Visit site Craig Stuntz's Weblog
February 2013
1
vote
Vote
YAML and Remote Code Execution
Craig Stuntz's Weblog
– YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution. It’s Not Just Ruby A few weeks ago, I had a need to parse ...
January 2013
3
votes
Vote
Faking a placeholder Attribute for an Editable div, and Some CSS Tricks
Craig Stuntz's Weblog
– HTML input elements have a placeholder attribute which you can use to show a bit of text to prompt the end user. Although you can make an editable div by using the contenteditable attribute, it will not support the placeholder attribute. I needed to do both, so I ended up reinventing the placeholder ...
0
votes
Vote
Or, As We Called It Back in 1999, "Tuesday"
Craig Stuntz's Weblog
– So this tweet got a lot of attention: potch @potch alias yolo=’git commit -am "DEAL WITH IT" && git push -f origin master’ I laughed at this, not because it implies some kind of reckless disregard for process and community, but because, in 1999, at a former employer, when our ...
November 2012
2
votes
Vote
Review: Coursera Social Network Analysis class
Craig Stuntz's Weblog
– I recently completed the Coursera Social Network Analysis class. This was my first time taking a Coursera class. In this post, I will describe my experience with Coursera generally, and review the Social Network Analysis class in particular. Along with several of my Spruce Media colleagues, I took ...
April 2012
0
votes
Vote
The Homomorphic Encryption Patent Land Rush
Craig Stuntz's Weblog
– I noticed this morning that Google patent search returns 189 results for the query “homomorphic encryption." I have written about homomorphic encryption in the past; it is a true mathematical breakthrough which has the potential to transform cloud computing security. But the emphasis, here, is on ...
February 2012
2
votes
Vote
Spruce Media
Craig Stuntz's Weblog
– So, after working for 13 years for the same employer, I’ve changed jobs. This month I joined Spruce Media; my title is "Software Engineer." ‘Course, I liked my old job, too, but Spruce Media’s offer was too good to pass up. It’s a really great time to be a skilled programmer; ...
0
votes
Vote
Speaking at "Moving to Better Secure the Cloud"
Craig Stuntz's Weblog
– I’ll be speaking at a Slashdot/Geeknet "virtual trade show" today. Moving to Better Secure the Cloud: Governance, Risk, and Compliance Management My presentation will be on the potential business impact on the web if an efficient and fully homomorphic encryption system is invented. I’ll ...
December 2011
0
votes
Vote
Ad-hoc SQL/POCO Queries in Entity Framework 4.0
Craig Stuntz's Weblog
– Since version 4.0, the Entity Framework has had the ability to query un-mapped data and project it onto POCOs using ad-hoc SQL. Here, for example, is how we check the current SQL Server version: internal class SqlVersionInfo { public string Edition { get; set; } ...
November 2011
4
votes
Vote
Sometimes, SELECT Really Is Broken
Craig Stuntz's Weblog
– We got a bug report from a customer the other day; a certain query in one of our web services was giving the following error: A column has been specified more than once in the order by list. Columns in the order by list must be unique. Seems clear enough, except that There was no duplication in ...
October 2011
1
vote
Vote
Testing Cross Cutting Concerns
Craig Stuntz's Weblog
– So imagine you’ve been asked to implement the following requirement: When a to-do list item is marked as complete, the CompletedOn date time property shall be set to the current time. That doesn’t sound so hard to implement, but how can I test it? I don’t know precisely what the ...
August 2011
0
votes
Vote
Would You Buy a Used Framework from This Tool?
Craig Stuntz's Weblog
– I think the Web Platform Installer is a great tool, but I have to question the wisdom of its home page: If you click on these, you see… nothing. A description would be nice. ("Application Request Routing? What’s that? EC-CUBE?") But that’s not really the problem. The bigger ...
2
votes
Vote
Great CS Textbooks, Cheap
Craig Stuntz's Weblog
– I’m probably late to this party, but I’ve discovered that you can find incredible deals on used CS textbooks at Amazon, especially for older editions. For example, I recently ordered a copy of Programming Language Pragmatics, by Michael L. Scott. It’s $63 new for the hardcover or ...
May 2011
8
votes
Vote
An Excuse Not to Roll Your Own Authentication Scheme
Craig Stuntz's Weblog
– The Rails 3.1 Release Candidate announcement contained news of many new and useful features, plus these regretful words: has_secure_password: Dead-simple BCrypt-based passwords. Now there’s no excuse not to roll your own authentication scheme. I will briefly provide an excuse. "Simple BCrypt-based ...
March 2011
1
vote
Vote
Why Won’t Visual Studio Step Into This Code?
Craig Stuntz's Weblog
– I helped another developer debug an interesting problem this morning. Let’s see if you can spot the problem. The code in question looked something like this simplified version containing only enough code to show the problem: public void Execute() { DoStuff(); // breakpoint 1 } ...
December 2010
0
votes
Vote
A Better View API for Grids in ASP.NET MVC
Craig Stuntz's Weblog
– I’m writing a grid-independent interface for displaying data in ASP.NET MVC applications, and I would like your feedback on the API design. In my last post, I discussed some of the problems with existing grid components for ASP.NET MVC. Actually, there are a couple more design issues which I ...
