Blog | CodeUtopia

Library author: Don’t provide an exploitable interface

SQL injection is a pretty big deal. Its cousin shell injection is also a common issue, demonstrated quite well by a recent post to the PHP reddit. Although some suspect it was a troll, I heard echos from a variety of people who had seen pretty much exactly the same vulnerability in production.

This got me thinking: People writing libraries for doing things like shell commands, SQL, etc., don’t actually have to provide an interface that can be easily mis-used. An interface like this could just as easily be based on some other data type besides a plain string, completely side stepping issues caused by concatenation.

“What on earth are you talking about?” – Let me explain…

Why use user story based testing tools like Cucumber instead of other TDD/BDD tools?

Tags: CucumberTestingTools

When you think of writing tests, usually you would write them using a tool from the xUnit family, PHPUnit, JUnit, etc., or if you like a more BDD-style approach, perhaps you would use RSpec, Jasmine, or some other tool like that.

Then there’s Cucumber. Instead of writing your tests purely in code, with Cucumber you start by writing a human-readable user story. Then, you write code to run the story and perform test(s) based on it.

This seems like extra work right? That’s what I thought at first, so I hadn’t really looked into it that much. However, it turns out there might be a bit more to it…

Headless Chrome/Firefox testing in NodeJS with Selenium and Xvfb

Tags: NodeJSSeleniumTestingTools

The other day I wanted to run a bunch of tests with a browser in a NodeJS environment. Having been spoiled by how easy it was to do in a Rails setup using Capybara, I thought it would be easy considering how everything cool is easy to do with Node!

Well, I thought wrong. It’s easy once you have everything set up but setting it up isn’t so straightforward, and you have a whole bunch of alternatives, too.

You have PhantomJS, CasperJS, SpookyJS, ZombieJS, and then there’s Selenium and all that. What is the way to go?

3 ways to get backend data to AngularJS

Tags: AngularJSJavaScript

It seems this is a rather common conundrum with Angular code: You have some backend data, say in PHP or Rails, and you want to output it when rendering the page so that Angular can display it.

Since Angular is designed to work more as a single-page app framework, it isn’t immediately obvious how to do this without Ajax, so here I’ll present three ways you can do it.

First impressions on Ruby on Rails

Tags: RailsRuby

In my job at Ribbon, I’ve been using Ruby on Rails a lot – that is what the Ribbon service is built with afterall.

This has been my first time working with Rails, so read on for some thoughts.

Knockout vs Backbone vs Angular

Tags: AngularJSBackboneJSJavaScriptKnockoutJS

There’s a lot of talk of various client-side kind-of-mvc libraries. Three of the popular ones I’ve used are Knockout, Backbone and Angular.

While there are other comparisons of the three, I feel many of them don’t really touch on some of the aspects that I’ve come to learn from my experiences with the three.

Review: Can a 15 USD gaming mouse be better than 60+ USD ones?

Tags: Review

Now for something slightly different from the usual content of this blog, a product review! You get to actually hear and see me, or, well, my hands.

Parsing and evaluating PHP in Haskell: Part 2

Tags: HaskellPHP

Last week I wrote a post about a PHP parser / evaluator I wrote in Haskell. I explained some of the parts on how the parser itself was designed to process PHP code into an abstract syntax tree.

Continuing from where we left off in the previous part, in this post I’ll discuss the actual evaluation part.

Parsing and evaluating PHP in Haskell: Part 1

Tags: HaskellPHP

The other day I uploaded a new experimental project on GitHub – A Haskell PHP parser / evaluator. It doesn’t understand 100% of all PHP syntax, but it was an interesting experiment nevertheless.

Here’s some insights and other thoughts from working on the code.

Post-mortem: Battlefield 3 Web Commander

Tags:

I thought I’d write a sort of “lessons learned” thing about my Battlefield 3 related NodeJS application.

As of writing this, the service has been down for several months. The very first idea with it was simply to see if it could be done. Then, the next idea was to see if I could make a few bucks with it. Overall, I’m in the negatives with it, but I had one paying customer so that’s something right there ;)

Continue reading for some more insights…

Page 6 of 37
←
1
...
5
6
7
...
37
→