The READIN Family Album
(April 19, 2002)

READIN

Jeremy's journal

If we do not say all words, however absurd, we will never say the essential words.

José Saramago


(This is a page from my archives)
Front page
More recent posts
Older posts

Archives index
Subscribe to RSS

This page renders best in Firefox (or Safari, or Chrome)

Friday, October 12th, 2007

🦋 Passed the first test

So in my log I see a bunch of requests today for

GET blog/?k=<keyword> \'\'
and(char(94)+user+char(94))>0 and 
\'\'\'\'=\'\'

where <keyword> is one of the keywords that links exist to on the site; and also I see that my script translated those requests to

<keyword> \\\'\\\' 
and(char(94)+user+char(94))>0 and 
\\\'\\\'\\\'\\\'=\\\'\\\'
before passing them to the database. So the queries just returned empty sets instead of wreaking whatever havoc they might have wruck unescaped. Yay PHP! Yay careful programming!

(Note: but while editing this post I realized there is a different kind of escaping that you have to do when you are writing to forms -- the < and > signs were translating to markup in my inputs. Funny I never ran into that problem on the old site, you wouldn't think it would be a PHP-vs.-ASP distinction.)

Update: So what do I have to do to ban these guys from my site? I tried putting the following in my httpd.conf:

<Directory (path to root of my site)> order allow,deny deny from (IP) deny from (IP) allow from all </Directory>
and restarting the service, but that does not seem to have done it.

Another Update: I think I got it: the Directory directive in apache2/sites-available/default is overriding the directive in httpd.conf because httpd.conf is included first. I think I just need to take the default directive out.

posted evening of October 12th, 2007: Respond
➳ More posts about The site

Thursday, October 11th, 2007

🦋 Golden Notebook

Doris Lessing has won the 2007 Nobel Prize in Literature. I've only read her The Golden Notebook (if memory serves), though I have some of her other books on my shelf. Christine recommends me to read the Children of Violence series.

posted afternoon of October 11th, 2007: Respond
➳ More posts about Readings

Wednesday, October 10th, 2007

🦋 Transposition

Sylvia is really interested in transposing music. Today we were working on Andantino, she was playing it in in G, D, and A, moving back and forth -- we were only doing the first half of the song, which is all on two strings, so she was able to do this without moving out of first position. It's pretty neat to watch, like she just discovered you could do that -- I think influenced by watching me play violin tunes on the viola -- anyway it seems like it will be a really good way of building her musical ear.

posted evening of October 10th, 2007: Respond
➳ More posts about Fiddling

Tuesday, October 9th, 2007

OMG! Comet in Moominland is being produced in NYC! And Ellen is trying to get us tickets! Got my fingers crossed, that would be too much fun.

...And rats, it is sold out. Oh well, some other time I guess. (Kind of a nuisance for the Times to review the play at the end of its run rather than near the beginning...)

posted morning of October 9th, 2007: Respond
➳ More posts about Moomins

Monday, October 8th, 2007

So as I go through my site testing various filters and archive pages, I am reading a fair amount of what I've written over the last four years. And -- im ganzen und großen -- I'm pretty happy with it.

posted evening of October 8th, 2007: Respond
➳ More posts about Programming Projects

🦋 Categories

Like I said below, I don't have much experience with database design. I don't really have any clue how to write a design document. But I want to describe the design I've come up with and see if I can make it sound as good as it appears to me to be.

The thinking behind this is as follows: I have a lot of text records ("posts") which I want to classify by subject. I've done this, just like every other blog around, by using keywords -- if I tag a post with "food" say, or "singing", then it will show up when somebody looks at the site filtering for that subject. This is implemented with a simple search through the list of keywords on each post; not particularly fast but that's not a major problem in the context of my low-traffic site.

But when I was putting the new software together, I had the idea that it would be great if, when somebody looked at the blog filtering for "food", they would see a little sidebar explaining what I write about when I write about food, and maybe some links to food sites I like etc. And more to the point, when somebody filters for "book:namered" (which is how I've been tagging my reading posts, "book:" and then a short identifier for the title), they would see up top that the posts were about My Name is Red by Orhan Pamuk, links to some outside reviews, links to Amazon and Abebooks, maybe a list of other of Pamuk's books that I have written about. So that is the problem I am trying to solve; and I think my solution is a pretty good one.

First, simple keywords, like "food" and "singing". This is pretty easy; I have a table keyword with columns tag and description -- the description is what will be displayed in the sidebar when somebody filters by the tag. And I have a table (which I decided to name categories, for reasons that will soon become apparent) with two columns, postid and keyword -- I can join this table with posts when I want to do a filtering operation.

