Ummagumma
June 24, 2005
I'm listening to Pink Floyd's Ummagumma right now. Ah, memories.
In high school, several of my friends were starting an intramural sports team and tried to call themselves "Several Species Of Small Furry Animals Gathered Together In A Cave And Grooving With A Pict" (those familiar with the album will recognize the song title). For unspecified reasons, the school administration did not allow that name. Years later, the decision still seems ridiculous.
Quick Links
June 23, 2005
I use del.icio.us with wild abandon. I thought that might put an end to the "quick links" blog entries, but as it turns out a few recent items merit being called out.
- The Microsoft patterns and practices group have put a security wiki on Channel9.
- Threats & Countermeasures wiki, "a community web site dedicated to discussing, documenting and sharing information security threats and countermeasures." It's launched with a lot of content I've mentioned before.
- Amit Klein explores security issues of devices between the client and the server: "Meanwhile, on the other side of the web server".
- Justin Rogers has a new article on MSDN, "Understanding and Solving Internet Explorer Leak Patterns.". Closures are exceedingly useful but it's important to note where they might cause problems.
- Josh McAdams interviews Mark Jason Dominus on Perlcast. MJD's book, Higher-Order Perl, is one of the most exciting things I've read recently.
- The Shock of Being Shocked, a wonderful essay in response to the Amnesty International report critical of US activities.
- On Obsidian Wings, another marvelous essay: More Things We Throw Away.
- Did I mention that I'm going to YAPC::NA? :-D
More "real" entries soon.
Heat
June 22, 2005
It's been hot lately. Mid-80s most days, tomorrow is will be 95. Kiara … well, she doesn't handle the heat all that well. I grew up believing that 80-85 is ideal, but once it gets above 75 Kiara pretty much loses it. Especially considering how humid it's been. I came home today to the announcement that we are buying an air conditioner. Just big enough to cool the living room. The house has forced air, so we plan to get AC for the whole house in a few years once we can scrape together a few thousand dollars, but until then making life tolerable for my sweetie would be a Good Idea.
So off we go, pick up the window unit, come home, put the kid to bed, read the instructions, and find that we need pieces of wood to brace the air conditioner on the sill. Great. We have some odd-sized scraps about, but nothing that actually works. I'm waiting now, while Kiara races off to Menards to buy wood.
The real test, I think, will be putting it in the window without waking Owen.
Update: That went reasonably well. We managed not to wake the boy, even with the nail pounding. I don't understand why these things just don't fall out of windows all the time, though, it seems a tenuous setup at best.
I'm Going to YAPC!
June 20, 2005
Kiara pulled off a big surprise for Father's Day: she's sending me to YAPC::NA! We're spending a couple days in Toronto before the conference, then I'm immersing myself in Perlish goodness for three straight days while she treats the time as a writing retreat. We'll try to spend the evenings doing fun stuff around town. We were trying to figure out how to swing a short vacation in Canada this August to mark our tenth anniversary, and this is it. How very cool.
Securing PHP installation
June 15, 2005
Ivan Ristic, author of the new and well-received book Apache Security, has released a PDF of the chapter on PHP to accompany the Apache installation and confguration chapter.
What a good resource. I've really got to read Apache Security. It's on my list, but since I don't spend my days immersed in Apache anymore, it hasn't been a priority. Buit these two chapters are quite good, and I'm making security a bigger part of my job, so I'll have to make the time for the book.
OWASP Guide 2.0 Beta
June 14, 2005
The last few days I've been reading through the first beta of the OWASP Guide to Building Secure Web Applications, trying to find time to submit my comments and corrections. Aside from a section on "scripting" languages that I think is pretty harsh, it's shaping up into something very good. There's a large section on phishing that surprised me: I hadn't considered what I could do as a developer to reduce the likelihood of phishing, beyond user education (which seems hopeless). Good stuff.
Blocking mailtos in Firefox.
June 06, 2005
I love this Firefox setting:
network.protocol-handler.warn-external.mailto
If this is set to true and you click a mailto link, Firefox warns you before launching an external program to send email.
Try it. Type about:config in the location bar (where URLs go), find network.protocol-handler.warn-external.mailto, and double-click that line to set it to true.
Then click this link: bogus@afongen.com. If you check the "Remember my choice" box before you cancel the alert box that pops up, Firefox sets network.protocol-handler.external.mailto to false, and never again will you accidentally launch an email program. Instead you can right-click an email address, select "Copy Email Address" and do what you want with it.
I prefer to keep network.protocol-handler.external.mailto set to true, so I get the alert each time.
On test-driven development
June 02, 2005
From Edsger W. Dijkstra's ACM Turing Lecture in 1972:
Today a usual technique is to make a program and then to test it. But: program testing can be a very effective way to show the presence of bugs, but is hopelessly inadequate for showing their absence. The only effective way to raise the confidence level of a program significantly is to give a convincing proof of its correctness. But one should not first make the program and then prove its correctness, because then the requirement of providing the proof would only increase the poor programmer's burden. On the contrary: the programmer should let correctness proof and program grow hand in hand.… If one first asks oneself what the structure of a convincing proof would be and, having found this, then constructs a program satisfying this proof's requirements, then these correctness concerns turn out to be a very effective heuristic guidance.
33 years later and people still think you're nuts to suggest it.
My brother switches to Linux
June 01, 2005
I was talking to my brother the other day and out of the blue he asked me what Linux distribution I'd recommend for casual home use. That was a surprise: the last time I heard him mention Linux was five years ago when he bought me a copy of Running Linux and questioned whether I really wanted to read it. I believe he thought me slightly mad. Heh. I haven't really been following the Linux distro world closely in recent years, but coincidentally I had just been listening to the distro wars on LugRadio, so with due consideration I said maybe Ubuntu, possibly Red Hat if only because there's lots of books available, but more than likely Linspire, as they're targeting people like him.
Turns out that he'd gone to upgrade his computer from Windows 98 recently, didn't feel like shelling out whatever they were asking for XP, and so on the spot made the switch to Linux. He chose Linspire and seemed happy with the decision.
Cool. When he and his wife got broadband a couple months ago, I shuddered to think what would happen to their poor, unprotected Windows 98 box. Now I'm a bit more comfortable — and very curious to see Linspire in action.
Now my sister writes to say that she's frustrated that the software that came with their new digital camera won't run on Windows 95. Oh, the perils of not upgrading every 10 years :) So hmmm...
PHP Podcast
June 01, 2005
I've been enjoying Perlcast, a regular podcast for the Perl community. In particular, the interviews have been engaging and entertaining. Now we have Pro PHP, a PHP podcast from Marcus Whitney. If he can pull off what he plans, this one will be a keeper.
In lieu of a dynamic language rant.
June 01, 2005
I always feel on the verge of a long, scathing rant about "enterprise" Java development and resistance to dynamic languages. I've been promising this to myself for a couple years now, but I never quite manage to write it. Not sure why, it's not as if I'm not angry enough.
So in case you haven't seen them, you should read Ryan Tomayko's recent entry, IBM poop heads say LAMP users need to "grow up", and Bill de hÓra's No more nails: making good technology choices.
Activist Judges Indeed
June 01, 2005
My sister passed along this tidbit: an Indiana judge has ruled that two parents must not raise their child in their Wiccan religion, forbidding them from exposing the child to "non-mainstream religious beliefs and rituals," out of apparent concern that it would confuse the poor kid, who attends a Catholic school.
So why not forbid him to attend the Catholic school?
That'll be shot down. I'm appalled that it hasn't already been.
Impressively, conservative Christian groups such as the American Family Association of Indiana have sided with the parents.
