Computer Programming

Yes, a bit specific, but I need to store some links!

SQL Injection Attacks

I was looking at some special logs we keep, and found these attempted SQL injection attacks.


admin
'
a'or' 1=1--
'or 1=1--
'or''='
'or'='or'
admin' or 'a'='a
admin'or 1=1#
"or "a"="a
'or 1=1/*
'or'a'='a
'or 1=1\0
"or"="
"or"="a'='a
"or1=1--
"or=or"
''or'='or'
') or ('a'='a
'or' '1'='1
'or''=''or''='
'or'='1'
'or1=1--
a'or' 1=1--
a'or'1=1--
or 'a'='a'
or1=1--
'.).or.('.a.'='.a 
'or.'a.'='a
')or('a'='a
1'or'1'='1
aaaa
admin
admin' OR 1=1/*
or 1=1--
"or 1=1--
"or 1=1\0
'xor
1 or '1'='1'=1
1 or '1'='1' or 1=1
' UNION Select 1,1,1 FROM adm

Two Big Monitors, Justified

I was never one to think I *needed* two monitors after the HD monitors came out, but having used two for a couple months, I think it's totally worth it. I don't even have the second monitor on all the time, but when you're coding and testing interactively, it helps a lot.

I set it up to show four regions: editing, reference, interaction, and debugging. I keep a terminal underneath the editing window, too. Click the image to enlarge.

Python str.split, annoying design.

Even after a year of diddling, I'm still a python newb, and things like str.split(None) are why.

Everyone knows split splits strings on a character (or in the civilized world, a regex). str.split(None) splits on whitespace and then trims leading and trailing whitespace. It's a great feature, but why not call it str.split_whitespace?

'a b'.split(None) returns ['a','b'].

'a,,,b'.split(',') does not return ['a','b']. It returns ['a','','','b'].

Angular JS Doesn't Suck

So I read this somewhat legendary rant about how JQuery is better than AngularJS, and AngularJS will fail. It's not going to fail.

It's just hard to learn. It's also verbose. You could say the same about any of the OO descendents of C. The difficulty generally comes from learning where your code should reside in the framework. Verbosity is just part of writing larger programs, and Angular is about writing larger programs. Maybe not large programs, but larger than a thousand lines.

Security Logic

Came up with this comment to help me think through end-user security.


	/*
	 * Security logic is based roughly on NTFS style allow and deny.
	 *
	 * The logic is as follows, in order:
	 * 1. If a specific role or user is in the deny list, they are denied.
	 * 2. If a specific role or user is in the allow list, they are allowed.
	 * 3. Otherwise, they are denied.
	 *
	 * There are three special values.  Anonymous is a user who is not logged in.
	 * All refers to all roles and users.
	 * None refers to no roles and no users.
	 *

Working at Night is Kind of Lame

So, after writing the big promotional article justifying TDD, I was doing some more Angular programming, and totally not having an easy time writing tests, so I gave up. The dependency injection framework makes it kind of hard. It'll make sense, eventually.

Test Driven Development (a cynical view)

So I'm trying to encourage a coding friend to do some unit testing. According to this blogger, testing isn't so popular in ObjC. Yeah, I can understand. It's a pain in the butt to learn the testing framework, and it's also a pain to write tests.

Then there's the intellectual conundrum: how do you write a good test suite that's likely to find your programming errors?

That's the kind of thinking that will send you down the rabbit-hole of computer (pseudo)science. The short answer is: you cannot. Stop contemplating.

Don't even try.

My Second Angular Directive - Menus

This was downright difficult. The good news is that the code got a little shorter, the HTML is a LOT shorter, the menu settings are in a shorter config file, and the direct manipulation of the DOM has reduced significantly.

When the user clicks on a menu item, here's what happened:

The original scanned the DOM to toggle off the current item. Then toggled the new item.

Now, the new version maintains a copy of the menu configuration, and alters this model. A loop scans the model and sets a "selected" bit, then triggers the animations.

My First AngularJS Directive: Stretchdown - stretches an element to the bottom of the window.

I've made may first directive! OK, not that special, but to me it is. This is one of the more difficult features I've come across in Angular, and I still don't really "get it".

I'm not even going to do a code walkthrough, because I can't really explain it well. The easy part is calculating the height the element should be. The tricky part is implementation.

Chrome Rendering Glitch with Label's Padding in Points (PT), Even Values

I have to learn the Chromium bug reporting system. Found an interesting rendering bug if, on a label, you specify a padding with an even number of points (pt), the rendering is shifted up a little bit, and the border can disappear if it's adjacent to another element.

Two examples are attached, differing only in the amount of padding.

Maybe it's a difference in how the values are calculated and either rounded off or truncated.

The problem goes away if you use pixels instead of points.

WordPress: Setting the META Description to part of the page's content

This code puts the first paragraph of the post into the description meta tag. It tries to strip out leading whitespace and any tags. If you insert an image, it should be stripped.

R Database Connection Class in RS (R5 S5)

I'm learning R, and it's been interesting. The weird part is that I don't know stats. Yes, I know standard deviation, mean deviation, and easy stuff, but those are one-liners in the R tutorials. What I know in stats amounts to around 1/4 to 1/2 a page of the R tutorial. So to compensate, I have a stats text from the thrift store, so I'll eventually be less than a total ignoramus about what I'm reading.

One of the twists of what I'm messing with is that all our data is in a database. The normal mode of operation for R users is to load the entire data table into memory and do awesome reporting on it. Where I'm at, for better or worse, is more like a traditional web application with a database back end.

A problem with this is that MySQL lets me have only 16 connections going at the same time. I'm not sure if it's the driver, but I'll assume that. Since RStudio holds the connections, coding a lot of changes eventually leads to a lot of lost database connection handles, and eventually running out of connections.

Installing R Packages Globally (for rApache)

For general instructions, see: http://cran.r-project.org/doc/manuals/R-admin.html#Managing-libraries.

In Ubuntu Linux, the path to the global libraries is: /usr/local/lib/R/site-library/

To install there, you can do install.packages(c('foo'), '/usr/local/lib/R/site-library/')

or take advantage of the built in variable: install.packages(c('foo'), .Library.site[1])

Check that .Library.site has the values you need.

You can also use R CMD INSTALL -l /path/to/library foo

PHP with More Coolness

A short article explaining how to improve your experience and produce slightly better code.

URLs: it's important to define your URLs rather than exposing all your PHP files to the world.

Use routes - study the one in ZF2 but don't copy it unless you really need it. CodeIgniter's is pretty nice too. Routes help map URLs to classes and methods.

If you don't want to use routes, use Apache's mod_rewrite. It's faster, and also awesome. It tranforms specific URL into specifc requests to specific scripts.

PHP with Less Risk

An extremely short article about how to avoid pitfalls that will get you hacked. I've been hacked, so I kind of know this from experience.

Syndicate content