Thursday, 17 July 2014

Is your API broken?

"Welcome to the Example Rutabaga Company. We’ve got a simple REST API for all your rutabaga needs!"

Indeed, it is simple…

   POST HTTP/1.1
   Content-Type: application/json

   {"Quantity": 5800,
    "Quality": "Tasty!",
    "DeliverTo": "123 Fake Street, New Orleans"}

Send this and you'll either get an error or an "OK" response with a tracking ID inside. Later, you’ll get several thousand tasty rutabagas in the post. What could go wrong?


Sunday, 8 September 2013

NEVER sanitize your inputs!

I've seen this cartoon being linked-to in so many comment threads and forums. Anytime its even a little bit applicable, someone will post a link to this cartoon. It has become so pervasive that if you search Google for "327", it’ll be the third link returned, right after the Wikipedia pages for the year and the car.

Search "328" and the next XKCD is no-where to be seen.

The lesson, according to this character and so many real people on the internet, is to sanitize your inputs. The school in the cartoon didn't sanitize its inputs - and one of its database tables got deleted!

Ask anyone about developing websites and they will tell you the first lesson is always to sanitize your inputs. In this day and age you'd have to be crazy not to sanitize your inputs.

Trouble is, sanitizing your inputs is very bad advice.

Saturday, 15 June 2013

I need a good podcast catcher (and a bit of a rant)

I listen to podcasts on my daily commute. These are radio shows that can be downloaded over the internet and listened to later. However, to keep up with a weekly show, I’d have to - every week - visit the show's website and manually download the latest episode. That would get real tedious real fast. To resolve the tedium for us all, the podcast catcher app was invented.

Podcast catchers allow me to list all the shows I want to listen to. Every day or so, it automatically checks each show on the list to see there are any new episodes for me. If it finds any, it downloads them and plays them for me.

Currently, I use Google’s ‘Listen’ app, but that service is about to be closed down with the imminent closure of Google Reader. I need to replace it. I've downloaded a handful of alternative apps, but they all lacked a feature I find essential. I remain a little flabbergasted that any podcast app out there does it any other way.

Sunday, 29 April 2012

PHP - Some strings are more equal than others

You may have recently read about the PHP programming language, when it was found that if you compare the two strings "9223372036854775807" and "9223372036854775808" with the == operator, PHP will report these as identical. Most of the time PHP does the right thing, but you need to be careful about these exceptions to the rule.

This was reported as a bug to the people who maintain PHP, but they responded that regarding these two strings as equal was really the correct thing to do. Programmers who feel these two strings should be treated as different should instead use the === operator. This operator checks if two strings are equal, but this time, means it!

But this isn't the end of the story...

Friday, 24 June 2011

Clever and totally pointless - my first publication

Way back in the early 90s, I subscribed to a magazine (think of it like a big website but printed on paper and sent through the post) called ‘PC Plus’. It included a section called “Wilf’s Programmers Workshop” where every month, Mr Wilf Hey would present a project (usually written in GW-Basic) and discuss the principles at work. It was here where I first managed to get something clever into print, except I didn’t do it quite right.

Saturday, 12 February 2011

Vinegar - refined Vigenère - can you break my cipher?

I'm idly interested in cryptography, the art of scrambling a message so that it can be transmitted securely, and only someone with the magic key can understand the message.

When I was young, I designed a cryptographic algorithm. I thought I was so clever, but just because *I* couldn't break it, that doesn't make it secure.

In this article, I present my naive cryptographic algorithm. It's very flawed, so please don't use it for anything important. Can you find the flaw?

This article will start with some background on substitution ciphers and the Vigenère cipher, which my method was based upon. Then, we'll look at my big idea itself, Vinegar. To keep it interesting, there's a little code breaking challenge as well. Enjoy!