Tag Archives: programming

[not] Protecting web sites and services from DNS rebinding attacks

Update: Nope, my solution won’t work. As Christian Matthies points out in the comments, it is possible to spoof the HTTP Host header as well (his link in the comment is broken because of an extra comma, but this one … Continue reading

Tagged , , , | 8 Comments

Three simple tips for LAMP web site developers

You’ve learned to write some basic HTML, CSS, PHP/Python/Perl and SQL, found a hosting service, and are ready to create your first LAMP web application. You’ve already read a bit about security (you know always to escape user-supplied parameters, etc.). … Continue reading

Tagged , , , | 3 Comments

Coding lessons from university

Dare Obasanjo, smart code guy and occasional punching bag for the anti-Microsoft people, is collecting lists of Three Things I Learned About Software In College. I posted mine in a comment on his blog, but decided to reproduce them here. … Continue reading

Tagged , | Comments Off on Coding lessons from university

Maybe the women are right

Summary: Perhaps the women who don’t choose computer programming are making a good choice, especially with the deteriorating working conditions, stagnant or falling salaries, and offshoring. Recently, we’ve had a few postings about women in computing (or the lack thereof) … Continue reading

Posted in Uncategorized | Tagged , , , | 2 Comments

Ruby on Rails pain at Twitter

Josh Kenzer has posted an interview with Alex Payne, a developer for Twitter, which is one of (if not the) biggest Ruby on Rails-based web apps. A couple of years ago, when I was getting tired of working within the … Continue reading

Tagged | 1 Comment

In praise of architecture astronauts

Six years ago, Joel Spolsky wrote a piece on Architecture Astronauts, people who get so obsessed with the big picture that they miss the important little details that actually make things work. More recently, Dare Obasanjo pointed to Spolsky’s piece … Continue reading

Tagged | 5 Comments

Templating languages and XML

Erich Schubert is talking about web templating languages. He’s looking for a pure-XML templating solution, but that might not be necessary for simple web-page design, where we don’t need all the extra benefits of heavy-duty transformation standards like XSLT. Keeping … Continue reading

Tagged , , | 10 Comments

Gap buffers

Tim Bray updated an old piece on binary search this morning — I missed it the first time around, so I was glad that it popped up in my blog reader. Tim’s taking some flak about data abstraction from people … Continue reading

Tagged , | 1 Comment

Continuations, cont'd

[Update: see further contributions to the discussion from Ian Griffiths, Avi Bryant, James Robertson, and Joe Duffy; note also John Cowan’s excellent comment below, pointing out that hidden fields work with the back button but not with bookmarks.] It looks … Continue reading

Tagged , , | 11 Comments

How many environments?

Assume that you are a lone developer, maintaining a small web site in a shared hosting account. How many software environments do you need from development to production? One environment On the simplest level, you could develop directly in your … Continue reading

Tagged , | 7 Comments