The READIN Family Album
Adamastor, by Júlio Vaz Júnior

READIN

Jeremy's journal

When he woke up, the dinosaur was still there.

Augusto Monterroso


(This is a page from my archives)
Front page
Most recent posts about Programming Projects
More posts about Projects

Archives index
Subscribe to RSS

This page renders best in Firefox (or Safari, or Chrome)

Friday, October 12th, 2007

🦋 Passed the first test

So in my log I see a bunch of requests today for

GET blog/?k=<keyword> \'\'
and(char(94)+user+char(94))>0 and 
\'\'\'\'=\'\'

where <keyword> is one of the keywords that links exist to on the site; and also I see that my script translated those requests to

<keyword> \\\'\\\' 
and(char(94)+user+char(94))>0 and 
\\\'\\\'\\\'\\\'=\\\'\\\'
before passing them to the database. So the queries just returned empty sets instead of wreaking whatever havoc they might have wruck unescaped. Yay PHP! Yay careful programming!

(Note: but while editing this post I realized there is a different kind of escaping that you have to do when you are writing to forms -- the < and > signs were translating to markup in my inputs. Funny I never ran into that problem on the old site, you wouldn't think it would be a PHP-vs.-ASP distinction.)

Update: So what do I have to do to ban these guys from my site? I tried putting the following in my httpd.conf:

<Directory (path to root of my site)> order allow,deny deny from (IP) deny from (IP) allow from all </Directory>
and restarting the service, but that does not seem to have done it.

Another Update: I think I got it: the Directory directive in apache2/sites-available/default is overriding the directive in httpd.conf because httpd.conf is included first. I think I just need to take the default directive out.

posted evening of October 12th, 2007: Respond
➳ More posts about The site

Monday, October 8th, 2007

So as I go through my site testing various filters and archive pages, I am reading a fair amount of what I've written over the last four years. And -- im ganzen und großen -- I'm pretty happy with it.

posted evening of October 8th, 2007: Respond
➳ More posts about Projects

🦋 Categories

Like I said below, I don't have much experience with database design. I don't really have any clue how to write a design document. But I want to describe the design I've come up with and see if I can make it sound as good as it appears to me to be.

The thinking behind this is as follows: I have a lot of text records ("posts") which I want to classify by subject. I've done this, just like every other blog around, by using keywords -- if I tag a post with "food" say, or "singing", then it will show up when somebody looks at the site filtering for that subject. This is implemented with a simple search through the list of keywords on each post; not particularly fast but that's not a major problem in the context of my low-traffic site.

But when I was putting the new software together, I had the idea that it would be great if, when somebody looked at the blog filtering for "food", they would see a little sidebar explaining what I write about when I write about food, and maybe some links to food sites I like etc. And more to the point, when somebody filters for "book:namered" (which is how I've been tagging my reading posts, "book:" and then a short identifier for the title), they would see up top that the posts were about My Name is Red by Orhan Pamuk, links to some outside reviews, links to Amazon and Abebooks, maybe a list of other of Pamuk's books that I have written about. So that is the problem I am trying to solve; and I think my solution is a pretty good one.

First, simple keywords, like "food" and "singing". This is pretty easy; I have a table keyword with columns tag and description -- the description is what will be displayed in the sidebar when somebody filters by the tag. And I have a table (which I decided to name categories, for reasons that will soon become apparent) with two columns, postid and keyword -- I can join this table with posts when I want to do a filtering operation.

Now what about the complex keywords like "book:namered", which include a class and an instance? Well check it out: every time I add a keyword which has a new class, I can just add a column to the categories table with the class name as the column name. And add a table with that name, which looks the same as the keyword table. And think of simple keywords as a special case of complex keywords, as if they had "keyword:" in front of them. So if somebody requests a filter for "book:namered", I can query from "posts JOIN categories ON posts.id = categories.postid JOIN book ON categories.book = book.tag" where book.tag = "namered". This will work for movies, projects, whatever. But the really cool thing is, I can add whatever columns I want to the book table and write a custom script to display the data associated with the tag "namered" in my sidebar.

