Iframes: thinking outside the box
New post to the Cozi Tech Blog: Iframes: thinking outside the box.
Using an iframe to host some content turned out to be a big pain, so I came up with a different approach.
New post to the Cozi Tech Blog: Iframes: thinking outside the box.
Using an iframe to host some content turned out to be a big pain, so I came up with a different approach.
At lunch today, I told Eric about Hash Attacks: for many hash functions, it's possible to construct a large set of keys that collide. This can be used to cause a Denial of Service as hashtable operations can be induced to take O(n) time instead of O(1).
Crosby and Wallach successfully demonstrated this against a number of applications.
Andrew has a good writeup of Hash Algorithm Attacks.
There are various mitigations suggested. The one that I used when I first became aware of this problem is to use a salt to the hash function.
In other words, change:
unsigned hash(const char* s) { unsigned h = 0; while…continue.
Derick Bailey put together a set of Motivational Posters to illustrate the SOLID principles. SOLID is a set of principles that help guide OO code towards greater testability. They increase cohesion and reduce dependencies, hence, coupling.
Single Responsibility Principle — A class should have one, and only one, reason to change
Ideally, a class or a function will do only one thing and do it well, in only a few lines.
Recently, I refactored two large functions. One function proxied an HTTP request: it had to selectively copy request headers, construct other headers, copy the request body, make the request, handle exceptions, selectively copy response headers, construct other headers, and copy the request …continue.
I like Stack Overflow, Jeff Atwood's programming Q&A site. It's quickly become a go-to place for all kinds of programming questions. It's certainly easier to find a definitive answer there than trying to wade through a thread in a mailing list archive. The social dynamics seem to be working and a definite community has evolved.
I've been going there more often recently. I browse the hot questions and I often learn something from them.
I'm answering some questions too. I've been doing this for twenty years on Usenet and mailing lists. I might as well get a little credit for it on SO. My reputation is 131 as I write this: …continue.
I was Toastmaster of the Day at this evening's meeting of Freely Speaking Toastmasters. My theme was software development and I wanted to give the non-developer audience a taste for what it's like to write a program. I talked about writing a simple Sudoku game.
Yesterday, I read Programming Sudoku for background. I bought this book for Emma after reading about it on Scott Hanselman's blog. It's targeted at beginning programmers and walks them through building a Sudoku game and solver. I was hoping to get Emma more interested in programming—unsuccessfully. She found …continue.
Crockford is one of the world's leading JavaScript experts. In this slim volume, he explores the features of the core language, both the good parts and the warts.
JavaScript has been redeemed since 2005 with the explosive proliferation of Ajax websites. Long regarded as a toy language, suitable for little more than generating popups, we have come to learn that in the hands of experts like John Resig (of jQuery fame), JavaScript can be a powerful, expressive language. Anonymous functions, duck typing, and dynamic objects are all good …continue.
Tomas Restrepo wrote a post about sharing dotfiles between Windows and Ubuntu, specifically about sharing .vimrc (Linux) and _vimrc (Windows) and the .vim (Linux) and vimfiles (Windows) directories.
I have a different solution. On Windows, my C:\AutoExec.bat includes:
set HOME=C:\gvr set VIM=C:\Vim set VIMDIR=%VIM%\vim71 set EDITOR=%VIMDIR%\gvim.exe set PATH=%PATH%;C:\Win32app;C:\GnuWin32\bin;C:\UnxUtils;C:\SysInternals;C:\Python25\Scripts
%HOME% (C:\gvr) contains _vimrc, vimfiles, and other stuff accumulated over many years. This directory is stored in a personal Subversion repository at DevjaVu. All my Vim files are stored with Unix LF endings, not Windows CR-LFs, so that they'll work on my Mac OS X and Linux boxen. I play some games with if has("win32") and if has('gui_macvim') to ensure that my _vimrc works cross-platform.
On my *nix boxes, the gvr …continue.
I find it useful to have multiple Firefox profiles for developing and testing. A clean profile for testing allows you to replicate most users' environments, who don't install extensions. Running a development profile in a separate profile lets you restart the browser without messing with your default environment. You can also run Firefox 2 and Firefox 3 side-by-side in separate profiles.
More at the Cozi Tech Blog.
Over at Cozi, we've started a new technical blog. I just put my first post up, describing a nasty problem we had late last year.
Here's the summary:
Internet Explorer 6 does not support transparency in PNG images. The best-known solution is to use the DirectX AlphaImageLoader CSS filter. It's less well known that using AlphaImageLoader sometimes leads to a deadlock in IE6. There are two workarounds. Either wait until after the image has been downloaded to apply the filter to the image's style, or use the little-known transparent PNG8 format instead of the filter.