0wn3d

Got a note from Dreamhost that all my crap got hacked.  Restored the Ping to a newer version of WordPress.  Crossing my fingers that that fixed things.

Thanks, Russian spahackermers.

There was a ton of Russian spam on this site for the longest time.  Cleaned it out, but I’m not sure how good a job I did.  Shout out to Google for noticing it and marking the site as “possibly compromised.”  It sure was.  Oh well.

 

Duck!

A month or so ago, I saw an ad for DuckDuckGo.com, that advertised their relative lack of privacy invasion compared to Google.  I tried switching to them as my default search engine, expecting to find them frustrating and switch back within a couple days.  I never did.  I don’t seem to miss Google.  Who knew there could be a startup search engine that I could say that about?

If you are truly paranoid about Google, then do your searching with the rabid ideologues at scroogle.com. They are so busy protecting your privacy they can’t even be bothered to design a web site that doesn’t hurt your eyes!  Seriously, they’re awesome.  But if you’re only mildly creeped out by Google, you might want to give the Duck a shot. It’s pretty dang good.

Smells like security

I just rolled my own user authentication system that’s immensely safer than Gawker’s.  It took less than an hour.  That’s cause it’s stupid simple (store a salted hash of the password, and the salt, not an encrypted form of the password itself).

Here are the relevant bits:


# some randomness for the salt.
def self.jive
shuck = ('a'..'z').to_a + ('0'..'9').to_a
return Array.new(32) { shuck[rand(shuck.length)] }.join
end
# where we first store it
user = User.new(:name => @input['username'])
user.salt = Equanimity::Controllers.jive
# hey, we're already immensely more secure than Gawker!
user.passhash = Digest::MD5.hexdigest(user.salt+@input['password'])
user.save
# where we check it
if user = User.find_by_name(@input['username'])
if user.passhash == Digest::MD5.hexdigest(user.salt+@input['password'])
"YOU WIN DUDE"
else
"YOU SUCK DUDE"
end
else
"NO USER DUDE"
end

Obviously some things are still sketchy. :)

I’m breaking my “I’m not using _why’s software now that he’s gone cause it’s too damn sad” rule. Camping’s fun and well maintained still. And though I’m kind of over my Rails mental block, I still don’t feel I know its bits and pieces well enough to intelligently port the thing I’m working on — called Equanimity — to rails from Camping.

Small Elegant Pieces

OK, I think I’m learning something about how to manage my limited amount of skill and time to do leisure-time programming for myself.  “Bottom-up programming” is important.

I just decided to do a little gallery app for the umpteenth time; in PHP.  I know PHP well enough that I don’t trip over the big gotchas too much, and I know where in the documentation to look to find the functions I need.  It’s also dead easy to deploy (“put the PHP file where your web browser can find it.”)

Following impulse, I decided to do this all at my own pace, and in small, elegant pieces.  I first learned about the power of tiny, elegant functions and methods when I was learning Smalltalk, and my frequent mistakes sent me into its debugger, which often, to my surprise, took me into the guts of the code of Smalltalk itself.  Looking at the way Smalltalk itself was written, I found that one- or two-line-long methods weren’t at all uncommon.

The idea there is that methods, functions, whatsoever serve the purpose of conceptual chunking.  And the smaller the chunks, the easier they are to manipulate.  Ideally by looking at the name of the method, you will know exactly what it does.  So when it’s used in the code, it documents itself.

I don’t get to do that too much at work. 100-line functions which do three dozen things are the order of the day, and it’s usually not within the scope of what I’m doing to break them apart at all. So when I can actually do that kind of programming, it’s kind of fun.

Oh, where was I? Yeah.  So I decided, for this little bit of coding, to do everything in small chunks that I totally understood. And I had a heck of a lot of fun, and I ended up with a nice little thumbnail-maker and that sort of thing. There’s not much to it yet, but if I keep working on it, which I might, I’ll end up with my own personal version of the dozens of little-PHP-gallery-makers out there.

And I actually enjoyed it, and it wasn’t intimidating or wearying. I’m proud of the code that resulted.

Taking things a very small, doable chunk at a time is peaceful and pleasant. It’s one good way to be creative.

Maybe some of the programming things that intimidate me intimidate me because I try to take on too much at once, and don’t do it piece by piece, making sure every small piece is well within my ability and attention span.