I have an older Dell Inspiron laptop that’s been part of my life since 2007. One of my soft goals is for voxeling to run reasonably well on it, though things aren’t looking good at the moment. The simple voxeljs demos tend to run around 30fps but within my world I’m getting between 8 and 20fps. Not good. I blame the many many more voxels present in my world. I’m considering converting the engine to StackGL/WebGL (kinda like voxel-engine-stackgl), but more on that in a future post.
If you haven’t already played around with the in-browser voxel game demos on voxeljs.com, check them out. I stumbled across them in April and was blown away. Who knew 3D environments could run so well in the browser? Apparently lots of people did, more than two years ago. Oh well, I’m late to the party again. Regardless, working with those tools looked like great fun, so I forked some repos and began building.
You’ll be vulnerable if the following are true:
You’ve got a webapp that accepts user input You use strip_tags() or similar to sanitize fields You don’t explicitly remove less-than or greater-than characters from those fields (PHP’s strip_tags won’t remove a partial “<script” tag) Values from two or more of these fields are printed close to each other in the output HTML, with little or no markup between them The fourth item is tricky … The markup between the field values must not contain any quotes (the quotes would prematurely close the script tag injection attempt).
Got to use node.js for a work project recently. We needed an FTP server with special user authentication that would run custom code after a file was uploaded. There was one node.js FTP server implementation on github, so I forked it and started rounding out the basic functionality. My fork is here.
The first significant change I made was to encapsulate the data connection logic. File lists and file contents are transferred over the data connection (FTP commands and responses over the control connection).
In my quest to learn new things, specifically the following things, I’ve been both excited and drained:
node.js Redis document database haml sass a micro-framework By “new things” I really mean “some cutting edge stuff that seems pretty cool”, the “cutting edge” portion being the source of most of my struggle. New tools, languages and software have sharp edges.
Since I love fast and light software, node.js is my current casual focus.
Trying to do a brain-dump of things I’ve encountered at my new job, since I’ve been doing work in several new areas.
My employer’s website was crashing on IE7. When I tried to re-create the issue on my IE8 machine, it crashed for me as well. Also crashed when I put IE8 in IE7 mode (the Developer Tools are quite nice).
A month ago I got excited about node.js. Watched two presentations, installed it, ran a few tests, and then ran out of steam for lack of a real project idea. Hate when that happens.