http://mcherm.com Adventures in Programming Thu, 04 Dec 2008 18:13:09 +0000 http://backend.userland.com/rss092 en As Willie Sutton didn't say, "I rob banks because that's where the money is." I work for a bank, and so I worry more about security than most programmers. After all, if a hacker were were truly motivated and competent who would they pick to go after? Probably a bank (the ... http://mcherm.com/permalinks/1/my-security-nightmare Here is a description of all items that will be on my local ballot for this upcoming election, along with my own personal recommendations on how I expect to vote, and why. For quite some time now, I've done this sort of research before elections; this time I decided to ... http://mcherm.com/permalinks/1/election-guide-nov-2008 Once upon a time (in the dark ages of web application development) we built our applications as a single monolithic Perl CGI script, or perhaps a large JSP file containing the entire application. The code looked something like this: costs.jsp Current Costs: Cost ... http://mcherm.com/permalinks/1/separation-of-concerns Developers of web applications have quite a few different kinds of "attacks" to worry about. I will try to describe the major categories I know of, including one which is "new" as of the past month or so. SQL Injection The most venerable is the SQL-injection attack (and related attacks for things ... http://mcherm.com/permalinks/1/many-ways-to-attack-websites In a previous post I wrote about how nearly all web applications built on Java servlets suffer from potential threading issues. Web browsers can make multiple simultaneous requests, which will result in multiple threads concurrently modifying the (not threadsafe) HTTPSession. Most people just ignore the problems (which strike rarely), some ... http://mcherm.com/permalinks/1/threadsafe-java-servlets-a-solution Web servers are inherently threaded applications: their primary purpose is to serve up a website or web application to a large number of users. Essentially all of the frameworks for creating web applications, such as Java's "servlet" specification and all of the structure built on top of it, provide built-in ... http://mcherm.com/permalinks/1/threadsafe-java-servlets This post is mostly for my own use; it updates a previous posting with the details of exactly how I am sending out the email version of these blog postings. I am sending email copies of the technical postings to this blog to an email list of people at my work ... http://mcherm.com/permalinks/1/how-to-email-blog-posts-from-outlook-2 Google has released a new browser, "Google Chrome". It features quite a few innovations: some user interface innovations include tabs above the menus and URL bar, a single field combining the URL and search fields, search and status bars that disappear when not in use and a home page showing ... http://mcherm.com/permalinks/1/the-secret-to-making-chrome You are really lazy. It's nothing personal of course -- everyone tends to procrastinate to some extent, but right now it's YOUR turn. In just a moment, I am going to convince you that you want to do something. You'll agree that it's a good idea, you'll tell yourself that ... http://mcherm.com/permalinks/1/the-wager Unlike computers, humans tend to think in metaphors. That is, when we want to reason about something new or unfamiliar we reason by analogy with something familiar. This is a great mental trick and it is part of what allows humans to be flexible and to deal with unanticipated circumstances ... http://mcherm.com/permalinks/1/metaphorical-programming