Posts Tagged ‘rails’

Better Living Through Happy Code

Posted in programming on September 16th, 2009 by irv – 3 Comments

In my current employment I’m a website programmer. And a technology researcher and system administrator and probably a couple other things. But that’s not important right now. It’s the programming stuff that matters tonight. I have a big deadline coming up in a couple days and I’ve been putting in some extra hours and I’ve had something of an epiphany. It’s probably nothing new to other programmers but it is to me.

We need more comment labels.

It’s like this: Programmer’s make notes in the code we write. They’re called comments. There are certain commonly accepted prefixes that can start a comment – so commonly accepted that certain IDEs (for people who don’t know what that means, think of it as a window you type programs into) recognize them. Some IDEs will apply special highlighting to the labels so they are easy to see. This makes it simple to look at a file and find places where improvements need to be made.

The most common of these labels are TODO and FIXME. Here’s an example from one of my current projects:

#TODO: Move this function to the observer

For the record, I use TODO  a lot more often than FIXME. It would be nice to never use FIXME but sometimes there are other considerations than making every piece of code perfect. Like lunch. Or the demo that’s coming up in 15 minutes and the code had better be working (even if it’s not very pretty).
read more »

Someone Actually Listened?!?

Posted in Internet, coding projects on March 24th, 2009 by irv – 2 Comments

Thanks to my job at Xerox, I had the fun and interesting experience the other day of answering some questions emailed to me by Amanda Morin, half of the Ruby team at About.com. This is new stuff to me. Some of the questions made me feel like I was doing a midterm in grad school! But the end result is not too bad, though she (probably wisely) cut my comment about scaling Java in comparison to Ruby (anyone who knows me, knows I’m other than a fan of Java).

The basic questions were about Ruby and about Cloud Computing. What do you know but 2 days after answering all those questions, I run across an article that states the obvious but little thought of idea that cloud computing may be a new thing for business but it’s old news for cyber criminals. What do you think a botnet is but a resource cloud? Wish I had seen it before! Oh well, check out the article Botnets and illicit file swapping: the original “cloud computing” and an older take at Cloud Computing: Invented By Criminals, Secured By ???

In addition to interviewing me, Amanda interviewed Hampton Catlin, who (unlike me) really knows what he’s talking about. There’s a series of articles on the subject. Go see the articles. Learn something and make it look like someone out there has an interest in what I have to say (It’s okay to pretend).

Interviews with me

Other bits of the series (also interesting, though not as much):

updates

3/25/2009: Fixed bad link on “What is Cloud Computing” That was mistakenly pointing to the Hampton Catlin interview.

What do you mean I forgot the security?

Posted in science, security on February 15th, 2009 by irv – 4 Comments

Is security a science? (I mean specifically computer/Internet security here.) Maybe the question is trivial but sometimes I wonder. The question occurred to me as I was reading a section on cross-site scripting attacks in Ed Skoudis’s excellent book Malware: Fighting Malicious Code, which is the textbook for a class I’m taking. Being a curious sort of guy, I tried it out. I took a prototype web site I had developed for my job and inserted some javascript into a text field, just to see if it would work. It did.

I had the advantage of knowing that I had not included defenses against such an attack in the code because it was a prototype intended to work through a problem, not an actual attempt to build a real live website. It was never going to see real life on the Internet. Well, it seems now that this may not be true. I’ve moved on to other things while that old prototype site has been handed to another programmer to build out into a more complete system. I guess I’d better warn the programmer that he has to include some kind of white listing or tag stripping in the data entry fields before it goes live.

Monday I guess I’ll add it to his backlog. It’s already on mine for the current project (at least, I hope it is!).
read more »