Computer Programming

Yes, a bit specific, but I need to store some links!

Intermittent Django REST Framework glitch examined with Apache Benchmark

While programming in the rest framework, I hit this error, intermittently, but over and over, along with others:

Could not resolve URL for hyperlinked relationship using view name "parseuser-detail". You may have failed to include the related model in your API, or incorrectly configured the `lookup_field` attribute on this field.

Being a noob, I hit the books (documentation) again, and again, and thought I had it right, or close. (Don't start out creating Django models for non-Django-managed tables. It's pretty hard. It's better to learn the vanilla Django way first, if possible.)

Instant Cross-Domain Access for Everyone with CORS in PHP

Here's a snippet of code that will make your PHP REST API work cross-domain, through the magic of CORS:

/**
 * CORS is a way to allow scripts from other domains to post to this URL.
 */
if ($_SERVER['REQUEST_METHOD']=='OPTIONS') {
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Methods: POST, OPTIONS');
    header('Access-Control-Allow-Headers: Content-Type');
    exit();
}
header('Access-Control-Allow-Origin: *');

Django Rest Tutorial, Inverted

[I hesitate to post this, because it makes me look like I'm a slow learner... but, oh well. I hope someone finds this interesting.]

An Unsafe Version of the PHP Example

This is an unsafe version of the Model PHP Script example. It is more useful for learning PHP. An explanation follows, about what it does, and why it's unsafe.

<?php

/* 
 * Sample PHP form and database example.
 * This is an *unsafe* example, based on the safe example.
 */

// 1. config variables
$dbhost = 'localhost';
$dbuser = 'mysite';
$dbpass = '12JNdie8Ds3';
$dbname = 'mysite';

// 2. get the value from the form
$x = $_POST['x'];

Model PHP Script Example: writing relatively safe web forms

I just whipped this script up to demonstrate some techniques for writing relatively safe web forms with PHP. This example doesn't strive to look nice or even be easy to understand. It should be a jumping off point for learning some PDO, some htmlspecialchars, some filter_var, and a functional style of composing pages. The last thing - not such a great idea, but it works for really short pages.

This script is written to try and avoid SQL injection attacks, and cross site scripting (XSS).

Code is attached, and below.

A List of SQL Injection Attacks

I was looking at some special logs we keep, and found these attempted SQL injection attacks.

~~~~
admin
'
a'or' 1=1--
'or 1=1--
'or''='
'or'='or'
admin' or 'a'='a
admin'or 1=1#
"or "a"="a
'or 1=1/*
'or'a'='a
'or 1=1\0
"or"="
"or"="a'='a
"or1=1--
"or=or"
''or'='or'
') or ('a'='a
'or' '1'='1
'or''=''or''='
'or'='1'
'or1=1--
a'or' 1=1--
a'or'1=1--
or 'a'='a'
or1=1--
'.).or.('.a.'='.a
'or.'a.'='a
')or('a'='a
1'or'1'='1
aaaa
admin
admin' OR 1=1/*
or 1=1--
"or 1=1--
"or 1=1\0
'xor
1 or '1'='1'=1
1 or '1'='1' or 1=1
' UNION Select 1,1,1 FROM adm
~~~~

Python str.split, annoying design.

Even after a year of diddling, I'm still a python newb, and things like str.split(None) are why.

Everyone knows split splits strings on a character (or in the civilized world, a regex). str.split(None) splits on whitespace and then trims leading and trailing whitespace. It's a great feature, but why not call it str.split_whitespace?

'a b'.split(None) returns ['a','b'].

'a,,,b'.split(',') does not return ['a','b']. It returns ['a','','','b'].

Security Logic Simplified into a Cheatsheet

Came up with this comment to help me think through end-user security.

~~~~ /* * Security logic is based roughly on NTFS style allow and deny. * * The logic is as follows, in order: * 1. If a specific role or user is in the deny list, they are denied. * 2. If a specific role or user is in the allow list, they are allowed. * 3. Otherwise, they are denied. * * There are three special values.

AngularJS Directive: Stretchdown - stretches an element to the bottom of the window.

I've made may first directive! OK, not that special, but to me it is. This is one of the more difficult features I've come across in Angular, and I still don't really "get it".

[I didn't "get it" because I used directives as a mixin to implement a UI feature. Directives are really supposed to be for encapsulating HTML into small templates.]

I'm not even going to do a code walkthrough, because I can't really explain it well. The easy part is calculating the height the element should be. The tricky part is implementation.

Chrome Rendering Glitch with Label's Padding in Points (PT), Even Values

I have to learn the Chromium bug reporting system. Found an interesting rendering bug if, on a label, you specify a padding with an even number of points (pt), the rendering is shifted up a little bit, and the border can disappear if it's adjacent to another element.

WordPress: Setting the META Description to part of the page's content

This code puts the first paragraph of the post into the description meta tag. It tries to strip out leading whitespace and any tags. If you insert an image, it should be stripped.

R Database Connection Class in RS (R5 S5)

I'm learning R, and it's been interesting. The weird part is that I don't know stats. Yes, I know standard deviation, mean deviation, and easy stuff, but those are one-liners in the R tutorials. What I know in stats amounts to around 1/4 to 1/2 a page of the R tutorial. So to compensate, I have a stats text from the thrift store, so I'll eventually be less than a total ignoramus about what I'm reading.

One of the twists of what I'm messing with is that all our data is in a database. The normal mode of operation for R users is to load the entire data table into memory and do awesome reporting on it. Where I'm at, for better or worse, is more like a traditional web application with a database back end.

A problem with this is that MySQL lets me have only 16 connections going at the same time. I'm not sure if it's the driver, but I'll assume that. Since RStudio holds the connections, coding a lot of changes eventually leads to a lot of lost database connection handles, and eventually running out of connections.

Installing R Packages Globally (for rApache)

For general instructions, see: http://cran.r-project.org/doc/manuals/R-admin.html#Managing-libraries.

In Ubuntu Linux, the path to the global libraries is: /usr/local/lib/R/site-library/

To install there, you can do install.packages(c('foo'), '/usr/local/lib/R/site-library/')

or take advantage of the built in variable: install.packages(c('foo'), .Library.site[1])

Check that .Library.site has the values you need.

You can also use R CMD INSTALL -l /path/to/library foo

CSS Hints for Technoids Who Forgot to Learn CSS

This article has been completely rewritten, and expanded into a book: CSS: An Overview for Software Developers.

This article is obsolete and will go away eventually, and replaced with an excerpt from the book.

----------------

The original was written: 2004-11-18 03:16:46 -0700.

Here's a bit of the article:

Dang, but it took me forever to learn CSS. Maybe I should have used a book. Here, I'm going to share with you the hard-found knowledge, presented using technical programmer jargon. (Revised in 2014.)

CSS Stylesheet Switcher Widget

This snippet of code can be modified and used to change the stylesheet on your page. I set it up to work against a layout extracted from Salsa, but it should work on generic pages. It's good for demos, discussions about a layout, trying different colors, etc.

Syndicate content