weekends are for leisure

Just read the Nov/Dev 2011 Audobon magazine article, Life Support, about the improving state of Everglades since the author’s previous visit 10 years ago. I won’t go into the details of the article. Nor will I pretend to have a solution for that region. However, the article conjured up some environmentally-related memories from growing up in Florida, so here goes:

As a child I was frequently puzzled by the fact that nobody knew exactly what to do with their old engine oil. Most people I knew dumped it in some far-away back corner of their property. They’d even joke about it probably not being the best thing to do, but they’d then comment on the low quantity and low frequency. And of course, I’ve done the same on many occasions. After all, I was in charge of mowing the lawn, which necessitate oil changes and removal of old gasoline from the previous season. I’d dump it reluctantly, because there didn’t seem to exist any alternative.

Continue reading

In the PHP world, solely relying upon PHP’s strip_tags() function to protect your web application from JavaScript injections is a bad idea. If you do, you may be vulnerable in even the most recent browsers (I tested in Chrome 17.0.963.83, Firefox 9.0.1 and Internet Explorer 9). There may be parallels in other languages too, so beware.

You’ll be vulnerable if the following are true:

• You’ve got a webapp that accepts user input
• You use strip_tags() or similar to sanitize fields
• You don’t explicitly remove less-than or greater-than characters from those fields (PHP’s strip_tags won’t remove a partial “<script” tag)
• Values from two or more of these fields are printed close to each other in the output HTML, with little or no markup between them

The fourth item is tricky … The markup between the field values must not contain any quotes (the quotes would prematurely close the script tag injection attempt). In other words, it’s possible for an opening SCRIPT tag to be constructed using values from two subsequent user-input fields.

Continue reading

If you get confused by non-simple Git workflows, this howto on git forking, branching, etc should help.

Oh thank god! Branching I understood, but was clueless when it came to pushing up a specific branch.

Rebasing too … reminds me of how we badly need a separate dev environment at work. Ugh.

In all, a wonderful tutorial that helps you play along with others while programming.

Continue reading

Here’s a Wall Street Journal article on Why French parents are superior.

No, I’m far from having kids, but this was insightful nonetheless. Some noteworthy paragraphs:

One of the keys to this education is the simple act of learning how to wait. It is why the French babies I meet mostly sleep through the night from two or three months old. Their parents don’t pick them up the second they start crying, allowing the babies to learn how to fall back asleep. It is also why French toddlers will sit happily at a restaurant. Rather than snacking all day like American children, they mostly have to wait until mealtime to eat. (French kids consistently have three meals a day and one snack around 4 p.m.)

Continue reading

Watched a 2005 Oregon PBS special about forest management last night. Link here. Saw some old guys with lots of land and trees managing it with intelligence. They don’t clear-cut. They have a clue about genetics so they save the best trees and sell the others. Made me think: Damn that looks like fun, rewarding work!

Especially the bits involving data collection. One guy kept detailed logs and found that his trees put on mass much faster later in life, but most loggers harvest before that point. I’d love to pay attention and keep those kinds of numbers. The data loving techie in me is thinking: GPS for each tree, monitoring CO2 and other levels around my property. Of course, I wouldn’t want the financial pressure of that being my only source of income. Luckily I’ve been a telecommuting programmer for years … been fortunate.

Continue reading

Completed Puzzle Agent recently. It was such a fun game and luckily the sequel went on sale a few days after I finished it. The puzzles were a balanced mix of 10-second teasers, those where your only hope is to jump in and work through possible solutions, and those where you really need to pay attention.

Aside from the puzzles, the other aspects of the game are no slouch either. The story draws you in and has quite a few surprises. The art work is simple, high quality, and infused with a playful sense of humor. Can’t wait to start the sequel.

Continue reading

The Thin Man is a great movie. It’s filled with lovable characters, great pacing and a great plot. And of course I must mention the hilarious, witty protagonists. Luckily it’s only the first in a six-part film series. Looking forward to the rest!

Continue reading

Building upon Joel’s post on Unicode, here are some real-world tips relating to character encodings.

Use them by name

Always explicitly specify which encoding you want (perhaps UTF-8). Don’t assume the language or library/tool you’re using will make the right decision for you. If you value your time, don’t ignore this recommendation, otherwise you’ll likely spend lots more time patching things up in the future.

A tale to drive this home

Continue reading

Got to use node.js for a work project recently. We needed an FTP server with special user authentication that would run custom code after a file was uploaded. There was one node.js FTP server implementation on github, so I forked it and started rounding out the basic functionality. My fork is here.

The first significant change I made was to encapsulate the data connection logic. File lists and file contents are transferred over the data connection (FTP commands and responses over the control connection). I quickly found that some clients are super eager to send you data and will do so once a passive data connection is made, even before the FTP server tells them it’s ok to do so. This was especially problematic for file uploads over passive data connections. Without a workaround for these aggressive clients, the flow looked something like this:

Continue reading

Read linked content

Caught an episode of Nature last night. Great as always. Spotted skunks …. my, what a coat! You can watch the full episode, just click the title of this post.

Continue reading