Now what about the complex keywords like "book:namered", which include a class and an instance? Well check it out: every time I add a keyword which has a new class, I can just add a column to the categories table with the class name as the column name. And add a table with that name, which looks the same as the keyword table. And think of simple keywords as a special case of complex keywords, as if they had "keyword:" in front of them. So if somebody requests a filter for "book:namered", I can query from "posts JOIN categories ON posts.id = categories.postid JOIN book ON categories.book = book.tag" where book.tag = "namered". This will work for movies, projects, whatever. But the really cool thing is, I can add whatever columns I want to the book table and write a custom script to display the data associated with the tag "namered" in my sidebar.

Consider these three requests:

  • SELECT posts.* FROM posts JOIN categories ON posts.id = categories.postid WHERE categories.book = 'namered';
    (This query would be represented by the keyword "book:namered".)
  • SELECT DISTINCT posts.* FROM posts JOIN categories ON posts.id = categories.postid JOIN book ON categories.book = book.tag;
    (This query would be represented by the keyword "book:".)
  • SELECT posts.* FROM posts JOIN categories ON posts.id = categories.postid JOIN book ON categories.book = book.tag WHERE book.author = 'pamuk';
    (This query would be represented by the keyword "book:author:pamuk".)

The first query will bring back all posts about My Name is Red. The second query will bring back all posts about reading any book. The third query will bring back all posts about reading any book by Orhan Pamuk. And all this is pretty easy to automate! It's all nearly in place!

The next step, which will be a bit of effort to keep it elegant but totally within reach, is to create an administrative page for writing scripts to render an informative sidebar based on the column data contained in, say, the "namered" record in books.

posted evening of October 8th, 2007: Respond
➳ More posts about Projects

🦋 Programming head

Is a head I like to be in. For like a week now I've been thinking non-stop about the design of the site, how I can put features in and have the code look elegant and run quickly, what features belong in a coherent model. It gives me a real feeling of focus, like I have when I'm reading a book that I'm really absorbed in. It can be annoying not to be able to focus on other stuff, but oh well, it's pretty much worth it.

posted evening of October 8th, 2007: Respond
➳ More posts about Programming

🦋 On reinventing the wheel

When I was new to programming, in 1994 or '5 -- when OLE was a pretty freshly minted technology -- one of the projects I was working on was a way to abstract the functionality of some of my company's libraries into a common interface so that a program could load any of the libraries dynamically at runtime, based on a string key. I came up with the stunning realization that the interface could be expressed as a pure virtual C++ base class. All the libraries had to do was to export a function called "Create_x" which would instantiate an object whose class inherited interface x.

This seemed to me like an awesome bit of innovation. By funny coincidence, another project I was working on around the same time was converting some of the company's VBX controls to OCX. (I don't think the term "ActiveX" had even been coined yet, but regardless we were not using it.) I wasn't reading the documentation of OLE very closely, relying on Microsoft's compiler to do most of the work for me; so it wasn't until a month or so later that I realized I had just reinvented a subset of OLE, and that I could have used OLE's framework to give my design a little more robustness. But whatever, the feeling that I was doing something new and inventive was payoff enough.

So why this now? Well, I've been doing some pretty intensive design work in coming up with the database that supports this blog ("READIN 2.0", I am calling it in my head), and I have come up with a pretty cool idea. It seems innovative to me because it is something I've never heard of anyone doing; but I am not at all schooled in database design. I will write it up later on or tomorrow, and hopefully somebody will write back to me and let me know who invented it and where I can find out more.

posted evening of October 8th, 2007: Respond

Saturday, October 6th, 2007

🦋 New features

OK so it's a little corny... I spent last night and some of this morning writing code to administer and display at random different images and quotes at the top of the blog. This is fun, but I think I am doing it mainly for the sake of getting better at writing SQL queries and PHP scripts. The administrative pages are set up pretty nice and clean, I think.


...And guess what I have now!!! -- The ability to delete posts, something I have never been able to do before; and an automated backup script for the whole site, databases and scripts and all. Currently all my data zips up to ¾M.


Ok, so instead of putting up new posts every time I add a feature, I am just going to update this post for a while. (Hopefully I will get out of programmer head sometime and be able to think about anything besides updating the site...*) Just now I wrote a really cool addition to the database which handles categorization of posts with SQL joins instead of dumb text searching. This will eventually, I am thinking, allow me to include lots of interesting (?) information in the sidebar about what category of post is being displayed, which will involve some pretty sophisticated programming.


*This morning I was trying to read Other Colors and I couldn't stop thinking about database tables! How annoying.

posted afternoon of October 6th, 2007: Respond
➳ More posts about php

🦋 Codex Seraphinianus download

Bill just told me about the Grey Lodge Occult Review which looks like a fun site. The first thing I noticed is, their current issue has a downloadable edition of Luigi Serafini's Codex Seraphinianus. Cool!

Update: You can also read the book at scribd.

posted morning of October 6th, 2007: Respond
➳ More posts about Codex Seraphinianus

Previous posts
Archives

Drop me a line! or, sign my Guestbook.
    •
Check out Ellen's writing at Patch.com.

Where to go from here...

Friends and Family
Programming
Texts
Music
Woodworking
Comix
Blogs
South Orange