Turn off RoRs automatic timezone conversion for columns

I couldn’t find this in the documents, but Geoff Buesing showed me the hooks to turn off Ruby On Rails’ automatic timezone conversions for some columns of a model or a complete model:

# Turn it off for just some columns
class Picture < ActiveRecord::Base
 def self.skip_time_zone_conversion_for_attributes
   [:created_at, :published_at]
 end
end
 
# Turin it off for the whole model
class Picture < ActiveRecord::Base
 def self.time_zone_aware_attributes
   false
 end
end

Thanks a lot!

| Comments (6) »

01-Nov-08


Fun with sql

What’s all the fuss about this SQL Injection thing?

It boils down getting some malicious crafted SQL code into the SQL code of an application, destroying data or authenticate yourself without knowing any real password. xkdc has a nice explanation.

The simple cases base on wrong escaped strings and the like. But as this SQL injection cheatsheet shows there are an infinity number of possibilities.

At day most of the time my database connection is an Oracle connection and so i found this Oracle whitepaper titled How to write injection-proof PL/SQL very interesting (via Bruce Schneier found at the gay bar).

I do not have a magic recipe for avoiding attack vectors all the time but as well as the whitepaper is written, it’s not a solution to expose all queries only via pl/sql to clients. In fact, it’s a nightmare to get this to work with JPA and other ORM mappers.

I try not to use dynamic sql in the sense of “concatenate some strings with one another and mysql_real_escape_string or DBMS_Assert. them” but use prepared statements with placeholders and explicit datatypes. Also if there’s a need for computing sql queries at runtime, do not ever let user supplied input come near them. I know that i’m relying to my api in this case but there is always a point on which i must rely on i guess.

As alway, the most important thing is: Be conscious about what you are doing and try to understand that, but at this point, i leave the discussion about software development and enter the depths of common sense…

| Comments (1) »

27-Oct-08


Recursively md5sum all files in a directory tree

After a server crash a wanted to compare all actual files with the backuped data. An easy way is to compare the md5 hashes like that:

First create recursively md5 hashes from all files in that directory:

find ./backup -type f -print0 | xargs -0 md5sum > /checksums_backup.md5

Then check the actual data:

md5sum -c checksums_backup.md5

I was lucky, no files where damaged.

| Comments (14) »

25-Oct-08


Why does this always happens to me…

…yeah, this thing happened only once, but its a great example:

I heavily use email on my mobile phone. Actually, i’m using ssl for sending emails. Suddenly out of nothing it stopped working. Receiving via imaps wasn’t a problem, but outgoing mail stuck with “unrecognized command”. Yeah, great. Checked configs in my phone, on my server, nothing changed.

Today i read this:

Der Mobilfunkanbieter O2 filterte in seinem UMTS- und GPRS-Netz zeitweise Befehle zur Aktivierung von verschlüsseltem E-Mail-Versand. O2-Pressesprecher Albert Fetsch erklärte, Ursache sei ein Software-Update und ein Hardwaretausch einer Firewall an einem Standort im Core-Netz Anfang September gewesen. Das Problem sei nur punktuell aufgetreten und nun behoben.

Source heise.de

It basically says that German provider O2 filtered some commands for encrypted email, namely STARTTLS.

I recently got the impression that i always stumble upon such things, invest a whole lot of time, get angry, stressed and what not. I hate feeling miserable for other dickheads mistakes.

Apart from that, interesting lapse to make in a softwareupdate.

| Comments (1) »

01-Oct-08


Windows commercials

I recently watched the new Microsoft “Life without walls” spots (have a look at them here) that are directly pointed at Apples “Mac vs. PC” campaign and i must say, i like them. In fact, they are much less arrogant than apples spot.

But if you wanna see some real ads, have a look at this spots with Steve Balmer:

Wether you like him or not, this guy is just crazy and it seems he doesn’t give a shit:

Either his incredible self introduction that will never be topped by anyone else

or his well known call for developers:

and his ads for Windows 1.0 and XP after the click:

Read the complete article »

| Comments (1) »

23-Sep-08