Archive of June 2009
30
countdown
A word that I've heard and used way, way too much in the last month that no longer has any meaning.
Small World
Maybe this happens to everybody; maybe I’m just more of a creeper than I could have ever imagined. I guess you could call it the effect of a “small world.”
Let me show what’s going on. Every morning, I ride the train into downtown. If I catch the early train, it’s usually not very packed. One of the people on that train is a man with short dark hair and thick-rimmed glasses. Every Monday, Wednesday, and Friday, that same guy goes to my gym at the same time I’m there.
When I get off the train, I still have quite a ways to walk. If I had caught the early train, the sun is still low behind the buildings and the streets are still cool from the night. If I’ve timed things right, a fellow maybe 25 years old turns in front of me and walks ahead for about five blocks. He wears shorts and a jacket, but what makes him stand out are his bright green shoes. What makes this truly fascinating is that on the way home, I sometimes walk behind the same guy in the opposite direction. Go figure.
I guess these are just two silly things that I’ve picked up on. There are other examples, but I think these are the only two worth mentioning. I suppose even if I really am a creep, it’s better that I know it than being a creep and not knowing it.
Speaking of creepers, there was a HUGE creep on the train this morning. He got on somewhere around Van Ness or Civic Center station and left at Powell station. I was standing right behind the middle set of doors in the aisle, and the first set of seats next to the doors had just opened up. I have no intention of sitting down (ever; you never know who’s been sitting there), but this guy rushes onto the train right as the doors open and (waving a single wood crutch) yells “I need that seat, I’m having knee surgery!” He wasn’t saying it to me, he just kind of announced it to the whole train.
The guy was maybe forty years old, totally bald, but was wearing a crusty black hat. I don’t remember what it said, but he had an “I [heart] VN” button on it. I also don’t know what “VN” stands for. He had one wooden crutch, which he propped up between his legs (I know, right?).
A few seconds later, three kids boarded the train: two boys and a girl. They couldn’t have been much older than thirteen or fourteen. The girl spotted the empty seat next to the creeper and hesitantly sat down. The guy looked over each of the children, then nodded at them (who does that?). As the train departed, the three kids started carrying on a conversation. The creeper listened intently and turned to face each of them as they spoke.
Fortunately, this guy got off the train before I had a chance to kick his ass. There’s a thing called common decency, and that involves keeping to yourself and keeping out of other people’s business. If you want to eavesdrop (or creep), you don’t face the people you’re listening to.
There’s also the whole thing about dealing with kids. You don’t fuck around with kids because:
- if you do anything that can be considered threatening, it’s harassment or statutory rape.
- you’re a creep and they’re kids.
- I’ll kick your ass.
So I don’t really know where I was going with this. I guess there’s not really a lesson to be learned here but it makes for a good story.
29
risk
To take a chance
To look before leaping
To speak before thinking
To think without understanding
To know without comprehending
To judge without meeting
Secure PHP Variables
If you’ve ever tried to store something securely in PHP and taken advantage of private, you know how easy it is to bypass PHP’s protections on these variables. For instance:
class foo {
private $password;
function foo($pw) {$this->password = $pw;}
}
$secure = new foo('bar');
In this snippet, you might assume that the value of $password cannot be extracted from $secure. In reality however, simply calling the following code will reveal the value of $password:
ob_start();
var_dump($foo);
$dump = ob_get_clean();
With a little bit of parsing, the password can easily be pulled right out. So if this is the case, how is one supposed to store information securely in the scope of an object? I’ve come up with a fairly simple method that can be implemented with very little hassle:
class foo {
private function password($pw = NULL) {
static $password;
if($pw !== null)
return $password = $pw;
return $password;
}
private function readOnly($pw) {
static $password;
if(!isset($password))
return $password = $pw;
return $password;
}
function foo($pw) {$this->password($pw);}
}
$secure = new foo('bar');
This is a sure method because var_dump can’t sink it’s nails into the static variables that live in our functions. On top of that, you can’t call private functions (you’re not reading them, you’re executing them). The downside to this is that there’s no way to enable a “debug mode” (i.e.: switching private to public such that you can tweak the settings).
In my snippet, I’ve included two functions. The first is a standard property. Simply calling it with no parameters will return the value of the variable. Calling it with one parameter will set the value of the variable and return the value. The second version is read-only. Once you have set the value of the variable by calling the function with a parameter, you cannot remove the value (not even with unset). This is handy if you’ve got a username or password that you don’t want anybody tampering with.
So what, above all, is this useful for? Where this really shines is when you’re protecting from internal attacks. Coding in this manner for very secure data helps to keep hackers that have managed to load up a file into your application from siphoning off sensitive information from your code, resetting your usernames or passwords to divert your application to an alternative data source, or some other nefarious deed.
28
Bread in a Bag
So this morning, I decided to make myself a quick sandwich instead of a formal breakfast. For me, this includes two slices of bread, cheese, ham, turkey, and mustard. Simple, but tasty. The real reason that I wanted to get this taken care of is to use up the last of my bread and cheese so I can buy more and not crowd the fridge.
Being that the bread is almost empty, I take out the last few slices, and (after a quick mental calculation) realize that there are an odd number of slices of bread in this bag. How can this be? When I buy the bread, I throw out that half-slice that they give you that’s all crust. Then, I make nothing but two-slice sandwiches. I never use an odd slice. So how is it that when I get to the bottom of the bag, there’s one regular slice and one half-slice? For the record, this isn’t the first time that I’ve seen this happen. I’ve bought this bread twice before and seen it both times, but thought it was just me being silly (I must have used some extra bread on some occasion).
On one side of the equation, I can see this as a “you can’t use it so you’ll buy more bread,” but that makes no sense. There is no cost savings there. To save any money at all, they would just eliminate that last full slice of bread and have a smaller but even number of slices in the bag.
Maybe I’m just over thinking this. It could just be that they had a machine that makes one centimeter-thick slices and the bread is an odd number of centimeters long. Maybe their slicer was broken and I’ve got defective bread. But I’m thinking something along the lines of them buying a slicer that makes X number of slices (where X%2==0) and the bread is too small for the machine.
Penny for anyone’s thoughts?