Computer Programming

Yes, a bit specific, but I need to store some links!

An Unsafe Version of the PHP Example

This is an unsafe version of the Model PHP Script example. It is more useful for learning PHP. An explanation follows, about what it does, and why it's unsafe.

<?php

/* 
 * Sample PHP form and database example.
 * This is an *unsafe* example, based on the safe example.
 */

// 1. config variables
$dbhost = 'localhost';
$dbuser = 'mysite';
$dbpass = '12JNdie8Ds3';
$dbname = 'mysite';

// 2. get the value from the form
$x = $_POST['x'];

Model PHP Script Example

I just whipped this script up to demonstrate some techniques for writing relatively safe web forms with PHP. This example doesn't strive to look nice or even be easy to understand. It should be a jumping off point for learning some PDO, some htmlspecialchars, some filter_var, and a functional style of composing pages. The last thing - not such a great idea, but it works for really short pages.

This script is written to try and avoid SQL injection attacks, and cross site scripting (XSS).

Code is attached, and below.

Semantics

So I'm reading this computer stuff, and come across:

"What separates a mixin from multiple inheritance? Is it just a matter of semantics?"

"Yes. The difference between a mixin and standard multiple inheritance is just a matter of semantics;"

What the heck did that mean? Different words, same meaning... or different words, different meaning? I am pretty sure they meant the former, but I had to double check, because "semantic" means "meaning", and in technical reading, I tend toward the literal interpretation over traditional or colloquial one.

SQL Injection Attacks

I was looking at some special logs we keep, and found these attempted SQL injection attacks.


admin
'
a'or' 1=1--
'or 1=1--
'or''='
'or'='or'
admin' or 'a'='a
admin'or 1=1#
"or "a"="a
'or 1=1/*
'or'a'='a
'or 1=1\0
"or"="
"or"="a'='a
"or1=1--
"or=or"
''or'='or'
') or ('a'='a
'or' '1'='1
'or''=''or''='
'or'='1'
'or1=1--
a'or' 1=1--
a'or'1=1--
or 'a'='a'
or1=1--
'.).or.('.a.'='.a 
'or.'a.'='a
')or('a'='a
1'or'1'='1
aaaa
admin
admin' OR 1=1/*
or 1=1--
"or 1=1--
"or 1=1\0
'xor
1 or '1'='1'=1
1 or '1'='1' or 1=1
' UNION Select 1,1,1 FROM adm

Two Big Monitors, Justified

I was never one to think I *needed* two monitors after the HD monitors came out, but having used two for a couple months, I think it's totally worth it. I don't even have the second monitor on all the time, but when you're coding and testing interactively, it helps a lot.

I set it up to show four regions: editing, reference, interaction, and debugging. I keep a terminal underneath the editing window, too. Click the image to enlarge.

Python str.split, annoying design.

Even after a year of diddling, I'm still a python newb, and things like str.split(None) are why.

Everyone knows split splits strings on a character (or in the civilized world, a regex). str.split(None) splits on whitespace and then trims leading and trailing whitespace. It's a great feature, but why not call it str.split_whitespace?

'a b'.split(None) returns ['a','b'].

'a,,,b'.split(',') does not return ['a','b']. It returns ['a','','','b'].

Angular JS Doesn't Suck

So I read this somewhat legendary rant about how JQuery is better than AngularJS, and AngularJS will fail. It's not going to fail.

It's just hard to learn. It's also verbose. You could say the same about any of the OO descendents of C. The difficulty generally comes from learning where your code should reside in the framework. Verbosity is just part of writing larger programs, and Angular is about writing larger programs. Maybe not large programs, but larger than a thousand lines.

Security Logic

Came up with this comment to help me think through end-user security.


	/*
	 * Security logic is based roughly on NTFS style allow and deny.
	 *
	 * The logic is as follows, in order:
	 * 1. If a specific role or user is in the deny list, they are denied.
	 * 2. If a specific role or user is in the allow list, they are allowed.
	 * 3. Otherwise, they are denied.
	 *
	 * There are three special values.  Anonymous is a user who is not logged in.
	 * All refers to all roles and users.
	 * None refers to no roles and no users.
	 *

Working at Night is Kind of Lame

So, after writing the big promotional article justifying TDD, I was doing some more Angular programming, and totally not having an easy time writing tests, so I gave up. The dependency injection framework makes it kind of hard. It'll make sense, eventually.

Test Driven Development (a cynical view)

So I'm trying to encourage a coding friend to do some unit testing. According to this blogger, testing isn't so popular in ObjC. Yeah, I can understand. It's a pain in the butt to learn the testing framework, and it's also a pain to write tests.

Then there's the intellectual conundrum: how do you write a good test suite that's likely to find your programming errors?

That's the kind of thinking that will send you down the rabbit-hole of computer (pseudo)science. The short answer is: you cannot. Stop contemplating.

Don't even try.

My Second Angular Directive - Menus

This was downright difficult. The good news is that the code got a little shorter, the HTML is a LOT shorter, the menu settings are in a shorter config file, and the direct manipulation of the DOM has reduced significantly.

When the user clicks on a menu item, here's what happened:

The original scanned the DOM to toggle off the current item. Then toggled the new item.

Now, the new version maintains a copy of the menu configuration, and alters this model. A loop scans the model and sets a "selected" bit, then triggers the animations.

My First AngularJS Directive: Stretchdown - stretches an element to the bottom of the window.

I've made may first directive! OK, not that special, but to me it is. This is one of the more difficult features I've come across in Angular, and I still don't really "get it".

I'm not even going to do a code walkthrough, because I can't really explain it well. The easy part is calculating the height the element should be. The tricky part is implementation.

Chrome Rendering Glitch with Label's Padding in Points (PT), Even Values

I have to learn the Chromium bug reporting system. Found an interesting rendering bug if, on a label, you specify a padding with an even number of points (pt), the rendering is shifted up a little bit, and the border can disappear if it's adjacent to another element.

Two examples are attached, differing only in the amount of padding.

Maybe it's a difference in how the values are calculated and either rounded off or truncated.

The problem goes away if you use pixels instead of points.

WordPress: Setting the META Description to part of the page's content

This code puts the first paragraph of the post into the description meta tag. It tries to strip out leading whitespace and any tags. If you insert an image, it should be stripped.

R Database Connection Class in RS (R5 S5)

I'm learning R, and it's been interesting. The weird part is that I don't know stats. Yes, I know standard deviation, mean deviation, and easy stuff, but those are one-liners in the R tutorials. What I know in stats amounts to around 1/4 to 1/2 a page of the R tutorial. So to compensate, I have a stats text from the thrift store, so I'll eventually be less than a total ignoramus about what I'm reading.

One of the twists of what I'm messing with is that all our data is in a database. The normal mode of operation for R users is to load the entire data table into memory and do awesome reporting on it. Where I'm at, for better or worse, is more like a traditional web application with a database back end.

A problem with this is that MySQL lets me have only 16 connections going at the same time. I'm not sure if it's the driver, but I'll assume that. Since RStudio holds the connections, coding a lot of changes eventually leads to a lot of lost database connection handles, and eventually running out of connections.

Syndicate content