Chad Moran

After a little inspiration from a co-worker I thought I'd write this up.

Living with any disability can be difficult. Having that disability affect your day to day work and other life can require more work than others might think.

I have Retinitis pigmentosa which has resulted in me having 20/100 visual acuity in my good eye and 20/120 in the other. The 20/100 is just a ratio. What I can see from 20 feet away a person with perfect vision can see from 100 feet away. That puts my good eye at 1/5th of where it should be.

Unfortunately with RP it's hard to correct your vision with glasses. At best my vision in my good eye is 20/80 with them. At one point while I was young my vision was registered at 20/300 putting me above the 20/200 point of being legally blind. As I've grown older my vision has improved and I've learned tricks for reading text to help.

Even day to day life this puts me at a significan disadvantage and I have to deal with challenges on a day to day basis that most people don't think about. Things as simple as reading a receipt, reading the route number on a bus, reading a menu at a restaurant, reading subtitles while watching a movie and even using my cell phone. I rely a lot on the people around me to help me out but most of the time I have to just go on without reading it. It's not limited there. Due to my poor eyesight in most states I can't get my license. I've lived since I was 18 without one. Even in WA where I can get it, I can only drive during the day and my insurance rates are about as expensive as the car payment.

A little help from my friends

Technology has come a long way as far as accessibility goes. Browsers now have support for scaling and both OS X and Windows have support for zooming the whole screen. My co-workers loveingly call this "Chad mode". Without Chad Mode I wouldn't be able to do my job day to day or comofrtably use a computer. Up until recently I've always found myself hunched over the keybard as close to the monitor as I could get straining my eyes and hurting my back in the process.

Atypical day (get it?)

A typical day starts off with me taking a shower. Without my glasses I can't tell if I'm using shampoo or conditioner. I move onto my half mile walking commute to work where on a bright day I can't tell the difference between the "Don't cross the street or death" sign and the "Dance across the street" sign.

Sitting down at my desk I look at the 3 monitors I have and one of which is a 27" display running at 1440x900 on a monitor arm and a keyboard tray. This setup allows me to keep my keyboard under my desk so I can get closer to my monitor without leaning forward. An email comes in and I check it out on my 4.7" display phone with maxed out font sizes.

Time to start working! I boot up my code editor at 16px font size with high-contrast colors. If I run into an app that doesn't support changing the font size or I need to read something small I press Windows Key+Plus and enter Chad Mode. Panning, zooming and scrolling my way around can make others sick when they watch me. I've had to learn how to deal with all of these axis and keep context of where I'm at. If an email comes in while I'm in Chad Mode chances are I'm not in the right place for the notificaiton and now I've just missed an important email.

Heading home and it's raining. If I want to take the Amazon shuttle I have to ask the driver if the shuttle is going the direction I need because I can't read the sign on the side.

Now it's time for dinner and pull out the requisite ingredients and have to ask for help reading the nutrition information or instructions. Sitting down to watch a movie or an episode of Homeland I find myself struggling to keep up with subtitles when they pop up even on a 60" TV.

Bed time and after an episode of Colbert I grab my Amazon Kindle Paperwhite with almost maxed out font sizes and spend 30 minutes reading a book at about 1/4 the pace of a normal person.

The alarm goes off and another day begins.

Going forward

At a young age I was told I'd be blind by the time I was 25. The fact that my vision has improved and I'm 27 I don't take for granted. I want to enjoy my eyesight while I still have it. I enjoy the outdoors here in Seattle and I'm always aware that today might be the last day I can see the monitor I use for work or my family.

One of my goals before I eventually lose my eysight is to complete an Ironman race. I'm sure I could do it blind it that would feel great but I want to see what it's like to cross the finish line and be able to remember what that looked like.

Your part

I can't be thankful enough for the work other's do to increase the accessibility of software. Whether it be a code editor or an operating system. It makes parts of my life not only easier… but possible.

