Computer Programming

Yes, a bit specific, but I need to store some links!

Benchmarking String Function to camelCase

I needed a function to turn snake_case to camelCase. The reason why? Angular and Javascript are better with camelCase, and Python and Django prefer snake_case. I tried working with both in the Django side, and it wasn't pretty. Even worse, I lost track of when I switched from one to the other, if I switched at all. So, I'm going to try renaming the keys as they are handed off from Django Rest Framework to the Javascript.

A Django REST Framework Technique for more Detailed Related Records

This is a nice way to deal with building lists of objects to display in tables. It's kind of hidden in there, but in your serializer, you can specify that a field is represented by another serializer.

The result is a list of objects instead of a list of URLs or PKs.

Now, going with that, you can save on data transfer by serializing only a few fields.

The AngularJS File Upload Blues

I've got the angular file upload blues. It's hard to upload files in Angular JS. Who was to know?

One solution.

A nice module called angular-file-upload.

My .vimrc

set nocompatible " be iMproved, required
filetype off " required

" set the runtime path to include Vundle and initialize
set rtp+=~/.vim/bundle/Vundle.vim
call vundle#begin()
" alternatively, pass a path where Vundle should install plugins
"call vundle#begin('~/some/path/here')

" let Vundle manage Vundle, required
Plugin 'gmarik/Vundle.vim'

" All of your Plugins must be added before the following line
call vundle#end() " required
filetype plugin indent on " required
" To ignore plugin indent changes, instead use:

Intermittent Django REST Framework glitch examined with Apache Benchmark

While programming in the rest framework, I hit this error, intermittently, but over and over, along with others:

Could not resolve URL for hyperlinked relationship using view name "parseuser-detail". You may have failed to include the related model in your API, or incorrectly configured the `lookup_field` attribute on this field.

Being a noob, I hit the books (documentation) again, and again, and thought I had it right, or close. (Don't start out creating Django models for non-Django-managed tables. It's pretty hard. It's better to learn the vanilla Django way first, if possible.)

Instant CORS in PHP

Here's a snippet of code that will make your PHP REST API work cross-domain, through the magic of CORS:

/**
 * CORS is a way to allow scripts from other domains to post to this URL.
 */
if ($_SERVER['REQUEST_METHOD']=='OPTIONS') {
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Methods: POST, OPTIONS');
    header('Access-Control-Allow-Headers: Content-Type');
    exit();
}
header('Access-Control-Allow-Origin: *');

Django Rest Tutorial, Inverted

[I hesitate to post this, because it makes me look like I'm a slow learner... but, oh well. I hope someone finds this interesting.]

An Unsafe Version of the PHP Example

This is an unsafe version of the Model PHP Script example. It is more useful for learning PHP. An explanation follows, about what it does, and why it's unsafe.

<?php

/* 
 * Sample PHP form and database example.
 * This is an *unsafe* example, based on the safe example.
 */

// 1. config variables
$dbhost = 'localhost';
$dbuser = 'mysite';
$dbpass = '12JNdie8Ds3';
$dbname = 'mysite';

// 2. get the value from the form
$x = $_POST['x'];

Model PHP Script Example

I just whipped this script up to demonstrate some techniques for writing relatively safe web forms with PHP. This example doesn't strive to look nice or even be easy to understand. It should be a jumping off point for learning some PDO, some htmlspecialchars, some filter_var, and a functional style of composing pages. The last thing - not such a great idea, but it works for really short pages.

This script is written to try and avoid SQL injection attacks, and cross site scripting (XSS).

Code is attached, and below.

Semantics

So I'm reading this computer stuff, and come across:

"What separates a mixin from multiple inheritance? Is it just a matter of semantics?"

"Yes. The difference between a mixin and standard multiple inheritance is just a matter of semantics;"

What the heck did that mean? Different words, same meaning... or different words, different meaning? I am pretty sure they meant the former, but I had to double check, because "semantic" means "meaning", and in technical reading, I tend toward the literal interpretation over traditional or colloquial one.

SQL Injection Attacks

I was looking at some special logs we keep, and found these attempted SQL injection attacks.


admin
'
a'or' 1=1--
'or 1=1--
'or''='
'or'='or'
admin' or 'a'='a
admin'or 1=1#
"or "a"="a
'or 1=1/*
'or'a'='a
'or 1=1\0
"or"="
"or"="a'='a
"or1=1--
"or=or"
''or'='or'
') or ('a'='a
'or' '1'='1
'or''=''or''='
'or'='1'
'or1=1--
a'or' 1=1--
a'or'1=1--
or 'a'='a'
or1=1--
'.).or.('.a.'='.a 
'or.'a.'='a
')or('a'='a
1'or'1'='1
aaaa
admin
admin' OR 1=1/*
or 1=1--
"or 1=1--
"or 1=1\0
'xor
1 or '1'='1'=1
1 or '1'='1' or 1=1
' UNION Select 1,1,1 FROM adm

Two Big Monitors, Justified

I was never one to think I *needed* two monitors after the HD monitors came out, but having used two for a couple months, I think it's totally worth it. I don't even have the second monitor on all the time, but when you're coding and testing interactively, it helps a lot.

I set it up to show four regions: editing, reference, interaction, and debugging. I keep a terminal underneath the editing window, too. Click the image to enlarge.

Python str.split, annoying design.

Even after a year of diddling, I'm still a python newb, and things like str.split(None) are why.

Everyone knows split splits strings on a character (or in the civilized world, a regex). str.split(None) splits on whitespace and then trims leading and trailing whitespace. It's a great feature, but why not call it str.split_whitespace?

'a b'.split(None) returns ['a','b'].

'a,,,b'.split(',') does not return ['a','b']. It returns ['a','','','b'].

Angular JS Doesn't Suck

So I read this somewhat legendary rant about how JQuery is better than AngularJS, and AngularJS will fail. It's not going to fail.

It's just hard to learn. It's also verbose. You could say the same about any of the OO descendents of C. The difficulty generally comes from learning where your code should reside in the framework. Verbosity is just part of writing larger programs, and Angular is about writing larger programs. Maybe not large programs, but larger than a thousand lines.

Security Logic

Came up with this comment to help me think through end-user security.


	/*
	 * Security logic is based roughly on NTFS style allow and deny.
	 *
	 * The logic is as follows, in order:
	 * 1. If a specific role or user is in the deny list, they are denied.
	 * 2. If a specific role or user is in the allow list, they are allowed.
	 * 3. Otherwise, they are denied.
	 *
	 * There are three special values.  Anonymous is a user who is not logged in.
	 * All refers to all roles and users.
	 * None refers to no roles and no users.
	 *
Syndicate content