Recent blog posts
I just whipped this script up to demonstrate some techniques for writing relatively safe web forms with PHP. This example doesn't strive to look nice or even be easy to understand. It should be a jumping off point for learning some PDO, some htmlspecialchars, some filter_var, and a functional style of composing pages. The last thing - not such a great idea, but it works for really short pages.
This script is written to try and avoid SQL injection attacks, and cross site scripting (XSS).
Code is attached, and below.
I was getting through the docker.io docs, and not quite getting it, and learned it was based on Linux Containers. Followed a link to a series of tutorials by one of the committers, and it's really good so far.
LXC is basically "chroot on steroids" with a isolated networking and processes in addition to isolated files. It allows you to create software within what looks like a lean Linux environment.
I had a disk failing, and had to remove it. The "right" way is to break the mirror or remove the disk from the plex, but it was preventing a boot for the third time, so I shut down and removed it.
The computer booted from the second disk (after selecting it with the F10 boot menu, then the Windows boot menu).
So I added the replacement disk, restarted, and then went to work on rebuilding the mirror.
The new disk was initialized as MBR.
The remaining disk in the RAID plex was working, but the plex was gone. When I tried to reactivate the volume, it said the plex was gone.
This is a big loss for net admins. The exemption was intended for programmers (and even that might be considered a loss).
So I'm reading this computer stuff, and come across:
"What separates a mixin from multiple inheritance? Is it just a matter of semantics?"
"Yes. The difference between a mixin and standard multiple inheritance is just a matter of semantics;"
What the heck did that mean? Different words, same meaning... or different words, different meaning? I am pretty sure they meant the former, but I had to double check, because "semantic" means "meaning", and in technical reading, I tend toward the literal interpretation over traditional or colloquial one.
Computer sound sucks.
There are three major contexts for computer-based sound: watching the computer like a TV, using it for video or audio phone, and using the computer as a multitrack recording studio or a multi-channel mixing board for a PA.
The problem is, the designers of Windows (and Linux, and Mac OS somewhat) have chosen to focus on enabling the usage on the right.
I was looking at some special logs we keep, and found these attempted SQL injection attacks.
A demo of how to incorporate SSH tunnels into a Python system administration script.
Like all sysadmins, I write scripts to automate routine operations. Lately, though, I have needed to write scripts that automate routine operations on a remote system, and we need the security barriers to be a little higher than in the "old days".
We're accessing our database through an SSH tunnel, rather than via a regular encrypted socket. (The SSH connection will eventually require key pairs, and disallow regular passwords.)
I was never one to think I *needed* two monitors after the HD monitors came out, but having used two for a couple months, I think it's totally worth it. I don't even have the second monitor on all the time, but when you're coding and testing interactively, it helps a lot.
I set it up to show four regions: editing, reference, interaction, and debugging. I keep a terminal underneath the editing window, too. Click the image to enlarge.
So I read this somewhat legendary rant about how JQuery is better than AngularJS, and AngularJS will fail. It's not going to fail.
It's just hard to learn. It's also verbose. You could say the same about any of the OO descendents of C. The difficulty generally comes from learning where your code should reside in the framework. Verbosity is just part of writing larger programs, and Angular is about writing larger programs. Maybe not large programs, but larger than a thousand lines.
Came up with this comment to help me think through end-user security.
/* * Security logic is based roughly on NTFS style allow and deny. * * The logic is as follows, in order: * 1. If a specific role or user is in the deny list, they are denied. * 2. If a specific role or user is in the allow list, they are allowed. * 3. Otherwise, they are denied. * * There are three special values. Anonymous is a user who is not logged in. * All refers to all roles and users. * None refers to no roles and no users. *
This is the change control form that I use, more or less. Less, mainly. I'll use it for major changes, but usually forget about it for smaller ones, which isn't a good thing. Still, in my experience, something is better than nothing.
For a one-person operation, it's OK. Also, if you're doing outside jobs, you do need to document changes in a notebook of some kind, because you won't remember what you did when you return to the site. I forgot to record info about a few remote sites we set up for other organizations - and wasted a couple hours here and there for it.
How to share a folder and its files with computers outside of the Windows domain. This is a generally bad idea, but if you need to do it, it's possible.
This was downright difficult. The good news is that the code got a little shorter, the HTML is a LOT shorter, the menu settings are in a shorter config file, and the direct manipulation of the DOM has reduced significantly.
When the user clicks on a menu item, here's what happened:
The original scanned the DOM to toggle off the current item. Then toggled the new item.
Now, the new version maintains a copy of the menu configuration, and alters this model. A loop scans the model and sets a "selected" bit, then triggers the animations.