As Software Engineers, Designers, IT Ops and pointy-haired managers we lead pretty sedentary lifestyles. We spend at least 40+ hours at a desk whether it's sitting or not, we're not doing much movement. Not only are we not active we tend to have pretty poor eating habits due that come along with different forms of excuses like "it's cheaper", "the group is going to this pizza place" or "it's crunch mode and I just need energy". If you think about other jobs you probably had as a yougin' you were probably fairly active compared to your new cushy job. So what can we do?

After going back and forth between being healthy and not-so-much I've noticed a lot of my co-workers have different approaches. I've tried at least all of these once, they're all affective in one way or another. Put simply, the one that works the best is the one you stick to.

Obvious disclaimer that I am not a doctor, physician or even a person who should probably be giving advice. Use this information at your own risk and don't sue me because you don't have enough common sense to not harm yourself.

Diet

This is a popular solution for those that don't like going to the gym or working out. Currently around the Woot offices the diet-o-choice seems to be following the carbs are evil mantra. A great read for this specific diet is the 4 hour body by Timothy Ferriss. I've tried this diet before and it is very effective though requires great discipline and during the first 2 weeks will completely throw you into the ground feeling tired and needing energy.

Another diet I've seen used and this was known as the "cult diet" while I was at Curse -- is the Paleo Diet. This is a diet that is similar to the no-carbs diet with some variations sprinkled with a little bit of crazy. I've also seen this diet with work great success from my co-workers but again -- requires great discipline. This diet is a little hardcore by excluding all grains, dairy and even salt. A great read that was passed around the office is Robb Wolf's The Paleo Solution.

Portion Control

In my opinion if you're going to try and sort of diet I'd say give this a shot first. I've personally found this to be very effective without changing my eating habits very much.

While I was in Hong Kong I was reading the menu for something and noticed it said "We serve American portions". I was a little confused by this and asked the waiter what this meant. So he showed me their normal portion vs the "American" and I was completely blown away. I don't think Americans always make the right decisions when it comes with what to eat but I think we just eat way too much. One thing I've done is just cut down on the amount of fat I eat and introduce more veggies and fruit. I still eat pizza, chocolate cake and the occasional tiramisu. However I eat it less often and I eat less of it. One place this can really be put into play is condiments like ketchup and mayo... just use less.

Along with drinking a glass of water before eating lunch or dinner I have found this method to be very affective without sacrificing great food.

Exercise, dammit

Now I know a lot of us desk dwellers don't like exercise. However, I've learned from experience combining exercise and portion control has not only helped with general weight loss but just feeling better day to day. I've even found I drink less coffee and have an easier time getting out of bed in the morning. You don't need to be a gym rat to do some basic programs to help with your health.

Without a personal trainer it can be hard to stay motivated or even get started. If you're going to look for a gym I would very highly recommend a gym that has Fitlinxx support. These are little computers attached to each weight lifting/cardio machine that have you enter a pin. They then tell you which settings to set the machine on that fit you and even make sure you're doing good-form motions and won't count bad-form ones. They track your progress and will even tell you when you're doing well enough to up the weight. This system was extremely helpful when I was using the gym.

C25K

Running is one of those things you take for granted. You probably think you could run quite a log distance -- until you actually try it. I promise it'll be harder than you think. Don't believe me? Stop reading this and go outside and let me know how you proved me wrong. Other than injury there's no reason not to try this program and I cannot recommend this enough -- it's that good.

This program basically consists of interval training having you alternate between running/walking on and off. It only requires 30 minutes, 3 times a week and can be done on a treadmill. By the time you're done with a week you'll think to yourself "there's no way I could run for 3 mins straight if I had trouble running for 1 minute straight!". Then when you try Day 1 of the next week you'll notice this program hired secret fitness ninjas to help your body build endurance.

This program is incredible in it's way to help you build your endurance very quickly and get you from 0 to 5k in 9 weeks. In my 3 weeks of this program I've lost 10 lbs, tripled my running distance and I've generally just felt better.

Here are some resources I highly recommend:

• C25K Program
• C25K Subreddit
• Visual C25K poster
• Get Running iOS App - this thing is amazing with TONS of audio cues
• RunKeeper

Even if running isn't your thing -- this program is worth a shot. I'm looking forward to finishing the program and entering into a 5K.

