Bloggy

Someone asked a question on #kde-devel the other day, wondering what the best way to do a stream insertion operator was. Their first suggestion was to do something like the following:

class Foo {
ostream &operator
};


The major problem is that it wouldn’t compile that way. Even if it did,
you wouldn’t be able to string insertions together like you can with cout or
kdDebug().

There are two well-known ways of fixing this, both of which involve non-member functions:

• The first way is typically to make the operator
• The other way is described in a book I read, and it also involves an external function, although it doesn’t need to be a friend.

Basically a class defines a virtual public method called print which accepts an output stream (e.g. ostream, QDataStream, etc) and is responsible for inserting itself onto that stream. Then the external stream simply calls the print() method and immediately returns the stream. Example:

class Foo {
public:
virtual void print(ostream &o) const {
����/* output onto o */
}
};

ostream &operator
����x.print(o);
����return o;
}

So there you go, my monthly C++ tidbit. :-)

Posted by mpyne under Uncategorized | No Comments »

I took some pictures of the lunar eclipse from Jacksonville Florida. I didn’t have a tripod so it’s blurrier than it needs to be, but they seem to have turned out OK anyways. Here’s a sample:

Those who want to see the whole set can check out my Konqueror-auto-generated lunar eclipse thumbnail page. If it’s a little slow it’s because it’s being served over my cable modem, so please be patient. ;-)

Posted by mpyne under Uncategorized | No Comments »

Replying to Annma’s reply to Scott’s blog:

I think Scott was referring more to the design of an application than to the other choices we could make, such as what application we choose to type our letters or what side of the toast we butter any given morning.

There is a school of thought that says that if you can get feature foo into an application somehow, then do it, and give the user a choice as to whether he wants to or not. There is an alternating school of thought that says that it is better to design an application to explicitly not have so many choices, instead just doing the “Right Thing”.

Obviously those are two different extremes, and the ‘best’ program would probably fall somewhere in the middle of the curve between simplicity and extreme configurability, at least in my opinion. The way I see it, whenever an application can figure out the Right Thing, that’s what it should do. Only when it can’t figure out the Right Thing should it be configurable, and even then the default should be the Best Thing (which could be simply refusing to work in situations where the user MUST provide input).

It seems to me that this is the kind of choice that Scott was talking about (at least, that’s what it seems to me judging from the end of his post). Maybe someone added yet another lame feature request to JuK ‘because Linux is about choice’? ;-)

Posted by mpyne under Uncategorized | No Comments »

Penny Arcade is once again holding a charity drive to make Christmas a little brighter for some of the many children who will spending their holidays cooped up in a hospital. The event is called Child’s Play, and you can find out more about it here.

Last year was a rousing success for the Seattle Children’s Hospital, and I was one of thousands of donors. This year, I will be donating again. If you’d like to donate, there are five different hospitals that you can contribute to. You can donate toys (with some exceptions, please see the FAQ) from the Amazon wishlists that have been set up, or you can simply donate cash. There are no administrative fees collected from any of this. Tycho, Gabe, and the rest of Child’s Play are doing this all for free, volunteering their time, money, and effort.

You may have heard about this on Slashdot, and if so, I apologize for wasting your time with this post. But things like these are important, and it’s the little bit I can do (besides donating) to help Child’s Play become a success again.

Posted by mpyne under Uncategorized | No Comments »

I was wondering if anyone reading this happened to know why having a
multiline QLabel in a layout causes the layout to completely break? For
example, let’s say you’re creating a widget in Designer. Add a label, make
the text nice and long, and make sure the format is set to RichText so that
it actually takes up multiple lines. Then add something else, like a text
edit widget, and lay them out however. When you preview the form, you’ll be
able to resize it much, much smaller than should be possible. Change the text
in the label to something short, and you won’t have that problem.

It has me completely stumped, and even if Trolltech were to fix this with
the next version of Qt, there’s still a lot of people using older versions
that I don’t want to leave out. Spelling correction (06:18 EST)

If you happen to know, please mail me at michael.pyne@kdemail.net.
Otherwise I’ll probably e-mail kde-devel or qt-interest.

Posted by mpyne under Uncategorized | No Comments »

I haven’t blogged in awhile due to extreme business (such as midterm exams in school), but I thought it would be funny to demonstrate how important security coding is in some schools.

