George V. Reilly

Iframes: thinking outside the box

New post to the Cozi Tech Blog: Iframes: thinking outside the box.

Using an iframe to host some content turned out to be a big pain, so I came up with a different approach.

Hash Table Attacks

At lunch today, I told Eric about Hash Attacks: for many hash functions, it's possible to construct a large set of keys that collide. This can be used to cause a Denial of Service as hashtable operations can be induced to take O(n) time instead of O(1).

Crosby and Wallach suc­cess­ful­ly demon­strat­ed this against a number of ap­pli­ca­tions.

Andrew has a good writeup of Hash Algorithm Attacks.

There are various mit­i­ga­tions suggested. The one that I used when I first became aware of this problem is to use a salt to the hash function.

In other words, change:

unsigned hash(const char* s)
    unsigned h = 0;

SOLID Development Priniciples – in Motivational Posters

Derick Bailey put together a set of Mo­ti­va­tion­al Posters to illustrate the SOLID principles. SOLID is a set of principles that help guide OO code towards greater testa­bil­i­ty. They increase cohesion and reduce de­pen­den­cies, hence, coupling.

Single Re­spon­si­bil­i­ty Principle — A class should have one, and only one, reason to change

Ideally, a class or a function will do only one thing and do it well, in only a few lines.

Recently, I refactored two large functions. One function proxied an HTTP request: it had to se­lec­tive­ly copy request headers, construct other headers, copy the request body, make the request, handle exceptions, se­lec­tive­ly copy response headers, construct other headers, and copy the request continue.

Stack Overflow

I like Stack Overflow, Jeff Atwood's pro­gram­ming Q&A site. It's quickly become a go-to place for all kinds of pro­gram­ming questions. It's certainly easier to find a definitive answer there than trying to wade through a thread in a mailing list archive. The social dynamics seem to be working and a definite community has evolved.

I've been going there more often recently. I browse the hot questions and I often learn something from them.

I'm answering some questions too. I've been doing this for twenty years on Usenet and mailing lists. I might as well get a little credit for it on SO. My reputation is 131 as I write this: continue.

Review: Programming Sudoku

Title: Pro­gram­ming Sudoku
Author: Wei-Ming Lee
Rating: ★ ★ ½
Publisher: Apress
Copyright: 2006
Pages: 214
Keywords: pro­gram­ming, in­tro­duc­to­ry
Reading period: 22 February, 2009

I was Toast­mas­ter of the Day at this evening's meeting of Freely Speaking Toast­mas­ters. My theme was software de­vel­op­ment and I wanted to give the non-developer audience a taste for what it's like to write a program. I talked about writing a simple Sudoku game.

Yesterday, I read Pro­gram­ming Sudoku for background. I bought this book for Emma after reading about it on Scott Hansel­man's blog. It's targeted at beginning pro­gram­mers and walks them through building a Sudoku game and solver. I was hoping to get Emma more interested in pro­gram­ming—un­suc­cess­ful­ly. She found continue.

Review: JavaScript: The Good Parts

Title: JavaScript: The Good Parts
Author: Douglas Crockford
Rating: ★ ★ ★ ★
Publisher: O'Reilly
Copyright: 2008
Pages: 153
Keywords: pro­gram­ming, javascript
Reading period: 27 May–15 June, 2008

Crockford is one of the world's leading JavaScript experts. In this slim volume, he explores the features of the core language, both the good parts and the warts.

JavaScript has been redeemed since 2005 with the explosive pro­lif­er­a­tion of Ajax websites. Long regarded as a toy language, suitable for little more than generating popups, we have come to learn that in the hands of experts like John Resig (of jQuery fame), JavaScript can be a powerful, expressive language. Anonymous functions, duck typing, and dynamic objects are all good continue.

Sharing Dotfiles between Windows and \*nix

Tomas Restrepo wrote a post about sharing dotfiles between Windows and Ubuntu, specif­i­cal­ly about sharing .vimrc (Linux) and _vimrc (Windows) and the .vim (Linux) and vimfiles (Windows) di­rec­to­ries.

I have a different solution. On Windows, my C:\AutoExec.bat includes:

set HOME=C:\gvr
set VIM=C:\Vim
set VIMDIR=%VIM%\vim71
set EDITOR=%VIMDIR%\gvim.exe
set PATH=%PATH%;C:\Win32app;C:\GnuWin32\bin;C:\UnxUtils;C:\SysInternals;C:\Python25\Scripts

%HOME% (C:\gvr) contains _vimrc, vimfiles, and other stuff ac­cu­mu­lat­ed over many years. This directory is stored in a personal Subversion repository at DevjaVu. All my Vim files are stored with Unix LF endings, not Windows CR-LFs, so that they'll work on my Mac OS X and Linux boxen. I play some games with if has("win32") and if has('gui_­macvim') to ensure that my _vimrc works cross-platform.

On my *nix boxes, the gvr continue.

Multiple Firefox Profiles: Run Firefox 2 and 3 Side-By-Side, and More

I find it useful to have multiple Firefox profiles for developing and testing. A clean profile for testing allows you to replicate most users' en­vi­ron­ments, who don't install extensions. Running a de­vel­op­ment profile in a separate profile lets you restart the browser without messing with your default en­vi­ron­ment. You can also run Firefox 2 and Firefox 3 side-by-side in separate profiles.

More at the Cozi Tech Blog.

Transparent PNGs Can Deadlock IE6

Over at Cozi, we've started a new technical blog. I just put my first post up, describing a nasty problem we had late last year.

Here's the summary:

Internet Explorer 6 does not support trans­paren­cy in PNG images. The best-known solution is to use the DirectX Al­phaIm­age­Loader CSS filter. It's less well known that using Al­phaIm­age­Loader sometimes leads to a deadlock in IE6. There are two workarounds. Either wait until after the image has been downloaded to apply the filter to the image's style, or use the little-known trans­par­ent PNG8 format instead of the filter.

More here.

Review: Pro JavaScript Design Patterns

Title: Pro JavaScript Design Patterns
Author: Ross Harmes, Dustin Diaz
Rating: ★ ★ ★ ★
Publisher: Apress
Copyright: 2008
Pages: 269
Keywords: pro­gram­ming, javascript
Reading period: 4 January–? ???, 2008
Previous » « Next