Pushups, sit-ups and squats

I think the reason the C25K program is so successful is the fact that it's a program. It gives you guidance and doesn't let you push yourself too hard and get demotivated.

Here are some other effective programs you can do at home (you'll find information in the sidebar on the right):

• 100 Pushups
• 200 Sit-ups
• 200 Squats
• 150 Dips

I've finished 2 of these programs in the past and they're very successful and you don't need the gym to finish them.

When I started my careers as a Software Engineer I quickly went from 135 lbs to 200 without even knowing it. It's easy to fall into a rut and not even notice it. I've found that running and eating better has positively effected all things including my attitude at work and my productivity. Even if you don't care about your healthy it can positively impact your career and is worth a shot.

By vulnerability I mean "vulnerability".

In case you haven't been keeping up with recent news there was a recent shit storm over a security issue that Egor Homakov recently took advantage of. It involved him abusing a feature of Rails called mass-assignment. This allows you to take parameters from a form or url and use them to update your model.

def update
  @user = User.find params[:id]

  @user.update_attributes params[:user]
end

This seems innocent enough - we're just updating some properties for the user. However, this means we can update any attribute on the user, not just the ones in the form. This means we could use Firebug or the WebKit Inspector to change the name of an existing field or create a new one and submit that value. Assuming we had a boolean value named admin on the User model we could create some HTML like so.

<input type="checkbox" name="user[admin]" checked="checked" />

Then submit this with the normal form and voila! We've just made ourselves an admin on your site. This might seem like a huge issue that's worth flying off the rails (get it?) to complain about and plenty of people have. However, this would be like driving your car off a bridge and saying the car is shit because it didn't stop you from doing something stupid. We can only protect ourselves so much.

There's an easy way to stop this from happening.

class User < ActiveRecord::Base
  attr_accessible :name
end

Now only the name field can be set using mass-assignment. This is a way to white list properties and allow the ones you want to be set. Now since we're programmers and we like to framework the shit out of everything and absolutely hate change. Some of you might be wondering "What if I add a new field?". Well... then update the model. If you're willing to sacrifice security over laziness then no one can help you. There is however an option for those out there that want to blacklist properties using attr_protected. Again, if you add a new field that you don't want being set and you forget to update your model you're vulnerable to attack.

This feature for protecting your model is not a new or unknown feature. It has been covered before.

Now that I have that off my chest. I'd like to turn my attention to the same exact issue that exists in ASP.NET MVC -- model binding.

You've probably used something like this in the past

public ActionResult Update(User user)
{
    // some magic DB stuff here
}

The exact same HTML I posted above could be used here to abuse the same issue. This also a known issue and has been documented about how to fix.

If you're using UpdateModel.

UpdateModel(user, "Name");

... or the bind attribute ...

public ActionResult(Bind[(Include = "Name")]User user)
{
}

Again, this isn't just an issue for Rails. This problem exists in most modern web frameworks today.

The matter of the fact is you shouldn't blame the technology for your, or others mistakes. Yes, the technology could help you however it can't do everything. Don't blame the car because you drove it off a bridge.

With the scope of this issue I hope it will make it more prevalent in learning materials for developers. Even those experienced can sometimes forget these issues exist.

I've spent a large amount of my time moving around the country. For the past 10 years I've moved to a different city every 2 years. From Baltimore, MD to Raleigh, NC and Huntsville, AL. Part of the reason for the moves were failed startups (read: owner taking all of the company's money and splitting) to getting a better job offer.

One of my recent stints was working for Curse.com as a .NET dev. Curse is a fun group and when I joined it felt very much like a startup. They had a team of about 4 .NET devs and we were all in one big room. I joined on the team to help engineer and get Wowstead.com out the door. We went on to launch and along the way created a very powerful framework. Since then we re-wrote Curse.com (their flagship site) on the new framework. About 3 weeks before the launch I was offered a position at Woot.

Flash forward to today and I've since moved to Seattle, WA and have settled into my new job.

The guys at Woot are an awesome group of passionate devs who know their stuff. I'm looking forward to this next chapter in my life.