Profile

Cover photo
Rob Howard
Lives in Sydney, Australia
51 followers|5,859 views
AboutPostsPhotosYouTube

Stream

Rob Howard

Shared publicly  - 
1
Add a comment...

Rob Howard

Shared publicly  - 
 
... WHAT.
 
Chrome Apps Team has started to work on a new HTML tag named <adview> to embed Ads inside Chrome Apps in a separate process which will enforce some separation between ad networks and app code for security and privacy.

If you wanna test it, you can run last chromium build with these two switches --enable-adview and enable-adview-src-attribute, load an unpacked chrome app with "adview" permissions and play around with the <adview> tag.

Source: https://chromiumcodereview.appspot.com/12463015
22 comments on original post
1
Add a comment...

Rob Howard

Shared publicly  - 
 
"What kind of runner can run as fast they possibly can from the very start of a race? Only somebody who runs really short races.

... But of course, we're programmers. and we're smarter than runners, apparently, because we know how to fix that problem. We just fire a starting pistol every 600 yards – and call it a new sprint."

— Rich Hickey, http://www.infoq.com/presentations/Simple-Made-Easy
1
Add a comment...

Rob Howard changed his profile photo.

Shared publicly  - 
2
Jon Lock's profile photoMichael Camilleri's profile photo
2 comments
 
I confess I cannot get enough of this picture. I may have made a poster. 
Add a comment...
Have him in circles
51 people
Chris Collins's profile photo
Sam Badcock's profile photo
Benjamin Smith's profile photo
Ian Tinsley's profile photo
Poshua Morpheus's profile photo
Port80's profile photo
Rodney Stoddart's profile photo
Alex Mason's profile photo
Chris Deigan's profile photo

Rob Howard

Shared publicly  - 
 
 
A lesson in shortcuts.

Long ago, as the design of the Unix file system was being worked out, the entries . and .. appeared, to make navigation easier. I'm not sure but I believe .. went in during the Version 2 rewrite, when the file system became hierarchical (it had a very different structure early on).  When one typed ls, however, these files appeared, so either Ken or Dennis added a simple test to the program. It was in assembler then, but the code in question was equivalent to something like this:
   if (name[0] == '.') continue;
This statement was a little shorter than what it should have been, which is
   if (strcmp(name, ".") == 0 || strcmp(name, "..") == 0) continue;
but hey, it was easy.

Two things resulted.

First, a bad precedent was set. A lot of other lazy programmers introduced bugs by making the same simplification. Actual files beginning with periods are often skipped when they should be counted.

Second, and much worse, the idea of a "hidden" or "dot" file was created. As a consequence, more lazy programmers started dropping files into everyone's home directory. I don't have all that much stuff installed on the machine I'm using to type this, but my home directory has about a hundred dot files and I don't even know what most of them are or whether they're still needed. Every file name evaluation that goes through my home directory is slowed down by this accumulated sludge.

I'm pretty sure the concept of a hidden file was an unintended consequence. It was certainly a mistake.

How many bugs and wasted CPU cycles and instances of human frustration (not to mention bad design) have resulted from that one small shortcut about  40 years ago?

Keep that in mind next time you want to cut a corner in your code.

(For those who object that dot files serve a purpose, I don't dispute that but counter that it's the files that serve the purpose, not the convention for their names. They could just as easily be in $HOME/cfg or $HOME/lib, which is what we did in Plan 9, which had no dot files. Lessons can be learned.)
110 comments on original post
1
Add a comment...

Rob Howard changed his profile photo.

Shared publicly  - 
1
Add a comment...

Rob Howard

Shared publicly  - 
 
Who needs recursion anyway, right?
 
Some patterns for fast Python. Know any others?

- Avoid overengineering datastructures. Tuples are better than objects (try namedtuple too though). Prefer simple fields over getter/setter functions.

- Built-in datatypes are your friends. Use more numbers, strings, tuples, lists, sets, dicts. Also check out the collections library, esp. deque.

- Be suspicious of function/method calls; creating a stack frame is expensive.

- Don't write Java (or C++, or Javascript, ...) in Python.

- Are you sure it's too slow? Profile before optimizing!

- The universal speed-up is rewriting small bits of code in C. Do this only when all else fails.
92 comments on original post
1
Add a comment...

