriSign project we were seeing a bunch of attack attempts from a “security company”. [...] After they ran the automated scans we saw a few “hand coded” attacks which probably means someone at this “security company” was very intrigued by what Mongrel was doing.

The funniest part of this is that all Mongrel does is use a correctly coded parser based on a real grammar and a parser generator (Ragel). Other web servers use hand coded HTTP parsers that turn out to be vulnerable, difficult to compare to the real HTTP 1.1 RFC grammar, and are just a pain to manage. Using Ragel makes Mongrel robust against many of these attacks without actually having to create specific logic for detecting “attacks”.

His comments on managing your open source projects are fantastic. One line in particular: If I KMFU (Know My F*ing Users) they won’t have to RTFM. File this next to Danly Roo and MINASWAN.

said on 17 May 2006 at 14:14

Zedas is the man!

said on 18 May 2006 at 05:33

Rock on, Zed!

said on 18 May 2006 at 09:07

Glad to see someone’s doing it right.

said on 21 May 2006 at 20:32

Excellent interview and excellent Blog Zed! Keep up the good work and writing, your posts are hilarious!

said on 22 May 2006 at 09:54

Incidentally, shouldn’t Zed have a slot in the RedHanded blogbar by now?

Comments are closed for this entry.