Consider these three requests:

  • SELECT posts.* FROM posts JOIN categories ON posts.id = categories.postid WHERE categories.book = 'namered';
    (This query would be represented by the keyword "book:namered".)
  • SELECT DISTINCT posts.* FROM posts JOIN categories ON posts.id = categories.postid JOIN book ON categories.book = book.tag;
    (This query would be represented by the keyword "book:".)
  • SELECT posts.* FROM posts JOIN categories ON posts.id = categories.postid JOIN book ON categories.book = book.tag WHERE book.author = 'pamuk';
    (This query would be represented by the keyword "book:author:pamuk".)

The first query will bring back all posts about My Name is Red. The second query will bring back all posts about reading any book. The third query will bring back all posts about reading any book by Orhan Pamuk. And all this is pretty easy to automate! It's all nearly in place!

The next step, which will be a bit of effort to keep it elegant but totally within reach, is to create an administrative page for writing scripts to render an informative sidebar based on the column data contained in, say, the "namered" record in books.

posted evening of October 8th, 2007: Respond
➳ More posts about Programming

🦋 Programming head

Is a head I like to be in. For like a week now I've been thinking non-stop about the design of the site, how I can put features in and have the code look elegant and run quickly, what features belong in a coherent model. It gives me a real feeling of focus, like I have when I'm reading a book that I'm really absorbed in. It can be annoying not to be able to focus on other stuff, but oh well, it's pretty much worth it.

posted evening of October 8th, 2007: Respond

🦋 On reinventing the wheel

When I was new to programming, in 1994 or '5 -- when OLE was a pretty freshly minted technology -- one of the projects I was working on was a way to abstract the functionality of some of my company's libraries into a common interface so that a program could load any of the libraries dynamically at runtime, based on a string key. I came up with the stunning realization that the interface could be expressed as a pure virtual C++ base class. All the libraries had to do was to export a function called "Create_x" which would instantiate an object whose class inherited interface x.

This seemed to me like an awesome bit of innovation. By funny coincidence, another project I was working on around the same time was converting some of the company's VBX controls to OCX. (I don't think the term "ActiveX" had even been coined yet, but regardless we were not using it.) I wasn't reading the documentation of OLE very closely, relying on Microsoft's compiler to do most of the work for me; so it wasn't until a month or so later that I realized I had just reinvented a subset of OLE, and that I could have used OLE's framework to give my design a little more robustness. But whatever, the feeling that I was doing something new and inventive was payoff enough.

So why this now? Well, I've been doing some pretty intensive design work in coming up with the database that supports this blog ("READIN 2.0", I am calling it in my head), and I have come up with a pretty cool idea. It seems innovative to me because it is something I've never heard of anyone doing; but I am not at all schooled in database design. I will write it up later on or tomorrow, and hopefully somebody will write back to me and let me know who invented it and where I can find out more.

posted evening of October 8th, 2007: Respond

Saturday, October 6th, 2007

🦋 New features

OK so it's a little corny... I spent last night and some of this morning writing code to administer and display at random different images and quotes at the top of the blog. This is fun, but I think I am doing it mainly for the sake of getting better at writing SQL queries and PHP scripts. The administrative pages are set up pretty nice and clean, I think.


...And guess what I have now!!! -- The ability to delete posts, something I have never been able to do before; and an automated backup script for the whole site, databases and scripts and all. Currently all my data zips up to ¾M.


Ok, so instead of putting up new posts every time I add a feature, I am just going to update this post for a while. (Hopefully I will get out of programmer head sometime and be able to think about anything besides updating the site...*) Just now I wrote a really cool addition to the database which handles categorization of posts with SQL joins instead of dumb text searching. This will eventually, I am thinking, allow me to include lots of interesting (?) information in the sidebar about what category of post is being displayed, which will involve some pretty sophisticated programming.


*This morning I was trying to read Other Colors and I couldn't stop thinking about database tables! How annoying.

posted afternoon of October 6th, 2007: Respond
➳ More posts about php

Friday, October 5th, 2007

🦋 Linkrot

So here's what I did, see: There are thousands of links all over the internets pointing to my blog, with the address http://www.readin.com/blog/blog.asp. Well I wanted to write the site in PHP; but what to do about all those old links? As it turns out I just kept the same url and told my http server to send .asp files to php:

AddHandler php5-script asp

I'm pretty sure the new script is able to handle all the parameters the old script was, and to give back quite similar results for nearly any set of parameters. So hopefully all those old links are going to continue to work.

posted evening of October 5th, 2007: Respond

🦋 And, we're live!