Rob Howard

Shared publicly  - 
 
 
If you have a Pandora account, I highly recommend using a throwaway password for it (assuming you don't do so already).

Why? Because Pandora doesn't even one-way hash their passwords. If your account is logged in on a computer, anyone who sits down at that computer can go and look up your password on Pandora's settings page.

Attached is an image that shows what that settings page looks like upon load - I haven't manually entered anything into the form fields and I don't use Chrome's auto-fill; the text in the fields is populated by Pandora.... including the plaintext of the password.

Things like this are why I wrote a blog post about how to do web app auth correctly:
http://codingkilledthecat.wordpress.com/2012/09/04/some-best-practices-for-web-app-authentication/

Thanks to +Dan Boger for bringing this up.

---

Edit: Also just discovered that their password-reset tokens aren't single use. You can reset the password of an account multiple times with the same reset token link...

Also, since Pandora allows you to just change the password field and hit "Save", if you come across someone's logged-in computer, you can just change their password even if Pandora didn't tell you what it was. (The right way to do this is to require the user to enter their current password along with the new password, and pre-fill none of the fields.)

---

Edit 2: It has been pointed out in the comments that even though the password itself appears to be fetched over HTTPS, the page it is inserted into is not... and thus a man-in-the-middle attack is possible to retrieve a user's password by injecting a script into the main page that reads it from the DOM, if you have control of the upstream (e.g. if you're the owner of a public wireless network or the like).

#security   #pandora
187 comments on original post
1
Add a comment...

Rob Howard

Shared publicly  - 
 
Tom Anderson originally shared:
 
I'm gathering up my stuff to head for Yosemite where I will spend New Years Eve. I'll be out there in the shadow of the mountains, among the trees, and under the stars with +Thomas Hawk +Trey Ratcliff +Robert Scoble +Karen Hutton and about 10 other G+ photographers I've not yet met... fun, fun.

I was cleaning up my desktop and files (don't laugh Trey!) to prepare for the trip and I found this shot. I got this while waiting for the sunset. I sensed something was unfolding. Can you tell what I captured here? Any guesses?

Spoiler Alert: Don't Continue reading before posting your guess! In the comments below... No cheating allowed!

So, this was taken in LA where you might see Paparazzi following people all the time. I don't normally photograph people... I was actually waiting for good light / a sunset shot. Then I saw this creepy guy following a couple and taking their photos with a telephoto lens. For a second I thought he was Paparazzi and it was Ryan Reynolds and Sandra Bullock or something... Then I guessed what was going on, and it turns out I was right! I quickly surmised that the man had hired this photographer to follow him and shoot his wedding proposal... ya know, the waves, the sun, the beach cruiser. It'd be a perfect moment, right? (My friend actually recently hired a photographer to follow him when he proposed to his wife, so it was easy for me to guess.)

Anyway, I could have got a shot of the proposal pretty easily, but I decided to shoot the photographer shooting the proposal. I thought it'd be fun for the photographer to have a cool shot of himself. Plus I didn't want the couple to see me and spoil their moment. I tried for awhile to get myself into position so I could shoot the photographer and the couple and the ocean in the background, but it was difficult as both parties kept moving about. (The ocean was well-behaved.) My job was much harder than the photographer who was getting paid! It looked like I was going to get nothing when suddenly everyone aligned in a way that was at least halfway decent. I got a few shots right as the man proposed... And then I went about my sunset shooing business. After it was all over, I caught up with the photographer and told him I'd got some shots of him and gave him my email.

Just another fun moment playing photographer :-) I'd really recommend this hobby if you haven't tried it. Camera equipment is so cheap, and now you have a cheap (free) way to distribute to an audience with places like Google+, Facebook, Twitter, Instagram & Flickr :-)
131 comments on original post
1
Add a comment...
People
Have him in circles
51 people
Chris Collins's profile photo
Sam Badcock's profile photo
Benjamin Smith's profile photo
Ian Tinsley's profile photo
Poshua Morpheus's profile photo
Port80's profile photo
Rodney Stoddart's profile photo
Alex Mason's profile photo
Chris Deigan's profile photo
Basic Information
Gender
Male
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Sydney, Australia
Links
YouTube