Author Archive

Security

Quick Links

I use del.icio.us with wild abandon. I thought that might put an end to the “quick links” blog entries, but as it turns out a few recent items merit being called out.

More “real” entries soon.

Uncategorized

Heat

It’s been hot lately. Mid-80s most days, tomorrow is will be 95. Kiara … well, she doesn’t handle the heat all that well. I grew up believing that 80-85 is ideal, but once it gets above 75 Kiara pretty much loses it. Especially considering how humid it’s been. I came home today to the announcement that we are buying an air conditioner. Just big enough to cool the living room. The house has forced air, so we plan to get AC for the whole house in a few years once we can scrape together a few thousand dollars, but until then making life tolerable for my sweetie would be a Good Idea.

So off we go, pick up the window unit, come home, put the kid to bed, read the instructions, and find that we need pieces of wood to brace the air conditioner on the sill. Great. We have some odd-sized scraps about, but nothing that actually works. I’m waiting now, while Kiara races off to Menards to buy wood.

The real test, I think, will be putting it in the window without waking Owen.

Update: That went reasonably well. We managed not to wake the boy, even with the nail pounding. I don’t understand why these things just don’t fall out of windows all the time, though, it seems a tenuous setup at best.

Uncategorized

I’m Going to YAPC!

Kiara pulled off a big surprise for Father’s Day: she’s sending me to YAPC::NA! We’re spending a couple days in Toronto before the conference, then I’m immersing myself in Perlish goodness for three straight days while she treats the time as a writing retreat. We’ll try to spend the evenings doing fun stuff around town. We were trying to figure out how to swing a short vacation in Canada this August to mark our tenth anniversary, and this is it. How very cool.

Security

Securing PHP installation

Ivan Ristic, author of the new and well-received book Apache Security, has released a PDF of the chapter on PHP to accompany the Apache installation and confguration chapter.

What a good resource. I’ve really got to read Apache Security. It’s on my list, but since I don’t spend my days immersed in Apache anymore, it hasn’t been a priority. Buit these two chapters are quite good, and I’m making security a bigger part of my job, so I’ll have to make the time for the book.

Security

OWASP Guide 2.0 Beta

The last few days I’ve been reading through the first beta of the OWASP Guide to Building Secure Web Applications, trying to find time to submit my comments and corrections. Aside from a section on “scripting” languages that I think is pretty harsh, it’s shaping up into something very good. There’s a large section on phishing that surprised me: I hadn’t considered what I could do as a developer to reduce the likelihood of phishing, beyond user education (which seems hopeless). Good stuff.

Uncategorized

Blocking mailtos in Firefox.

I love this Firefox setting:

network.protocol-handler.warn-external.mailto

If this is set to true and you click a mailto link, Firefox warns you before launching an external program to send email.

Firefox external protocol request alert

Try it. Type about:config in the location bar (where URLs go), find network.protocol-handler.warn-external.mailto, and double-click that line to set it to true.

Then click this link: bogus@afongen.com. If you check the “Remember my choice” box before you cancel the alert box that pops up, Firefox sets network.protocol-handler.external.mailto to false, and never again will you accidentally launch an email program. Instead you can right-click an email address, select “Copy Email Address” and do what you want with it.

I prefer to keep network.protocol-handler.external.mailto set to true, so I get the alert each time.

Uncategorized

On test-driven development

From Edsger W. Dijkstra’s ACM Turing Lecture in 1972:

Today a usual technique is to make a program and then to test it. But: program testing can be a very effective way to show the presence of bugs, but is hopelessly inadequate for showing their absence. The only effective way to raise the confidence level of a program significantly is to give a convincing proof of its correctness. But one should not first make the program and then prove its correctness, because then the requirement of providing the proof would only increase the poor programmer’s burden. On the contrary: the programmer should let correctness proof and program grow hand in hand.… If one first asks oneself what the structure of a convincing proof would be and, having found this, then constructs a program satisfying this proof’s requirements, then these correctness concerns turn out to be a very effective heuristic guidance.

33 years later and people still think you’re nuts to suggest it.

Uncategorized

My brother switches to Linux

I was talking to my brother the other day and out of the blue he asked me what Linux distribution I’d recommend for casual home use. That was a surprise: the last time I heard him mention Linux was five years ago when he bought me a copy of Running Linux and questioned whether I really wanted to read it. I believe he thought me slightly mad. Heh. I haven’t really been following the Linux distro world closely in recent years, but coincidentally I had just been listening to the distro wars on LugRadio, so with due consideration I said maybe Ubuntu, possibly Red Hat if only because there’s lots of books available, but more than likely Linspire, as they’re targeting people like him.

Turns out that he’d gone to upgrade his computer from Windows 98 recently, didn’t feel like shelling out whatever they were asking for XP, and so on the spot made the switch to Linux. He chose Linspire and seemed happy with the decision.

Cool. When he and his wife got broadband a couple months ago, I shuddered to think what would happen to their poor, unprotected Windows 98 box. Now I’m a bit more comfortable — and very curious to see Linspire in action.

Now my sister writes to say that she’s frustrated that the software that came with their new digital camera won’t run on Windows 95. Oh, the perils of not upgrading every 10 years :) So hmmm…

Uncategorized

PHP Podcast

I’ve been enjoying Perlcast, a regular podcast for the Perl community. In particular, the interviews have been engaging and entertaining. Now we have Pro PHP, a PHP podcast from Marcus Whitney. If he can pull off what he plans, this one will be a keeper.

Uncategorized

In lieu of a dynamic language rant.

I always feel on the verge of a long, scathing rant about “enterprise” Java development and resistance to dynamic languages. I’ve been promising this to myself for a couple years now, but I never quite manage to write it. Not sure why, it’s not as if I’m not angry enough.

So in case you haven’t seen them, you should read Ryan Tomayko’s recent entry, IBM poop heads say LAMP users need to “grow up”, and Bill de hÓra’s No more nails: making good technology choices.

« Prev - Next »