Hi everybody, this is my new blog. I realize it looks largely the same as my old blog, if not indistinguishable. But it's quite different under the interface, and I have got lotsa plans for ways to enhance it and improve your user experience. (Hopefully they will come to fruition sooner than the plans expressed in the last paragraph here.)

posted evening of October 5th, 2007: Respond

Sunday, March 11th, 2007

🦋 Interval

Here is a bash script to determine the interval between two date/times. Parameters are two dates, specified using any format the date utility can recognize; if the second parameter is omitted, "now" is assumed. Output is the number of seconds between the two, followed by "d h:m:s" format.

 #!/bin/bash

if [ $# -eq 0 ]
then
echo Usage: `basename $0` \ \[\\ default \"now\"\] >&2
exit -1
fi

start=`date +%s -d "$1"`
if [ $# -eq 1 ]
then
fin=`date +%s`
else
fin=`date +%s -d "$2"`
fi

res=`expr $fin - $start`
if [ $res -lt 0 ]
then
res=`expr 0 - $res`
fi

echo $res sec
d=`expr $res / 86400`
t=`expr $res % 86400`
h=`expr $t / 3600`
ms=`expr $t % 3600`
m=`expr $ms / 60`
s=`expr $ms % 60`
if [ $d -gt 0 ]
then
echo -n $d day
if [ $d -gt 1 ]
then
echo -n s
fi
echo -n \
fi
if [ $t -gt 0 ]
then
echo -n $h\:
if [ $m -lt 10 ]
then
echo -n 0
fi
echo -n $m
if [ $s -gt 0 ]
then
echo -n \:
if [ $s -lt 10 ]
then
echo -n 0
fi
echo -n $s
fi
fi
echo

posted evening of March 11th, 2007: Respond

Friday, January 13th, 2006

🦋 Sum of 2 different squares, 3 different ways

Over at Unfogged, Frederick suggests that 325 is the smallest number which can be expressed as a sum of two perfect squares three different ways. I just wrote a program to check this which confirms Frederick's suspicion; here it is if you want to check my logic.

 #include 
 
 int perfect[] = {
     1, 4, 9, 16, 25, 36, 49, 64, 81, 100, 
     11 * 11, 12 * 12, 13 * 13,
     14 * 14, 15 * 15, 16 * 16, 17 * 17, 
     18 * 18, 19 * 19, 20 * 20
     };
 
 bool IsSumOfSq(int s, int &a, int &b, int x1, int x2)
 {
     for (int i = a + 1; i < 20; ++i)
     {
         if (s < perfect[i])
             return false;
         int diff = s - perfect[i];
         for (int j = 0; j < 20; ++j)
             if (j == x1 || j == x2)
                 continue;
             else if (perfect[j] == diff)
             {
                 a = i;
                 b = j;
                 return true;
             }
     }
 }
 
 int main()
 {
     int i;
     for (i = 0; i < 400; ++i)
     {
         int a = -1, b;
         if (IsSumOfSq(i, a, b, -1, -1))
         {
             int c = a, d;
             if (IsSumOfSq(i, c, d, a, -1))
             {
                 int e = c, f;
                 if (IsSumOfSq(i, e, f, a, c))
                 {
                     printf("%d = %d^2 + %d^2\n"
                           "    = %d^2 + %d^2\n"
                           "    = %d^2 + %d^2", 
                         i, a + 1, b + 1, c + 1, 
                         d + 1, e + 1, f + 1);
                     break;
                 }
             }
         }
     }
     return 0;
 }
 

Output:

325 = 1^2 + 18^2
    = 6^2 + 17^2
    = 10^2 + 15^2

posted evening of January 13th, 2006: Respond

Previous posts about Programming Projects
Archives

Drop me a line! or, sign my Guestbook.
    •
Check out Ellen's writing at Patch.com.

Where to go from here...

Friends and Family
Programming
Texts
Music
Woodworking
Comix
Blogs
South Orange
readincategory