Written by myself, Tomas Engquist, and Harpreet Ghotra. They each did more than their share of the work!
Continue reading ‘Functional Programming vs Object Oriented Programming’
querySelector vs getElementByID
•August 1, 2019 • Leave a CommentA quirk of modern Javascript is that we have (at least) two ways of programmatically finding items in the DOM. querySelector is the newer of the two, dating to 2013, and is the more powerful one. It has a fancy syntax, and lets us write complex queries for groups of elements, classes, and subelements. But more powerful isn’t always more betterer.
It turns out that the added complexity means getElementByID is about twice as fast as querySelector. They’re both pretty fast, but I’m going to look into why getElementByID is faster.
Processing audio in the browser!
•July 18, 2019 • Leave a CommentThe modern web is an amazing place. You can do almost anything in a browser that you can do in native code. Including processing audio in realtime. In javascript.
Nuts? Probably. Worth it? Definitely.
Ruby on Rails testing goes parallel – a deep dive!
•July 2, 2019 • Leave a CommentIf you ever work on large software projects, you’re bound to spend a LOT of time compiling code, running unit tests, and lots of other non-code stuff.
Since programming is really thought-intensive, any focus breaks are really disruptive. Even a ten second test suite is enough to break a train of thought. What can we do to improve that? Parallelize it of course!
Continue reading ‘Ruby on Rails testing goes parallel – a deep dive!’
Diagnosing Ruby require_relative issues with DTrace on OSX
•June 20, 2019 • Leave a CommentRuby, like many programming languages, has a C-like mechanism for using code defined in other files. It’s critical for the development of any serious program, but it’s also prone to weird errors when files aren’t included in the proper order, or not included at all. It’s usually pretty obvious which file you’re not require_relativeing, but there are times when the only way to make sense of things is to trace the system calls.
On Windows, Process Monitor is by far the best way to diagnose this sort of problem. It gives a useful trace of just about everything a process does. I’ve used it many times before to diagnose file loading issues, and weird compiler errors. Similarly, strace on Linux traces every system call.
But what about OSX?
Continue reading ‘Diagnosing Ruby require_relative issues with DTrace on OSX’
Extreme Heat Event in Northern Siberia and the coastal Arctic Ocean This Week
•July 6, 2018 • Leave a CommentThis global warming stuff is getting to be really quite scary. đŤ
Monday’s eclipse & The Fight of The Century
•August 19, 2017 • Leave a CommentOn Monday March 8, 1971, Joe Frazier fought Muhammad Ali in “The Fight of The Century”. It was an event that was so popular that The Citizen’s Commission to Investigate the FBI used it to break into an FBI office and steal every file.
On Monday, a solar eclipse will cross the United States, with the zone of totality crossing from Washington to South Carolina. With millions of Americans stopping what they’re doing to look up at the sun for a few minutes – not quite as long as a boxing match – who knows what people will do?
Wheelbarrows of Money
•May 9, 2016 • Leave a CommentThe idea of just “printing money” to pay off the US Federal government debt is back in the news. Here’s a reminder of what that entails.
After reading my post about the âDepression Pocketbook,â my husband asked if I actually had any verifiable proof that anyone in Germany (or anywhere else) bought bread (or anything else) with a wheelbarrow full of money. Itâs something weâve both heard people say, but I must admit, I couldnât quote a source.
Is it an urban legend? Is it something historians have invented because it sounds good? God knows when I was in school, I was told medieval people believed the world was flat. Not only was that never true (and thereâs evidence from their maps and writings to prove it), but the idea can actually be traced back to a writer (I believe it was Nathaniel Hawthorne) who first used it in his popular biography of Christopher Columbus. It was taken for truth and repeated until it became reality and the truth became lost.
Is that whatâŚ
View original post 3,279 more words
Popping shell in a hospital
•March 22, 2016 • Leave a Comment…ok, it’s almost popping shell.
A few months ago, a family member was in the hospital for surgery. The hospital, New York Presbyterian, had courteously set up a computer for family members to use. However, it was running Windows XP, which is a no-longer-supported security nightmare.
Curious, I decided to investigate.
They’d disabled nearly everything. No “run” box, no explorer, nothing except an outdated copy of IE, and Office 2003. In the “Open” dialog, nearly every folder was empty. All modifications are dumped at logoff.
So, all the easiest ways to pop shell on this security nightmare are blocked off. They at least made some effort to secure things. It’s time to look into the wonderful rabbit hole that is Excel.
The wonderful thing about Excel is that it’s extremely flexible: Even an ancient version of Office (2003, which is what they had) can embed ActiveX controls, it can run Visual Basic, it can attach any of the Windows common controls as inputs to individual cells, and many other things.
The dangerous thing about Excel is (also) that it’s extremely flexible: Every single feature increases the attack surface, and exponentially complicates security.
In this case, the ability to embed a hyperlink is the most useful feature for me. Because of the way Windows Explorer/Windows Shell works, we can point a hyperlink at a local file, and the shell will execute the action associated with that file. If the file is an html file, Windows will open it in IE; if it’s a txt file, Windows will open it in Notepad; if it’s an exe file, Windows will execute it. I think you can see where I’m going with this.
When I attempted to “customize” the link, excel popped a version of the Common File Dialog… but all accessible folders were empty!
The “My Documents” folder, like every other browsable location, is devoid of clickable items.
So they’ve clearly tried to shrink the attack surface by hiding every clickable file, which has some value.
But again, Windows Shell link/path handling features are here to help me sneak past their security.
If you type the full path to a file in the “Address” field (or, more generally, the “Name” field), and then click OK (or, “Open”/”Save”), Windows accepts the (valid) path, and closes the dialog.
Opening the link then executes cmd.exe:
Tada! Command prompt opened… kinda
They (thankfully) have “disabled” the command prompt, which means I can’t easily use it to do any harm. There’s probably a way around it, but I was satisfied with getting CMD.exe to execute at all, and so I went on my way.
