For my next book, I’m trying to develop a reasonably comprehensive list of technologies which are potentially vulnerable to injection attacks. SQL injection is the most common, but there are of course many others. So far here are the ones I’ve got. What else am I missing?
I’ve been so busy with writing lately that I haven’t had a lot of time to bird. However, yesterday I took a couple of hours for a spin around Prospect Park. I felt like I was playing hooky, and that I should really be writing instead. (I’ve got a looming deadline for March 15.) Nothing too surprising, 30 species total including my first King’s County Common Merganser for the year:
Read the rest of this entry »
I was debugging some problems quoting a piece of a Google Doc article when I noticed something funny in their HTML source, an apparent string bogon. For example:
<pre> List<String><string> ls = ... ;<br/> Collections.sort(ls, new Comparator<String>() {<br/> public int compare(String s1, String s2) {<br/> return s1.length() - s2.length();<br/> }<br/> });<br/></string></pre>
In context, I think this is really a tag, not a badly escaped piece of the source document. A little googling didn’t find any information about it. I’m fairly sure this was never a real HTML tag or a browser extension, though I could have missed one somewhere. Can anyone shed some light on this?
Read the rest of this entry »
Eddie Hargreaves has a nice write-up of nine Windows features Mac OS X should adopt. I agree (or at least don’t disagree) with eight of them. However the one I part company on is #5, “Refresh keystroke/toolbar button for Finder windows”. Eddie explains:
Nearly every major revision of OS X has touted an “improved Finder†and one of the improvements has been the updating of folder contents. But there are still occasions where a file has been updated and its appearance in a Finder window goes unaltered. Windows toolbars have a refresh button that can be used to update the contents of the window. Since Apple has already copied the concept of making Finder windows look and act like browser windows (forward/backward buttons) they should add a refresh or reload button. They wouldn’t even have to create a new toolbar button icon, since they could just use the one from Safari. They could even use the same keyboard shortcut, since Command-R is currently unused in the Finder. Ideally, a refresh button shouldn’t be needed in the Finder at all, but we’ve seen four major revisions of OS X and it still hasn’t become unnecessary.
Sorry. That is totally the wrong solution to the problem, and totally a Windows way of thinking. You do not put an extra button in to make the computer do something it can and should do automatically. If there’s a problem with auto-detecting the need for refresh, then you fix the underlying problem so auto-refreshs happen automatically. You do not complexify the interface. The product is done when there’s nothing more to take out, not when there’s nothing left to put in.
For my next book, I need a complete list of all the empty tags possible in classic HTML such as <br>, <img>, and <hr>. This is a list of the genuinely empty elements, not including the ones with omitted end-tags such as <p> and <li>.
So far here are the ones I’ve got. Am I missing any?
Read the rest of this entry »
