Wednesday, February 29, 2012

Short story using the noun project symbols

If you haven't heard of the noun project, check it out, it offers public symbols for demonstration of concepts and ideas through images. Visualization can be very powerful for the portrayal of ideas and concepts verses language alone. This is why visualization as a whole is making a big splash on the scene, and not just symbols.

Regardless, for the longest time, I've had an idea for a short story, but I have no artistic skill for drawings, so I put together the story using the noun project symbols. I was hoping it might appeal to children as the idea was inspired from my family, specifically my mom and my sister's kids.

Regardless, I wanted to share if for free since I don't know anything about publishing or making money. Let me know what you think and if you like it.

tepietrondi/The man with no bed. @ GitHub

The next step is to have my nieces and nephew maybe jazz up the pages with some kid color slop, but I think the black and white looks nice.

Sunday, February 26, 2012

Developer state of mind

Let me spell it out for you, put it in words...

If you are a developer, admin, or some other technical computer science oriented person in your day to day, and you walk into a room or join a call with others of the same background, there is no room for feeling intimidated or being less superior. You better not care about years of education, years of experience. Know you are the man and everyone has to get on your level. There is no other way to cary yourself in your own mind in this field. You better feel like you are Neo at the end of the Matrix when he flexes in the hallway and the room bends around him. You better feel like the guy who needs the ball at the end of the game to make it happen.

There is a difference between acting out this arrogance and thinking it. I wouldn't recommend acting this out prematurely, we all know what happened to Anakin Skywalker. Not until you are a Jedi will abilities show and be know, but until then, you better believe in yourself to get there. If not, you're getting get walked on, left behind, and not thought of when the heroic moments are needed to bring back balance to the force.

Listen to some hip hop if you need to, these guys are all the man and nobody has ever heard of them. It's the attitude and self confidence that is needed, not saying be an asshole, just feel good about yourself.

One more thing, if you are not me, your code sucks.

Sunday, February 12, 2012

How to break the internet

If you follow me on twitter, you might have seen this post:

Basically my wife broke the internet and I wanted to explain how.

She does her own site management for a small business via a microsoft service (office live small business or something). The service is transferring to something else and we took the opportunity to get off the platform due to personal preference. Honestly, for someone who knows nothing about making a site from a code perspective, I thought the microsoft product was just fine, so no knocks against them.

So in the transition, we demoed a few other similar services and chose intuit. Same style of making a site, some things better, others not. No big detail, she made the new site in the editor, added some pages, done.

Now the domain transfer...

For everyday people, this isn't so easy as making a web site without code. There are transfer codes, locking, name servers, etc. So I told her I would do this with her so we could maintain the same domain she had for the old site and reuse it for the new site. What happens? She closes the account with the old domain. The domain is locked and the contact email address on the whois is also deleted when she canceled the microsoft service.

So, what does she do? She buys a new domain and then updates the company facebook page and sends out an email to the mailing list. No big deal right? Everyone will get the new link and all is well.

Not in my eyes. That old domain is everywhere, its on business cards, menus, likely bookmarked and most of all, indexed in all major search engines and local map pages as the company URL. This cancellation effectively broke the internet. The URL is everything, if you've read my handwritten post, you'll see some links and where I explain responsibility of ownership of a URL. It's everything. If anything else, it needs to redirect to the new domain rather then just being a dead 404:

HTTP/1.1 404 
Connection: close
Date: Sun, 12 Feb 2012 15:13:21 GMT
Server: Microsoft-IIS/6.0
MS-Author-Via: MS-FP/4.0,DAV
MicrosoftOfficeWebServer: 5.0_Collab
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET

So I am going through the labor now of submitting documentation to the registar of updated contact information for the domain owner to get back access and point the old URL to the new site at least for a year. For the company name which is somewhat common, it is first in google for that term based on organic results. Unless recovered the internet has a hole in it. The library of congress, google and whoever else downloads the internet for indexing won't know what happened. Machines won't understand.

Tuesday, February 7, 2012

Recipe for JSP / JSTL cross site scripting vulnerabilities

I put this together to grep through JSPs looking for possible cross site scripting vulnerabilities.
grep -R \$\{*.\.*.\} --exclude="*\.svn*" --include=*.jsp* * | grep -v c\\:out | grep -v c\\:set | grep -v c\\:when | grep -v c\\:if | grep -v c\\:forEach | grep -v c\\:param | grep -v fmt\\: | grep -v c\\:import | grep -v jspStoreDir | grep -v pageContext | grep -v svn | less 
It's not perfect, but it helped me fine some potentials outside of the security scans. The difference being I have access to the code, and the security scan doesn't. This was used on a Websphere Commerce implementation specific to the Stores directory.

You'll have to page through the results using your own experiences to actually locate the issue. This just helped me filter out some items. For example:
<input type='hidden' name='productId' value='${WCParam.productId}' />
This item is directly output to the page verses using the "c:out".

Monday, February 6, 2012

More examples of terrible recruitment practices

Couple more terrible approached to recruitment...
  • Asking me for information on others you failed to connect with. No, I will not give away private information of my network. 
  • Guessing my work email address and sending me opportunities. Clearly I don't list my current employeer email on my resume and profile for a reason, it's not my personal email box, it's work. Why are you guessing my email given my first and last name and expecting me to respond? My actual email is very easy to find. 

Share on Twitter