In my operating systems class, we are into the topic of multithreading and other concurrency issues. So the professor has given us an assignment, to make a sample web server multithreaded. The code was actually from a former professor, and included a few security checks, such as this one:

  // Check that filename does not start with a "..", "/", "\", or have a ":" in
  // the second position indicating a disk identifier (e.g., "c:").
  //  - This is a security check to prevent grabbing any file on the server
  if (((file_name[1] == '.') && (file_name[2] == '.')) ||
       (file_name[1] == '/') || (file_name[1] == '\\') ||
       (file_name[2] == ':'))
  {

Notice the bolded line, where a check is done to make sure that the filename doesn’t begin with “..”. Gee, I wonder what could possibly break that check?

Approximately 40 seconds later I had broken the security of that web server, with a filename of “./../../../../../../../config.sys”. To make matters worse, the server incorrectly rejects requests to files with names like “..hidden-easter-egg.txt”.

So a tip to all of you coders out there trying to check for this sort of thing:

• You have got to search for ‘/../’, if that exists anywhere in this string, someone may be trying to evade your security.
• Also, you have to make sure the filename doesn’t begin with ‘../’. This sequence could be OK later in the filename, which is why you can’t just check for that.
• If you allow alternate path separators (such as \), convert them all to the canonical path separator before performing this test to make the comparison easy.
• Also, if you perform any un-escaping of the filename (mandated by HTTP, but not included in the sample server), you must un-escape the filename first as well. But don’t un-escape it twice by accident!
• There may be other things I have forgotten. ALWAYS use your common sense, and when you are coding something meant to be secure, or even half-secure, think with the worst-case scenario in mind, and then TEST IT against your program. I am not a ‘security guy’, but this flaw was obvious even to me. I can hardly believe none of the previous students in this class hadn’t noticed it.

In happier news, I’m working on a replacement for JuK’s filerenamer dialog. It will kick some serious ass once it’s done, hopefully allowing a user to have a reasonably powerful renamer without all of those annoying string replacement tokens to deal with.

Posted by mpyne under Uncategorized | No Comments »

My wife and I went to the mall today with my sister. We saw one of my wife’s friends, who was wearing this kick-ass Legend of Zelda jacket. I asked him where he got it, and he said, “Hot Topic.”

Grooooooaaaaaan. :-(

However, I was not going to be denied my Nintendo merchandise, even if it meant braving the horrors of The Hot Topic Experience. I went into the store, found the cramped section with their Nintendo merchandise, and started looking around. And you know what, it was the coolest thing I’ve seen in awhile. I’ve always been a fan of www.gameskins.com, and having all of this Nintendo-themed stuff was just incredible.

Turns out that Hot Topic’s selection was just the beginning. There’s sites on the Internet that have even more merchandise. The largest selection I’ve seen so far has been at this 80stees.com page, although they don’t have the shirt that I bought.

Anyways, you can see what I got at my website (but please don’t flood it!)

Posted by mpyne under Uncategorized | No Comments »

Well here I am testing whether changing PyBlosxom to use the XML-RPC plugin is working or not. Now that it should be working, I can update my simple blog tool one of these days to allow me to blog without having to su to my stable KDE account.

clee had a great idea about using gnupg to perform authentication of blog posts instead of a simple user-name/password system that Blogger API supports. I’d be quite enthusiastic about that if he can get a pyBlosxom plugin for it to work. :-)

Posted by mpyne under Uncategorized | No Comments »

And boy does it look so much better.

One thing I learned by doing this is that my hands are far too shaky for taking pictures. I need to buy a tripod someday or something, because I can’t hold my hands still for my life when trying to take pictures, and fast shutter settings only work well when there is a lot of ambient light.

Posted by mpyne under Uncategorized | No Comments »

Regarding the recent discussion of Computer Science courses on Planet KDE, I just thought I’d mention how this kind of thing is handled at my University.

The Computer Science program there is split into two branches, (pure) Computer Science, and Information Science. The Computer Science branch contains what we’d consider the actual computer science, which includes courses on data structures, combinatorics, compilers, and other advanced things. The Information Science branch, on the other hand, has the courses suitable for those learning computers in order to become another corporate lemming, such as Visual Basic, Java, .net, Designing Insecure Applications 101, Use Case development methodologies and other such stuff.

Posted by mpyne under Uncategorized | No Comments »